I figured out how to use WireShark to capture the USB.
I have enclosed the Working Windows capture and the not-working Linux capture, in the hope that WireShark's cool data parsing would prove helpful.
On Mon, Feb 7, 2011 at 4:37 PM, Lyall Pearce <lyall.pearce@xxxxxxxxx> wrote:
Ok, whilst I delve into understanding the protocols and stuff, I have attached a couple of more files, which may, or may not, be helpful to others who are more familiar with the protocol.
I plan on trying to understand what is going on, but it may take me while...
These are outputs from my Intel 64 bit Gentoo, as described in earlier posts.
The files are as follows :-
Inspect_pcscd_output.txt.gz : this file contains the debug output of pcscd, run as follows
strace -tt -x -s128 "${pcscd_root}"/pcscd -fad
Unfortunately, strace does not seem to follow threads - I tried using ltrace but that seems to be even worse.
Inspect_pkcs11_output.txt.gz : this file contains the debug output of pkcs11_inspect, run as follows :-
pkcs11_inspect debug
USB_Capture.txt.gz : this is a capture of the RAW USB traffic to and from the ActivIdentity USB SIM. This was achieved by enabling usbmon and debugfs in the linux kernel and following the documentation as described in /usr/src/linux/Documentation/usb/usbmon.txt
I have included in the USB_Capture.txt.gz a description of the columns of the capture.
I plugged the USB key into a bus that has no other devices to keep things nice and simple.
USB_Capture_Against_WinXP.txt.gz : This is a capture of the exact same ActivIdentity key, in the same USB hub, being connected to a VirtualBox VM containing Windows XP Pro. The capture shows a connect/disconnect/reconnect and finally, a successful authentication. This may provide some capability to compare a working stream against a non-working stream.
I hope this proves useful.
...Lyall--On Fri, Feb 4, 2011 at 1:41 AM, Jennings, Jared L CTR USAF AFMC 46 SK/CCI <jared.jennings.ctr@xxxxxxxxxxxx> wrote:
> What do I need to do to assist/diagnose this problem?If you can contrive to connect to an XP box directly from a Linux box
>
> I know C but don't know the protocols.
using rdesktop -r scard, you can watch what ActivIdentity is saying to
the card by running pcscd with the -adf switches. Comparing the traffic
with traffic captured while CoolKey is trying to talk to the card can be
instructive.
You can replay sessions you've captured, and say your own things to the
card, using scriptor, a perl script by Ludovic Rousseau.
I don't have wide experience with smartcard protocols, but ISO 7816-4
has been useful to me in deciphering most of my smartcard traffic:
<http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-4.aspx>
For U.S. federal government issued smartcards, the Government Smartcard
Interoperability Standard (GSC-IS, NIST Interagency Report 6887,
<http://csrc.nist.gov/publications/nistir/nistir-6887.pdf>) is helpful.
My experience is that XP and ActivIdentity just talk to the smartcard
> and the USB SIM sits there being accessed constantly, as though it's
> retrying frequently, whereas, when used locally (on the remote VM),
> it's a couple of accesses and it's done.
all the time. Blah, blah, blah. Who knows if the traffic actually
relates to what you're personally trying to do.
In my forays with scriptor, my smartcard didn't care how fast I issued
> Bottom line, I am not entirely convinced that the Software provided by
> ActivIdentity works reliably given the USB data is transported across
a
> network, introducing timing delays.
commands. It was kind of like a telnet session, but typing individual
bytes in hex instead of letters. I'd be surprised to see something
timing-critical.
_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel
...Lyall
--
...Lyall
Attachment:
WireShark_USB_Capture_Linux.pcap.gz
Description: GNU Zip compressed data
Attachment:
WireShark_USB_Capture_Windows.pcap.gz
Description: GNU Zip compressed data
_______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel
