Capturing APDU trace on Windows => my solution

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Capturing APDU trace on Windows => my solution

Vincent Le Toux
Hi,

For those developping/debugging on Windows I may have something interesting for you.

To debug my programs, I needed to capture APDU.
I was getting tired of making winscard.dll stubs for x64 & x86 and for each Windows version. Typically new minidriver (like GIDS) are using SCardReadCache / WriteCache functions which are not available on older version.
I was also limited for lsass.exe debug.

Api Monitor (http://www.rohitab.com/apimonitor) can solve the lsass problem with this patch (http://www.rohitab.com/discuss/topic/41981-updated-api-definitions/?p=10102474).
But it shouldn't run on production system because at the disconnection, lsass crashes everytimes.
Another solution is kernel debugging (windbg).
But this is not easy to use and not very user friendly for APDU debugging.

Then, I had to debug something on the shared smart card reader on VMWare.

That's why I made a small developper program I called APDUTrace (http://download.mysmartlogon.com/APDUTrace/APDUTrace.exe).

In short, this is a stand alone .exe which a filter driver embedded. Because this is a upper filter driver, it collects the APDU at the system level before the APDU is sent to the smart card reader.

Launch the .exe (as admin) press "Live tracing" and enjoy.
Valid for all x64, x86 systems from Windows XP to Windows 10
Boot time logging is also available.

I've done some tests but like new programs there are hidden bugs.
To test in a VM before and feedbacks are welcome !

regards,
--
--
Vincent Le Toux

My Smart Logon
www.mysmartlogon.com

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Capturing APDU trace on Windows => my solution

Ludovic Rousseau
2016-02-27 23:09 GMT+01:00 Vincent Le Toux <[hidden email]>:
Hi,

Hello,
 

For those developping/debugging on Windows I may have something interesting for you.

To debug my programs, I needed to capture APDU.

have you tried SCardSpy [1]?
I do not use Windows myself so never used it but it helped other people [2] debug problems on Windows.

Bye
[2] https://github.com/LudovicRousseau/pyscard/issues/19

--
 Dr. Ludovic Rousseau

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Capturing APDU trace on Windows => my solution

Vincent Le Toux
Yes, I already discussed with Mounir about that.

The adaptation needed for a winscard.dll stub for all version of Windows is a continous job.
Like for the function SCardReadCache used by the PIV/GIDS minidriver, that's why I explored an other lead  ...

I do not know if there is a problem in winscard stub, but the Base smart card KSP on Windows 10 seems to prohibit the use of winscard stub.

regards,
Vincent

2016-02-28 10:26 GMT+01:00 Ludovic Rousseau <[hidden email]>:
2016-02-27 23:09 GMT+01:00 Vincent Le Toux <[hidden email]>:
Hi,

Hello,
 

For those developping/debugging on Windows I may have something interesting for you.

To debug my programs, I needed to capture APDU.

have you tried SCardSpy [1]?
I do not use Windows myself so never used it but it helped other people [2] debug problems on Windows.

Bye
[2] https://github.com/LudovicRousseau/pyscard/issues/19

--
 Dr. Ludovic Rousseau



--
--
Vincent Le Toux

My Smart Logon
www.mysmartlogon.com

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Capturing APDU trace on Windows => my solution

Vlastimil Pavicek
Hello,

>The adaptation needed for a winscard.dll stub for all version of Windows is
>a continous job.
>Like for the function SCardReadCache used by the PIV/GIDS minidriver,
>that's why I explored an other lead  ...
>
>I do not know if there is a problem in winscard stub, but the Base smart
>card KSP on Windows 10 seems to prohibit the use of winscard stub.

Another interesting approach is to inject a dll which hooks winscard API into a running process. I had some working PoC code (which I -unfortunately- can not share).

Some links:
https://en.wikipedia.org/wiki/DLL_injection
http://codefromthe70s.org/mhook24.aspx
http://research.microsoft.com/en-us/projects/detours/

Best regards
VLP

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel