Difference between revisions of "JavaCard"

Standards & Documents

• JavaCard
• GlobalPlatform
• Java Card Applet Developer Guide (pdf)
• Smart Card Handbook
• ISO 7816-4

JCOP

Generally speaking JCOP-specific detailed information can only be obtained at NXP.
This page does not contain any sensitive information, only tips & tricks for people having already obtained such info & tools in adequate way.
Current versions:

• JCOP v2.4.1 R3
  • JavaCard 2.2.2
  • GlobalPlatform 2.1.1
• JCOP v2.4.2 R2
  • JavaCard 3.0.1 Classic
  • GlobalPlatform 2.2

JCOP Tools

Tools can be obtained by contacting tools.jcop@nxp.com
Current version: NXP JCOP Plugins Generic v3.3.6 & Target v1.3.6
Current requirements are WinXP SP3, Win7 32bit or Win7 64bit, and Eclipse 3.6 or 3.7
So as you can see this is a Windows-only release, goal of this page is to get everything running under Linux 64bit too until the next official release supporting again Linux.
Thanks to Bastiaan for his help!

Eclipse

You first need Java. I'm using OpenJDK 1.6

apt-get install openjdk-6-jre

Needed components are eclipse-platform & eclipse-jdt

apt-get install eclipse

Follow tools instructions to install JCOP plugins

Eclipse activation:
We'll see later how to use a real reader via jpcsc but for activation it doesn't work so better to use one of the other activation methods for now.

Configuration:

• Windows / Preferences / Java / Compiler / Compliance Level: 1.5
• Windows / Preferences / Java / Debug / Unselect "Suspend Execution on uncaught exceptions"

Simulators

There are still a couple of linux simulators available in the tools but not much.
You can see them in Debug/Run Configurations... / JavaCard Application / JavaCard Simulation / Configure. At time of writing, only v2.3.1 and v2.4.1R3 are available.
But... the other simulators for Windows work fine through wine.
So you can create in all ~/.eclipse/org.eclipse.platform_3.7.0_*/plugins/com.ibm.bluez.jcop.eclipse.targetpacks.smartmx_1.3.6/simul/mask*/linux/ a script jcop to use the Windows version:

#!/bin/bash
wine $(dirname $0)/../win32/jcop.exe $*

So corresponding versions will appear in JavaCard Simulation configuration.

Simulators can also be run alone, for use with JCShell or jcop_simul_ihdhandler:

sh ~/.eclipse/org.eclipse.platform_3.7.0_.../plugins/com.ibm.bluez.jcop.eclipse.targetpacks.smartmx_1.3.6/simul/maskXX/linux/jcop \
   -fab=/absolute/path/to/.eclipse/org.eclipse.platform_3.7.0_.../plugins/com.ibm.bluez.jcop.eclipse.targetpacks.smartmx_1.3.6/data/maskXX/maskXX_J..._R...dat

A couple of scripts to ease usage of the various simulator versions:

[{{#file: template}} simulators/template] (you can download it by using this link):

#!/bin/bash

REF=$(basename $0)
MASK=${REF/[_f]*/}
FAB=$(ls $HOME/.eclipse/org.eclipse.platform_3.7.0_*/plugins/com.ibm.bluez.jcop.eclipse.targetpacks.smartmx_1.3.6/data/$MASK/$REF.dat)
SIM=~/.eclipse/org.eclipse.platform_3.7.0_*/plugins/com.ibm.bluez.jcop.eclipse.targetpacks.smartmx_1.3.6/simul/$MASK/linux/jcop
$SIM -fab=$FAB

chmod 755 template

[{{#file: populate}} simulators/populate] (you can download it by using this link):

$ cat populate 
#!/bin/bash

rm mask*
for i in $HOME/.eclipse/org.eclipse.platform_3.7.0_*/plugins/com.ibm.bluez.jcop.eclipse.targetpacks.smartmx_1.3.6/data/mask*/mask??_*; do
    REF=$(basename $i)
    REF=${REF%.dat}
    ln -sf template $REF
done

for i in $HOME/.eclipse/org.eclipse.platform_3.7.0_*/plugins/com.ibm.bluez.jcop.eclipse.targetpacks.smartmx_1.3.6/simul/*; do
    cd $i
    if [ -d linux ]; then
        continue
    fi
    mkdir linux
    cat > linux/jcop << EOF
#!/bin/bash

wine \$(dirname \$0)/../win32/jcop.exe \$*
EOF
    chmod 755 linux/jcop
done

chmod 755 populate
./populate

JCShell

Eclipse plugin contains also a standalone jcshell version but the Bash script provided with it (~/.eclipse/org.eclipse.platform_3.7.0_155965261/plugins/com.ibm.bluez.jcop.eclipse_3.3.6/jcshell.sh) can be improved, e.g. by replacing it at the same location by the following [{{#file: template}} jcshell.sh] (you can download it by using this link):

#!/bin/sh
# ==========================================================================
#     jcshell.sh
#     This file launches the NXP JCShell for command line usage
# ==========================================================================

# --------------------------------------------------------------------------
# Check for java
# --------------------------------------------------------------------------
if [ "$JAVA_HOME" != "" ]; then
    if [ -x "$JAVA_HOME/bin/java" ] ; then
        JAVA="$JAVA_HOME/bin/java"
    else
	echo "ERROR : JAVA_HOME not properly defined. Could not find java."
	exit 1
    fi
else
    JAVA="$(which java)"
    if [ "$JAVA" = "" ]; then
	echo "ERROR : Could not find java in PATH. Please define JAVA_HOME."
	exit 1
    fi
fi

# --------------------------------------------------------------------------
# Extract jcshell absolute path no matter from where it's called
# --------------------------------------------------------------------------
JCSHELL_PATH="$(dirname $(readlink -f $0))"

# --------------------------------------------------------------------------
# Include the JAR files from lib folder in CLASSPATH for JVM
# --------------------------------------------------------------------------
CLASSPATH_JCSHELL="$JCSHELL_PATH/lib/offcard.jar"
#CLASSPATH_JCSHELL="$CLASSPATH_JCSHELL:$JCSHELL_PATH/lib/JNISCCommWrapper.jar"
CLASSPATH_JCSHELL="$CLASSPATH_JCSHELL:$JCSHELL_PATH/lib/crypto.jar"
CLASSPATH_JCSHELL="$CLASSPATH_JCSHELL:$JCSHELL_PATH/lib/jpcsc.jar"

# --------------------------------------------------------------------------
# Launch the JVM with jcshell as main application and pass in the command
# line from the call to this script file.
# --------------------------------------------------------------------------
echo
echo Welcome to NXP JCShell!
echo "(c) 2012 NXP Semiconductors Germany GmbH"
echo ------------------------------------------------------------------------------
echo
if [ "$(which socat)" != "" ]; then
        socat READLINE,history=$HOME/.jcshell_history EXEC:"\"$JAVA\" -cp \"$CLASSPATH_JCSHELL\" com.ibm.jc.tools.JCShell $*"
else
        "$JAVA" -cp "$CLASSPATH_JCSHELL" com.ibm.jc.tools.JCShell $@
fi

In case you want to use only the simulators and you don't have JPCSC (see below), comment the line

# CLASSPATH_JCSHELL="$CLASSPATH_JCSHELL:$JCSHELL_PATH/lib/jpcsc.jar"

Now you can create a symlink at your convenience, e.g.

ln -s ~/.eclipse/org.eclipse.platform_3.7.0_155965261/plugins/com.ibm.bluez.jcop.eclipse_3.3.6/jcshell.sh /usr/local/bin/jcshell

Note that to use a jcshell.rc file, it needs to be present in the local directory (pwd).

And connecting to a standalone JCOP simulator:

- /term Remote
> /atr
> /identify

In the script above, we look for socat and it present, we use it to add current line edition capability in a bash like manner (READLINE) and use of a history file .jcshell_history.

It's also possible to get JCShell from the standalone version, using the setup executable:

7z -y x nxp-offcard-2.3.0.0_Setup_NXP-JCShell.exe

You'll get a /scripts directory in which we'll only consider a few jar files.
The same jcshell.sh script can be used in this setup.

JPCSC

Pegoda doesn't work under linux but we can use PCSC readers through JPCSC.
JPC/SC Java API (0.8.0) is available in binary form in the link Windows Binary Download Here (zip)
Yes I know... Windows... but jpcsc-0.8.0.zip contains also /jpcsc/bin/linux/libjpcsc.so, a 32 bit library.
On a 64 bit Debian, you can put libjpcsc.so under /usr/lib32

ldd /usr/lib32/libjpcsc.so
[...]
libpcsclite.so.1 => not found

Indeed libpcsclite1 is not in the ia32-libs
You can get it by retrieving the 32 bit version of libpcsclite1 which you already have on your system. For me it's libpcsclite1_1.8.3-3_i386.deb.
Get it, extract libpcsclite1_1.8.3-3_i386.deb and copy libpcsclite.so.1.0.0 and symlink libpcsclite.so.1 to /usr/lib32

Now PCSC readers can be used under JCShell if you add jpcsc.jar to the helper script:

#!/bin/bash
java -cp "lib/offcard.jar:lib/crypto.jar:lib/jpcsc.jar" com.ibm.jc.tools.JCShell $*

- term PCSC
> /atr

It will find the card, no matter in which PCSC reader it is.
And with e.g. a SCL3711 it will access contactless JCOP cards without any problem.

For Eclipse, simply choose the right PCSC reader under Debug/Run Configurations

ifdhandler

Ifdhandler in release of jpcsc binaries is 32-bit so we've to recompile it from sources jpcsc-0.8.0-src.zip

cd jpcsc/misc/jcop_simul_ifdhandler
gcc -g -fpic -w  -c ifdhandler.c -I. 
gcc -g -fpic -w -shared ifdhandler.o -o libjcop_remote.so

Then install libjcop_remote.so in /usr/lib/pcsc/drivers/serial/ and create a conf file /etc/reader.conf.d/jcopsimul:

FRIENDLYNAME     "JCOPSimulReader"
LIBPATH          /usr/lib/pcsc/drivers/serial/libjcop_remote.so
CHANNELID        0x0103F8

Note the difference with original instructions from README: since pcsc-lite 1.6.5 you shouldn't use DEVICENAME if the driver does not provide IFDHCreateChannelByName()
Finally restart pcscd
Every time a simulator will be run, a "card" will be inserted in pcscd
The virtual card can be used with any PCSC-compatible application, including Eclipse.

Beware that once pcscd is running and using ifdhandler JCOPSimulReader, simulator cannot be accessed anymore via

/term Remote

but exclusively via

/term PCSC

RFIDIOt

RFIDIOt contains a few tools linked to JCOP

GPShell

http://sourceforge.net/projects/globalplatform/
Could never get it working properly

GlobalPlatformPro

GlobalPlatform tool intends to replace outdated gpshell.
To compile it you need openjdk-7-jdk which at the moment seems hard to get on my Debian (old dependencies problem), so I'll stick to openjdk-8 and fetch a pre-built version here.
Usage:

java -jar gp.jar --help

Comparison

• JCAlgTest

Shopping

• https://github.com/martinpaljak/GlobalPlatformPro/tree/master/docs/JavaCardBuyersGuide