Outdated and broken PC/SC drivers with pcsc-lite 2.4.0

Since pcsc-lite 2.4.0 and the fact that pcscd can now run as a normal user (see pcscd runs as pcscd user), the driver must configure the reader's device access rights. Otherwise, the pcscd process will not be able to use the device.

Unmaintained drivers

Some older, unmaintained drivers will no longer work with pcscd. I have requested their removal from Debian unstable.

They are:

I am the Debian maintainer of these packages, so it is my responsibility to open tickets to remove the packages.

I also filed a release critical bug #1119081 on libgcr410 so that this driver will not be included in the next version of Debian (unless the issue is fixed).

Old hardware

These drivers are intended for very old serial smart card readers (who still has a serial port on their computer?) or USB readers from the last century.

The advantage of Free Software is that if someone still has such a device, they can obtain the source code of the driver (still available online), adapt it and use it.

Old software

There has been no new version of the asedriveiiie software since September 2010. The source code is no longer available from the publisher (a commecial company).

The ifd-gempc software is maintained upstream by me. The latest major version dates from April 2012 and was mostly compiler warnings fixes. The source code is still available at https://ifd-gempc.apdu.fr/.

The libgcr410 software was also written by me. I wrote it before ifd-gempc and I am surprised to see it packaged in Debian, as it should be replaced by ifd-gempc. The Debian package has been abandonned by its Debian maintainer since March 2008. More recent Debian versions have been produced by the Debian Quality Assurance (QA) team.

Popularity

I have already published an article on the popularity of Debian packages for smart cards in 2020 in Smart card Usage in Debian: pcscd and drivers.

With updated graphics, we now have:

  • asedriveiiie

Popularity contest statistics for asedriveiiie

  • ifd-gempc

Popularity contest statistics for ifd-gempc

  • libgcr410

Popularity contest statistics for libgcr410

Very few people still have these packages installed. And even fewer use them.

Changes required

I also filed the bug #39 "Set group to pcscd in the udev rules file" on the upstream acsccid driver.

This driver is a fork of my CCID driver and is still actively maintained. The problem should therefore be resolved in a new version.

Conclusion

I don't have enough free time to maintain software that is no longer in use.

I haven't used these drivers for at least 10 years. And I don't plan on using them in the future, because I discovered that I no longer have the smart card readers.

New version of PySCard: 2.3.1

I just released a new version of pyscard. PySCard is a Python module adding smart cards support (PC/SC) to Python.

The PySCard project is available at:

Changes:

2.3.1 (October 2025)

  • Add support of SWIG 4.4.0

  • Add support of Mac OS X Snow Leopard

  • Minor changes

pcscd runs as pcscd user

With pcsc-lite 2.4.0 (New version of pcsc-lite: 2.4.0) the pcscd daemon process now runs (if systemd is used) as user pcscd in group pcscd.

Possible problem

For example if I use libccid version 1.6.2 (so before the update to set the access rights, implemented in version 1.7.0, New version of libccid: 1.7.0) I get the error:

$ journalctl -u pcscd -f
oct. 21 21:41:26 MacBookPro pcscd[25848]: 00000000 ccid_usb.c:564:OpenUSBByName() Can't libusb_open(4/6): LIBUSB_ERROR_ACCESS

If I start pcscd in foreground and debug mode I get more details:

$ sudo -u pcscd -g pcscd LIBCCID_ifdLogLevel=0x000F pcscd --foreground --debug
00000000 [140406854371648] ../src/debuglog.c:395:DebugLogSetLevel() debug level=debug
00000369 [140406854371648] ../src/configfile.l:293:DBGetReaderListDir() Parsing conf directory: /etc/reader.conf.d
00000055 [140406854371648] ../src/configfile.l:326:DBGetReaderListDir() Skipping non regular file: ..
00000010 [140406854371648] ../src/configfile.l:365:DBGetReaderList() Parsing conf file: /etc/reader.conf.d/libccidtwin
00000096 [140406854371648] ../src/configfile.l:326:DBGetReaderListDir() Skipping non regular file: .
00000037 [140406854371648] ../src/pcscdaemon.c:669:main() pcsc-lite 2.4.0 daemon ready.
00000111 [140406854371648] ../src/pcscdaemon.c:752:main() Using drivers directory: /usr/lib/pcsc/drivers
00008375 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0001, path: /dev/bus/usb/003/001
00000275 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0001, path: /dev/bus/usb/003/001
00000240 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x05AC, PID: 0x8242, path: /dev/bus/usb/003/002
00000311 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0001, path: /dev/bus/usb/003/001
00000325 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x05AC, PID: 0x0237, path: /dev/bus/usb/003/003
00000237 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x05AC, PID: 0x0237, path: /dev/bus/usb/003/003
00000237 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x05AC, PID: 0x0237, path: /dev/bus/usb/003/003
00000408 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/002/001
00000239 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/002/001
00000271 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x05AC, PID: 0x8507, path: /dev/bus/usb/002/002
00000417 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0001, path: /dev/bus/usb/004/001
00000246 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0001, path: /dev/bus/usb/004/001
00000254 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x0A5C, PID: 0x4500, path: /dev/bus/usb/004/002
00000266 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x05AC, PID: 0x8213, path: /dev/bus/usb/004/003
00000254 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x05AC, PID: 0x8213, path: /dev/bus/usb/004/003
00000266 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x05AC, PID: 0x8213, path: /dev/bus/usb/004/003
00000258 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x05AC, PID: 0x8213, path: /dev/bus/usb/004/003
00000298 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x0A5C, PID: 0x4500, path: /dev/bus/usb/004/002
00000242 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0001, path: /dev/bus/usb/004/001
00000260 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x08E6, PID: 0x3438, path: /dev/bus/usb/004/006
00000186 [140406854371648] ../src/hotplug_libudev.c:430:HPAddDevice() Adding USB device: Gemalto USB Shell Token V2
00000089 [140406854371648] ../src/readerfactory.c:1103:RFInitializeReader() Attempting startup of Gemalto USB Shell Token V2 00 00 using /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so
00000597 [140406854371648] ../src/readerfactory.c:977:RFBindFunctions() Loading IFD Handler 3.0
00000083 [140406854371648] ../src/ifdhandler.c:2130:init_driver() Driver version: 1.6.2
00001019 [140406854371648] ../src/ifdhandler.c:2152:init_driver() LogLevel: 0x0003
00000012 [140406854371648] ../src/ifdhandler.c:2163:init_driver() DriverOptions: 0x0000
00000370 [140406854371648] ../src/ifdhandler.c:2176:init_driver() LogLevel from LIBCCID_ifdLogLevel: 0x000F
00000040 [140406854371648] ../src/ifdhandler.c:93:CreateChannelByNameOrChannel() Lun: 0, device: usb:08e6/3438:libudev:0:/dev/bus/usb/004/006
00000011 [140406854371648] ../src/ccid_usb.c:261:OpenUSBByName() Reader index: 0, Device: usb:08e6/3438:libudev:0:/dev/bus/usb/004/006
00000069 [140406854371648] ../src/ccid_usb.c:293:OpenUSBByName() interface_number: 0
00000008 [140406854371648] ../src/ccid_usb.c:294:OpenUSBByName() usb bus/device: 4/6
00000006 [140406854371648] ../src/ccid_usb.c:331:OpenUSBByName() Using: /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist
00001026 [140406854371648] ../src/ccid_usb.c:349:OpenUSBByName() ifdManufacturerString: Ludovic Rousseau (ludovic.rousseau@free.fr)
00000008 [140406854371648] ../src/ccid_usb.c:350:OpenUSBByName() ifdProductString: Generic CCID driver
00000007 [140406854371648] ../src/ccid_usb.c:351:OpenUSBByName() Copyright: This driver is protected by terms of the GNU Lesser General Public License version 2.1, or (at your option) any later version.
00011059 [140406854371648] ../src/ccid_usb.c:435:OpenUSBByName() Try device: 4/6
00000062 [140406854371648] ../src/ccid_usb.c:445:OpenUSBByName() vid/pid : 08E6/3438
00000007 [140406854371648] ../src/ccid_usb.c:561:OpenUSBByName() Checking device: 4/6
00000005 [140406854371648] ../src/ccid_usb.c:632:OpenUSBByName() Trying to open USB bus/device: 4/6
00000136 [140406854371648] ../src/ccid_usb.c:638:OpenUSBByName() Can't libusb_open(4/6): LIBUSB_ERROR_ACCESS
00000706 [140406854371648] ../src/ccid_usb.c:208:close_libusb_if_needed() libusb_exit
00000239 [140406854371648] ../src/ccid_usb.c:892:OpenUSBByName() Device not found?
00000103 [140406854371648] ../src/ifdhandler.c:134:CreateChannelByNameOrChannel() failed
00000042 [140406854371648] ../src/readerfactory.c:1144:RFInitializeReader() Open Port 0x200000 Failed (usb:08e6/3438:libudev:0:/dev/bus/usb/004/006)
00000007 [140406854371648] ../src/readerfactory.c:371:RFAddReader() Gemalto USB Shell Token V2 init failed.
00000008 [140406854371648] ../src/readerfactory.c:627:RFRemoveReader() UnrefReader() count was: 1
00000005 [140406854371648] ../src/readerfactory.c:1157:RFUnInitializeReader() Attempting shutdown of Gemalto USB Shell Token V2 00 00.
00000006 [140406854371648] ../src/readerfactory.c:1014:RFUnloadReader() Unloading reader driver.
00000830 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001
00000225 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001
00000223 [140406854371648] ../src/hotplug_libudev.c:299:get_driver() Looking for a driver for VID: 0x05AC, PID: 0x8403, path: /dev/bus/usb/001/003

And the reader is not available for PC/SC applications:

$ pcsc_scan -r
No reader found.

Solution

The reader driver must set the access rights of the device file, such as /dev/bus/usb/004/006 in the example above, so that the pcscd group has read and write access rights.

$ ls -l /dev/bus/usb/004/006
crw-rw-r--+ 1 root pcscd 189, 389 21 oct.  21:41 /dev/bus/usb/004/006

Please note that the file belongs to the pcscd group and not the root group.

Implementation

Create a udev rule file that contains something like:

# If not adding the device, go away
ACTION!="add", GOTO="foobar_rules_end"
SUBSYSTEM!="usb", GOTO="foobar_rules_end"
ENV{DEVTYPE}!="usb_device", GOTO="foobar_rules_end"

# CherrySmartTerminalST2XXX.txt
ATTRS{idVendor}=="046A", ATTRS{idProduct}=="003E", GROUP="pcscd"

# All done
LABEL="foobar_rules_end"

For example the libccid udev rule file is available at https://salsa.debian.org/rousseau/CCID/-/blob/master/src/92_pcscd_ccid.rules?ref_type=heads#L12. The important part for the generic CCID driver is:

# Generic CCID device (bInterfaceClass = 0x0b)
ENV{ID_USB_INTERFACES}=="*:0b0000:*", GROUP="pcscd"

For earch USB device with an interface equal to 0x0b, i.e. CCID class, then set the group to pcscd.

The pcscd group should be created by the installation of pcsc-lite package. If it is not the case for your distribution, you should report it as a bug to your distribution pcsc-lite package.

Build requirements

To build the CCID driver with this new feature, you need to have udev pkg-config file installed.

You need to be able to get the udevdir variable from the udev.pc file:

$ pkg-config --variable=udevdir udev
/usr/lib/udev

For Debian/Ubuntu and derivatives distributions just install the package systemd-dev.

Conclusion

This change significantly improves your system security. A bug in pcsc-lite, or in a smart card reader driver used by pcsc-lite, will not allow an attacker to gain access to the root account. The attacker would only have access to a normal/unprivileged account.

This mechanism cannot be used everywhere, for example on systems without systemd or udev. However, most GNU/Linux systems should be covered.

New version of pcsc-lite: 2.4.0

I just released a new version of pcsc-lite 2.4.0.

pcsc-lite is a Free Software implementation of the PC/SC (or WinSCard) API for Unix systems.

The major change in this release is that the pcscd daemon process now runs as a normal user instead of root (when systemd is used).

You must use drivers that configure the reader device access rights so that a user in the pcscd group can access it for reading and writing. That is the case for libccid 1.7.0. See New version of libccid: 1.7.0.

Changes:

2.4.0: Ludovic Rousseau

19 October 2025

  • Run pcscd under a pcscd user instead of root when using systemd

  • Set PIDFile in systemd service file

  • Protect contextMapList modifications using a mutex

  • meson:

    • Fix libpcsclite.pc file

    • respect builtin meson default_library option

    • build and install spy lib & tool only when needed

  • UnitaryTests/*.py: fix pylint warnings

  • Improve Doxygen documentation

macOS Tahoe and smart cards status

I will compare this version to the previous one, Sequoia, which I presented in macOS Sequoia and smart cards status.

/images/2025/10/macOS-Tahoe.jpg

CCID

% grep -A 1 CFBundleShortVersionString /usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/Info.plist
  <key>CFBundleShortVersionString</key>
  <string>1.5.1</string>

My CCID driver has not been updated in macOS since Sonoma (released in 2023). It is still version 1.5.1.

Updated CCID driver

If you need a CCID driver newer than the version 1.5.1 provided by Apple, you can contact me.

I just released version 1.7.0 today.

Apple Open Source

The Open Source components included in macOS are listed at <https://opensource.apple.com/releases/>

The Open Source components for Tahoe 26.0 are not yet available.

Apple CCID driver

% defaults read /Library/Preferences/com.apple.security.smartcard.plist
Domain /Library/Preferences/com.apple.security.smartcard.plist does not exist

The Apple CCID driver is enabled by default (as expected).

If you want or need to use my CCID driver, simply follow follow the instructions at Apple's own CCID driver in Sonoma.

Changes compared to Sequoia

% diff -u /Volumes/Sequoia/System/Library/CryptoTokenKit/usbsmartcardreaderd.slotd//Contents/Info.plist /System/Library/CryptoTokenKit/usbsmartcardreaderd.slotd//Contents/Info.plist
--- /Volumes/Sequoia/System/Library/CryptoTokenKit/usbsmartcardreaderd.slotd//Contents/Info.plist       2025-09-05 17:46:41
+++ /System/Library/CryptoTokenKit/usbsmartcardreaderd.slotd//Contents/Info.plist       2025-09-09 09:15:49
@@ -27,21 +27,21 @@
        <key>DTCompiler</key>
        <string>com.apple.compilers.llvm.clang.1_0</string>
        <key>DTPlatformBuild</key>
-       <string></string>
+       <string>25A336</string>
        <key>DTPlatformName</key>
        <string>macosx</string>
        <key>DTPlatformVersion</key>
-       <string>15.7</string>
+       <string>26.0</string>
        <key>DTSDKBuild</key>
-       <string>24G201t</string>
+       <string>25A336</string>
        <key>DTSDKName</key>
-       <string>macosx15.7.internal</string>
+       <string>macosx26.0.internal</string>
        <key>DTXcode</key>
-       <string>1630</string>
+       <string>2600</string>
        <key>DTXcodeBuild</key>
-       <string>16E6052g</string>
+       <string>17A6264k</string>
        <key>LSMinimumSystemVersion</key>
-       <string>15.7</string>
+       <string>26.0</string>
        <key>NSHumanReadableCopyright</key>
        <string>Copyright © 2020 Apple. All rights reserved.</string>
 </dict>

The source code for the Apple driver is not available. Therefore, I cannot say much about it.

Known bugs

The page listing the bugs I found in Sonoma is available at macOS Sonoma and smart cards: known bugs.

Apple has not informed me that a bug has been fixed in Tahoe (or Sequoia). I therefore assume that the bugs are still present.

Conclusion

As I wrote for Sequoia, if you encounter a problem with your smart card under macOS Tahoe, I suggest you first switch from the Apple driver to my CCID driver, then check again.

New version of libccid: 1.7.0

I just released version 1.7.0 of libccid the Free Software CCID class smart card reader driver.

This version includes a udev rules file to modifies the group access rights of the CCID device (i.e. the file /dev/bus/usb/001/xyz) so that the pcscd process has read/write access without having to run as root. The change on pcsc-lite will be included in version 2.4.0 (coming soon).

Changes:

1.7.0 - 2 October 2025, Ludovic Rousseau

  • Add support of

    • GIGA-TMS NFC CCID Reader

    • Identiv Identiv SmartOS Reader

    • SEC1210URT, single slot variant of SEC1210 serial

    • TOKEN2 FIDO2 Security Key(0013),PIN+ Mini with OTP + PGP

    • TOKEN2 FIDO2 Security Key(0014),PIN+ Mini with FIDO + PGP

    • TOKEN2 FIDO2 Security Key(0015),PIN+ Mini with PGP

    • TOKEN2 FIDO2 Security Key(0016),PIN+ Mini with OTP + PGP + FIDO

    • TOKEN2 FIDO2 Security Key(0023),PIN+ Series with OTP + PGP

    • TOKEN2 FIDO2 Security Key(0024),PIN+ Series with FIDO + PGP

    • TOKEN2 FIDO2 Security Key(0025),PIN+ Series with PGP

    • TOKEN2 FIDO2 Security Key(0203),Bio3 Dual with OTP + PGP

    • TOKEN2 FIDO2 Security Key(0204),Bio3 Dual with FIDO + PGP

    • TOKEN2 FIDO2 Security Key(0205),Bio3 Dual with PGP

    • TOKEN2 FIDO2 Security Key(0206),Bio3 Dual with OTP + PGP + FIDO

    • TOKEN2 Molto2 (older version)

    • VIX TECHNOLOGY SECURE READER

  • Remove support of

    • SIMHUB pcsc reader

  • Give pcscd group permission to CCID devices in udev rule

  • Avoid a timeout issue with the Thales Fusion NFC reader

  • Provide the option to synchronize the 2 interfaces of a SEC1210 (see Card state synchronisation on SEC1210 reader 2 interfaces)

  • Some other minor improvements

Reading a SIM card (in Hackable magazine)

I just read an article in the French magazine Hackable number 61.

/images/2025/08/hackable-magazine-61.jpg

The article title is "Murmurons à l'oreille de nos cartes SIM" (Let's whisper in the ears of our SIM cards) written by Denis Bodor.

/images/2025/08/hackable-magazine-61-SIM.jpg

Abstract:

" Dans de précédents articles, nous avons expérimenté autour des smartcards et des Java Cards en particulier, allant même jusqu'à développer nos propres programmes ou applets s'y exécutant. Ici, nous allons être un peu plus « passifs » et, plutôt que de créer, allons simplement explorer un certain type de smartcard que vous avez très probablement sous la main : la carte SIM de votre téléphone/smartphone. "

Denis, the author, uses a tool he developed himself: pcscapdu "A simple tool to exchange APDUs with PC/SC smardcards". pscsapdu seems to be an interesting tool for using smart cards. You can send APDU and also write Lua scripts. I did not know this tool.

Lua sample script provided with pcscapdu:

-- Application Select for custom Javacard Applet
selapp = "00a4 0400 0a f276a288bcdeadbeef01"
getcount = { 0x80, 0x50, 0x00, 0x00, 0x01 }
get_hi = "8040 0000 0d"
getmeminfo = "8061 0000 04"


print("Select applet")
-- Send string APDU
response = sendstrapdu(selapp)
if (#response ~= 2) then
    print("Bad response size!")
    do return end
end
if (response[1] ~= 0x90 and response[2] ~= 0x00) then
    print("Bad response!")
    do return end
end
print("> OK")


print("Get counter value")
-- Send hex APDU
response2 = sendapdu(getcount)
-- get rid of status code
table.remove(response2, #response2)
table.remove(response2, #response2)
-- Display response
s = "> "
for key,value in ipairs(response2) do
    s = s .. string.format("%d", value)
end
print(s)


print("Get french 'Hello World'")
-- Send hex APDU
response3 = sendstrapdu(get_hi)
-- get rid of status code
text = { table.unpack(response3, 1, #response3 - 2) }
-- Display ASCII response
s = "> "
for key,value in ipairs(text) do
    s = s .. string.format("%c", value)
end
print(s)

print("Get flash/EEPROM size (for Javacard 2.2.2 max value is 32767 even if the card has more memory)")
-- Send hex APDU
response2 = sendstrapdu(getmeminfo)
-- get rid of status code
table.remove(response2, #response2)
table.remove(response2, #response2)
-- Display response
s = 0
for key,value in ipairs(response2) do
    s = s .. string.format("%02x", value)
end
print("> " .. tonumber(s,16) .. " bytes")

Conclusion

If you live in France or have access to French magazines I suggest you buy issue 61 of Hackable. It is the July-August 2025 edition.

You can also buy and read the online version at Murmurons à l'oreille de nos cartes SIM.

New version of PyKCS11: 1.5.18

I just released a new version of PyKCS11, a Python wrapper above the PKCS#11 API.

See PyKCS11 introduction or PyKCS11’s documentation.

The project is registered at Pypi: https://pypi.org/project/PyKCS11/

Changes:

1.5.18 - August 2025, Ludovic Rousseau

  • add CKM_EXTRACT_KEY_FROM_KEY mechanism

  • add CKM_EDDSA and CK_EDDSA_PARAMS support

  • C_Initialize(): allow OS locking

  • PyKCS11.load() & .unload(): make the methods tread-safe

  • bugfix: store CKM_CONCATENATE_BASE_AND_KEY parameter in mechanism context

  • IsNum(): CKA_HW_FEATURE_TYPE is also a numeric value

  • improve support for multi-part encryption/decryption

  • fix some Python typing issues

  • Fix issue with vendor defined (CKM_VENDOR_DEFINED) mechanisms

  • fix/ignore all pylint warnings

  • use pytest for running tests

  • minor improvements

New version of PySCard: 2.3.0

I just released a new version of pyscard. PySCard is a Python module adding smart cards support (PC/SC) to Python.

The PySCard project is available at:

Changes:

2.3.0 (July 2025)

  • PCSCCardRequest: fix waitforcardevent() initialization

  • PCSCCardConnection: raise exception for .connect() after .release()

  • Fix race issue in SCardListReaders() and SCardListReaderGroups()

  • Use SCARD_AUTOALLOCATE where defined (everywhere except macOS)

  • Use SCardFreeMemory() on Unix (except macOS)

  • CardMonitoringThread: Fix a thread safeness issue

  • fix/ignore all pylint warnings

  • Minor changes

Pre-built parse binaries

Since October 2023, I've been offering a simple way to check if a reader whether or not a reader complies with the CCID standard. See Check reader's compliance to CCID specification.

Parse tool

As early as the first version of my CCID driver, I provided a tool called parse to analyze the USB descriptor and see if a connected device is declared as a CCID devide (USB interface class = 11).

The parse tool is written in C and you have to build it from source code. This is not an easy task for non-developers.

Non-developers

For non developers, it wasn't easy. Hence the idea of providing pre-built versions of the parse tool.

I can't provide a binary for all possible systems (Unix, not just GNU/Linux).

I provide a binary version for:

  • Linux x86_64 (GNU/Linux on Intel/AMD 64 bits CPU)

  • Linux aarch64 (GNU/Linux on ARM 64 bits CPU)

  • Linux armv7l (GNU/Linux on for example on a Raspberry)

  • Darwin x86_64 (macOS on Intel 64 bits CPU)

  • Darwin arm64 (macOS on Apple M1, M2, etc. CPU)

You do not have to know what system or processor you have. Just use, in a terminal:

curl https://ccid.apdu.fr/files/parse.sh | bash -

Statistics

From last month's HTTP server logs, I get:

Architecture

#

%

Linux-x86_64

52

86.67 %

Darwin-x86_64

4

6.67 %

Linux-aarch64

4

6.67 %

Darwin-arm64

0

0 %

Linux-armv7l

0

0 %
/images/2025/06/parse.png

Unsurprisingly, the majority of users are on a GNU/Linux system with an Intel/AMD 64-bits processor.

I am pleasantly surprised to see GNU/Linux systems on ARM processors.

Security

I understand that some people prefer to build a program from source code rather than run a binary retrieved from the Internet.

I also do not like using:

curl https://random.web.site/install_script.sh | bash -

This is why is is still possible to rebuild the parse binary from the source code.

Conclusion

It should (now) be easy to check if a USB smart card reader complies with hthe CCID standard.

If you are the product owner of a new smart card reader and don't have a GNU/Linux developer available to help you, this tool will allow you to send me the details as documented at Check reader's compliance to CCID specification.

I can then add your reader in the "Should work but untested by me" list. If you want to have your reader listed in the "Supported CCID readers/ICCD tokens" list, contact me.