[Pcsclite-muscle] RFC - one old and one new bluetooth device driver.

Martin Paljak martin
Tue Aug 15 23:50:37 PDT 2017 

Cool! Last time I asked OmniKey/HID for a specification of the transport
layer, I received silence... The fact that it has simple plaintext
communication is probably the reason why it is discontinued.

My only comment would be to make it clear in the patch that these features
are  "HID/omnikey" which has nothing to do with HID as
https://en.wikipedia.org/wiki/Human_interface_device (because devices like
FIDO and Yubikey DO use HID and/or CCID for communication and this could
create confusion)

I hope I did not trash the 2061 as a useless reader and can find it to test.

Best,
Martin

On Mon, 14 Aug 2017 at 16:20 James <pcsclite at madingley.org> wrote:

> Attached are patches to support the HID Omnikey 2061, and
> the ACR3901U-S1 bluetooth card readers.
>
> ---
>
> The HID Omnikey 2061, is end of life but is readily
> available on eBay. I reverse engineered the protocol
> from observing the windows drivers. It uses CCID over
> serial over Bluetooth RFCOMM. As such the pin is not
> particularly well protected.
>
> To use the HID driver, first pair the reader with the
> computer using your favourite bluetooth stack then create
> a file in /etc/reader.conf.d/ containing (edit the path
> and set the DEVICENAME to be the MAC address of the reader)
>
> DEVICENAME        00:80:25:33:44:55
> FRIENDLYNAME      "My HID 2061"
> LIBPATH           /usr/lib64/pcsc/drivers/serial/libccidhid.so
>
> ---
>
> The ACR3901U-S1 is in current production and communicates
> using a stripped down version of CCID over Bluetooth
> Low-Energy GATT, or CCID over USB. The over-the-air
> interface is protected by mutual authentication, and
> encrypted using 128 bit AES CBC using a random session
> key. The driver implements support for both interfaces.
>
> The device requires a 16 byte secret key to be known by
> the connecting computer, at the moment pcscd doesn't
> provide a simple way to insert this - (in this patch it's
> hard coded to the default value). What would be the
> preffered method of getting this into the driver?
>
> To use the ACR driver find the MAC address of the device
> (use hcitool lescan) on linux
>
> and create a file in /etc/reader.conf.d/ containing (edit
> the path and set the DEVICENAME to be the MAC address of
> the reader)
>
> DEVICENAME        11:22:33:44:55:66
> FRIENDLYNAME      "My ACR3901U-S1"
> LIBPATH           /usr/lib64/pcsc/drivers/serial/libccidacr.so
>
> For USB operation the drive is plug and play.
>
> The ACR driver still outputs some debug output to stderr
> which should be fixed.
>
> The HID driver patch contains support for multiple serial
> devices, which is used by the ACR driver patch.
>
>
> James.
> _______________________________________________
> Pcsclite-muscle mailing list
> Pcsclite-muscle at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle

-- 

typos expected due to mobile device
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pcsclite-muscle/attachments/20170816/263fc650/attachment.html>

More information about the pcsclite-muscle mailing list