USB SMART CARD READER DRIVERS
(man SmartCardServices)
OS X has a builtin list of supported USB CCID class-compliant smart card readers. For other readers, install the reader driver in /usr/libexec/SmartCardServices/drivers. Each driver is a bundle.
...
| Note |
|---|
with macOS Mojave (10.14.6) it is still possible to install your own version of libccid or other PC/SC IFD Handler bundles to /usr/local/libexec/SmartCardServices/drivers. |
Using non USB based Readers
/etc/reader.conf is read similar to standard pcscd way of doing things but instead of pointing to a library directly, it points to a bundle directry containg the same files as for usb readers, the difference is that Info.plist does not contain any product or vendor ids or friendly names.
Some projects declare a fake usb device in their Info.plist and expect the users to attach that device (maybe a usb memory stick) if they want to use the card reader, although the device has nothing to do with the card reader.
Related processes
Mojave
/System/Library/Frameworks/PCSC.framework/Versions/A/XPCServices/com.apple.ctkpcscd.xpc/Contents/MacOS/com.apple.ctkpcscd
Related processes
Mojave
/System/Library/Frameworks/PCSC.framework/Versions/A/XPCServices/com.apple.ctkpcscd.xpc/Contents/MacOS/com.apple.ctkpcscd
/System/Library//System/Library/CryptoTokenKit/com.apple.ifdreader.slotd/Contents/MacOS/com.apple.ifdreader
Drivers are loaded as dynamic library from the latter one
Catalina
Logging
Using unified Logging on macOS platform
https://developer.apple.com/documentation/os/logging?language=objc#1682416
and
and https://www.avanderlee.com/debugging/oslog-unified-logging/
It is possible to turn on logging for smart cards. Logging is turned on by setting global preference:
...
| Note |
|---|
Note that logging setting is one-shot; it must be turned on by the command above to start logging again with a new reader. This is to avoid security risk that logging is turned on indefinitely. So, set this value to yes, plug in your AirID via USB and you should see APDU tracing. After the AirID is unplugged from USB, APDU tracing is disabled again. |
Logging behavior is normally governed by the system. However, while debugging in macOS, you can enable different logging levels for a subsystem using the log command-line tool’s config argument while logged in as root.
...
Enabling debug-level logging for a subsystem
| UI Expand |
|---|
|
code | | title | Enabling debug-level logging for a subsystem |
|---|
| collapse | true |
|---|
|
$ sudo log config --mode "level:debug" --subsystem com.your_company.your_subsystem_name |
Logging PC/SC or IFD Hander activity
This is the script I use normally to debug PC/SC under macOS Mojave
| Code Block |
|---|
#! /bin/bash
#
# enable APDU tracing use this
sudo defaults write /Library/Preferences/com.apple.security.smartcard Logging -bool yes
echo "now plug in your USB based AirID"
sleep 5;
# enable displaying of private fields
sudo log config --mode "private_data:on"
# log as stream
sudo log stream --predicate 'process == "com.apple.ifdreader"' --debug --info |
On my machine this leads to the following logging
use this
sudo defaults write /Library/Preferences/com.apple.security.smartcard Logging -bool yes
echo "now plug in your AirID AirID device"
sleep 5;
# enable displaying of private fields NOTE enabling private data no longer works on macOS Catalina 10.15+
sudo log config --mode "private_data:on"
# log as stream
sudo log stream --debug --info --source --style syslog --predicate '((subsystem == "com.apple.CryptoTokenKit") || (process == "com.apple.ifdreader"))' |
| UI Text Box |
|---|
On my machine this leads to the following logging |
| UI Expand |
|---|
| title | logging PC/SC on macOS |
|---|
|
| Code Block |
|---|
al@heron ~/bin debug_pcsc.sh
Filtering the log data using "process == "com.apple.ifdreader""
Timestamp Thread Type Activity PID TTL |
|
| UI Expand |
|---|
| title | logging PC/SC on macOS |
|---|
|
| Code Block |
|---|
al@heron ~/bin debug_pcsc.sh
Filtering the log data using "process == "com.apple.ifdreader""
Timestamp Thread Type Activity PID TTL
2019-08-07 15:14:05.668951+0200 0x3a402a Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] deviceRemovalHandler invoked (entryId=4295018162)
2019-08-07 15:14:05.669017+0200 0x3a402a Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] installed device removal notification
2019-08-07 15:14:05.669325+0200 0x3a402a Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] new device arrival: 2dff:b602 14122430 (entryId=4295018162)
2019-08-07 15:14:05.669466+0200 0x3a402a Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] bundle loaded: /usr/local/libexec/SmartCardServices/drivers/ifd-ccid.bundle
2019-08-07 15:14:05.669518+0200 0x3a402a Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] found bundle for device, resolved entryId=4295018162 to deviceName='certgate GmbH AirID2 Mini'
2019-08-07 15:14:05.669621+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] -> IFDHCreateChannelByName(00000000, 'certgate GmbH AirID2 Mini')
2019-08-07 15:14:05.669780+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 42925798 ifdhandler.c:110:CreateChannelByNameOrChannel() Lun: 0, device: certgate GmbH AirID2 Mini
2019-08-07 15:14:05.669927+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00000158 ccid_usb.c:302:OpenUSBByName() Using: /usr/local/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/Info.plist
2019-08-07 15:14:05.678628+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00008626 ccid_usb.c:320:OpenUSBByName() ifdManufacturerString: Ludovic Rousseau ([email protected])
2019-08-07 15:14:05.678760+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00000234 ccid_usb.c:321:OpenUSBByName() ifdProductString: Generic CCID driver
2019-08-07 15:14:05.678916+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00000125 ccid_usb.c:322:OpenUSBByName() Copyright: This driver is protected by terms of the GNU Lesser General Public License version 2.1, or (at your option) any later version.
2019-08-07 15:14:07.127959+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 01449055 ccid_usb.c:784:OpenUSBByName() Wait after libusb: 9
2019-08-07 15:14:07.231178+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00103223 ccid_usb.c:660:OpenUSBByName() Found Vendor/Product: 2DFF/B602 (certgate GmbH AirID2 Mini)
2019-08-07 15:14:07.231268+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00000131 ccid_usb.c:662:OpenUSBByName() Using USB bus/device: 20/6
2019-08-07 15:14:07.231338+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00000073 ccid_usb.c:722:OpenUSBByName() bNumDataRatesSupported is 0
2019-08-07 15:14:07.281130+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] <- IFDHCreateChannelByName() = 0
2019-08-07 15:14:07.281179+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] -> IFDHGetCapabilities(00000000, TAG_IFD_THREAD_SAFE)
2019-08-07 15:14:07.281286+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00049910 ifdhandler.c:381:IFDHGetCapabilities() tag: 0xFAD, certgate GmbH AirID2 Mini (lun: 0)
2019-08-07 15:14:07.281309+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] <- IFDHGetCapabilities() = 0 (0)
2019-08-07 15:14:07.281333+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] -> IFDHGetCapabilities(00000000, SCARD_ATTR_MAXINPUT)
2019-08-07 15:14:07.281412+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00000152 ifdhandler.c:381:IFDHGetCapabilities() tag: 0x7A007, certgate GmbH AirID2 Mini (lun: 0)
2019-08-07 15:14:07.281434+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] <- IFDHGetCapabilities() = 0 (8182)
2019-08-07 15:14:07.281475+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] -> IFDHControl_v3(00000000, code=1107299656, in=(null))
2019-08-07 15:14:07.281568+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00000145 ifdhandler.c:1411:IFDHControl() ControlCode: 0x42000D48, certgate GmbH AirID2 Mini (lun: 0)
2019-08-07 15:14:07.281703+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) Control TxBuffer:
2019-08-07 15:14:07.281830+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) Control RxBuffer: 12 04 42 33 00 12
2019-08-07 15:14:07.281888+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] <- IFDHControl(out=<12044233 0012>) = 0
2019-08-07 15:14:07.281916+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] -> IFDHGetCapabilities(00000000, TAG_IFD_SLOTS_NUMBER)
2019-08-07 15:14:07.282054+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00000442 ifdhandler.c:381:IFDHGetCapabilities() tag: 0xFAE, certgate GmbH AirID2 Mini (lun: 0)
2019-08-07 15:14:07.282158+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00000146 ifdhandler.c:476:IFDHGetCapabilities() Reader supports 1 slot(s)
2019-08-07 15:14:07.282186+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] <- IFDHGetCapabilities() = 0, (1)
2019-08-07 15:14:07.282227+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:token] setupWithName:'certgate GmbH AirID2 Mini'
2019-08-07 15:14:07.283570+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:token] certgate GmbH AirID2 Mini: new client connection established
2019-08-07 15:14:07.283610+0200 0x5a7405 Debug 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:token] initWithName:'certgate GmbH AirID2 Mini' successfully registered
2019-08-07 15:14:07.283693+0200 0x5a7405 Activity 0x84ae26 13149 0 com.apple.ifdreader: (CoreFoundation) Loading Preferences From System CFPrefsD
2019-08-07 15:14:07.283701+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:token] certgate GmbH AirID2 Mini: slot was set up
2019-08-07 15:14:0705.284032668951+0200 0x5a74050x3a402a Debug 0x84ae26 13149 0 com.apple.ifdreader: (CoreFoundation) [com.apple.defaults:User Defaults] CFPrefsPlistSource<0x7fe52f50f310> (Domain: com.apple.security.smartcard, User: kCFPreferencesAnyUser, ByHost: Yes, Container: (null), Contents Need Refresh: No) loaded: a new base plist and no additional changes from the base plist 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] deviceRemovalHandler invoked (entryId=4295018162)
2019-08-07 15:14:0705.284129669017+0200 0x5a74050x3a402a Debug 0x0 13149 0 com.apple.ifdreader: (CoreFoundation) [com.apple.defaults:User Defaults] looked up value 1 for key Logging in CFPrefsPlistSource<0x7fe52f50f310> (Domain: com.apple.security.smartcard, User: kCFPreferencesAnyUser, ByHost: Yes, Container: (null), Contents Need Refresh: No).ifdreader: [com.apple.CryptoTokenKit:smartcard] installed device removal notification
2019-08-07 15:14:0705.285145669325+0200 0x5a74050x3a402a Debug 0x0 13149 0 com.apple.ifdreader: (CoreFoundation) [com.apple.defaults:User Defaults] setting new value 0 for key Logging in CFPrefsPlistSource<0x7fe52f50f310> (Domainifdreader: [com.apple.security.CryptoTokenKit:smartcard,] User:new kCFPreferencesAnyUser,device ByHostarrival: Yes, Container: (null), Contents Need Refresh: No2dff:b602 14122430 (entryId=4295018162)
2019-08-07 15:14:0705.285203669466+0200 0x5a74050x3a402a Debug Default 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:APDULogsmartcard] loggingbundle slot certgate GmbH AirID2 Miniloaded: /usr/local/libexec/SmartCardServices/drivers/ifd-ccid.bundle
2019-08-07 15:14:0705.285239669518+0200 0x5a74050x3a402a Debug 0x0 13149 0 com.apple.ifdreader: (CoreFoundation) [com.apple.defaultsCryptoTokenKit:User Defaultssmartcard] found no valuebundle for key PollingTimeout in CFPrefsPlistSource<0x7fe52f50f310> (Domain: com.apple.security.smartcard, User: kCFPreferencesAnyUser, ByHost: Yes, Container: (null), Contents Need Refresh: No)device, resolved entryId=4295018162 to deviceName='AirID GmbH AirID2 Mini'
2019-08-07 15:14:0705.286534669621+0200 0x5a7115 InfoDebug 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:tokensmartcard] certgate -> IFDHCreateChannelByName(00000000, 'AirID GmbH AirID2 Mini: card inserted')
2019-08-07 15:14:0705.286586669780+0200 0x5a7115 DefaultInfo 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:APDULog] card inlibccid.dylib) 42925798 ifdhandler.c:110:CreateChannelByNameOrChannel() Lun: 0, device: AirID GmbH AirID2 Mini
2019-08-07 15:14:0705.286616669927+0200 0x5a7115 DebugInfo 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKitlibccid.dylib) [com.apple.CryptoTokenKit:token] certgate GmbH AirID2 Mini: card reset 00000158 ccid_usb.c:302:OpenUSBByName() Using: /usr/local/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/Info.plist
2019-08-07 15:14:0705.286753678628+0200 0x5a7115 DebugInfo 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00008626 ccid_usb.c:320:OpenUSBByName() ifdManufacturerString: (CryptoTokenKit) [com.apple.CryptoTokenKit:token] certgate GmbH AirID2 Mini: broadcasting state change { Ludovic Rousseau ([email protected])
2019-08-07 15:14:05.678760+0200 0x5a7115 Info 0x0 power = 0; prevstate =13149 1; 0 share = 0; state = 2;} com.apple.ifdreader: (libccid.dylib) 00000234 ccid_usb.c:321:OpenUSBByName() ifdProductString: Generic CCID driver
2019-08-07 15:14:0705.286888678916+0200 0x5a7115 DebugInfo 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] -> IFDHPowerICC(00000000, action=502)(libccid.dylib) 00000125 ccid_usb.c:322:OpenUSBByName() Copyright: This driver is protected by terms of the GNU Lesser General Public License version 2.1, or (at your option) any later version.
2019-08-07 15:14:07.287045127959+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 0000482801449055 ifdhandlerccid_usb.c:1154784:IFDHPowerICCOpenUSBByName() action:Wait Reset, certgate GmbH AirID2 Mini (lun: 0)after libusb: 9
2019-08-07 15:14:07.287210231178+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 0000017100103223 commandsccid_usb.c:204660:CmdPowerOnOpenUSBByName() 5V requested but not support by readerFound Vendor/Product: 2DFF/B602 (AirID GmbH AirID2 Mini)
2019-08-07 15:14:07.563262231268+0200 0x5a7115 Info Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] <- IFDHPowerICC(atr=<3bf81300 008131fe 454a434f 50763234 31b7>) = 0(libccid.dylib) 0000013
2019-08-07 15:14:07.563391+0200 0x5a7405 Debug 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:token] certgateAirID GmbH AirID2 Mini: card reset done -> <TKSmartCardATR: 0x7fe531200840 3b 130000 T=1:--- T=1:fe45-;4a434f5076323431>
2019-08-07 15:14:07.563463+0200 0x5a7405 Default 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:APDULog] ATR: 3b f8 13 .....
2019-08-07 15:14:07.563581+0200 0x5a7405 Debug 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:token] certgateAirID GmbH AirID2 Mini: broadcasting state change { atr = <3bf81300 008131fe 454a434f 50763234 31b7>; power = 1; prevstate = 2; share = 0; state = 4;} |
|
Bluetooth-related information
Getting information from com.apple.bluetoothd
| UI Expand |
|---|
| title | Getting information from com.apple.bluetoothd |
|---|
|
| Code Block |
|---|
bash-3.2# defaults read com.apple.bluetoothd
SMPCloudLocalNonce = <9475e7a0 f4e93a9a b51df8d7 0b800896>.... .... ....>;
LinkKeys = {
"b8..-e8..-56..-0d..-fb..-81.." = {
"7c..-c3..-a1..-8f..-be..-4f.." = <a21c29c4 .... .... ....>;
"d8..-30..-62..-39..-11..-ca.." = <4a8b9385 .... .... ....>;
};
};
SMPCloudLocalNonce = <9475e7a0 .... .... ....>;
SMPCloudLocalPrivateKey = <a2f2a3a8 7b0668e5.... ..... ..... ..... ..... >;
SMPCloudLocalPublicKey = <a2f2a3a8 7b0668e5.... ..... ..... ..... ..... >;
SMPDistributionKeys = {
"b8..-e8-56..-0d-fb..-81.." = {
"d0..-cf..-5e..-06..-f9..-c4.." = {
Address = <d0cf5e06 f9c4><.... ....>;
AddressType = 0;
IRK = <be6658dd ..... ..... .....>;
LTK = <3b2fd57f ..... ..... .....>;
LTKLength = <10>;
MITMProtection = 1;
OriginalAddressType = 0;
SecureConnection = <01>;
};
};
};
}
|
|
| UI Expand |
|---|
| title | Getting information from blued |
|---|
|
| Code Block |
|---|
bash-3.2# defaults read blued
{
LinkKeys = {
"b8..-e8..-56..-0d..-fb..-81.." = {
"7c..-c3..-a1..-8f..-be..-4f.." = <a21c29c4 ..... ..... .....>;
"d8..-30..-62..-39..-11..-ca.." = <4a8b9385 ..... ..... .....>;
};
};
} |
|
| Code Block |
|---|
$ sudo system_profiler -detailLevel full SPBluetoothDataType |
Related Articles
| Content by Label |
|---|
| showLabels | false |
|---|
| max | 516 |
|---|
| spaces | PM |
|---|
| showSpace | false |
|---|
| sort | modified |
|---|
| reverse | true |
|---|
| type | page |
|---|
| excerptType | simple |
|---|
| cql | label in ("kb-how-to-article","macos","ctk","cryptotokenkit") and type = "page" and space = "DEMTHSP" |
|---|
| labels | kb-troubleshooting-article |
|---|
|
Please rate & help us to improve our FAQ.
...
