I am developing a javascript library to perform smart card operations using the CCID protocol over chrome webusb API. Everything goes well when I plug the smart card reader on Linux and MacOS, however I get stuck on windows when I try to claim the interface.
I tried to run chrome as an administrator, disable smart card services /
CCID drivers on windows in case those were claiming the interface, but nothing does it. I keep having the
"Failed to claim interface: Access denied (insufficient permissions)"
message. Is it really a permission problem ? Or is it some windows service I am not aware of blocking the access ?
Edit: I tried on another mac, on which the reader didn't work. After removing the specific vendor id / product id from the CCID driver info.plist, I managed to make it work. So I suppose the same problem is happening on windows, a CCID driver is "blocking" the access interface. What are my alternatives ?
The device descriptor:
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 1.10
bDeviceClass 0 (Defined at Interface level)
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 8
idVendor 0x1a44 VASCO Data Security International
idProduct 0x0001 Digipass 905 SmartCard Reader
bcdDevice 1.02
iManufacturer 1 VASCO
iProduct 2 DP905v1.1
iSerial 0
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 93
bNumInterfaces 1
bConfigurationValue 1
iConfiguration 0
bmAttributes 0x80
(Bus Powered)
MaxPower 50mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 3
bInterfaceClass 11 Chip/SmartCard
bInterfaceSubClass 0
bInterfaceProtocol 0
iInterface 0
ChipCard Interface Descriptor:
bLength 54
bDescriptorType 33
bcdCCID 1.00
nMaxSlotIndex 0
bVoltageSupport 3 5.0V 3.0V
dwProtocols 3 T=0 T=1
dwDefaultClock 3700
dwMaxiumumClock 3700
bNumClockSupported 1
dwDataRate 9946 bps
dwMaxDataRate 318280 bps
bNumDataRatesSupp. 53
dwMaxIFSD 254
dwSyncProtocols 00000007 2-wire 3-wire I2C
dwMechanical 00000000
dwFeatures 000404BE
Auto configuration based on ATR
Auto activation on insert
Auto voltage selection
Auto clock change
Auto baud rate change
Auto PPS made by CCID
Auto IFSD exchange
Short and extended APDU level exchange
dwMaxCCIDMsgLen 272
bClassGetResponse echo
bClassEnvelope echo
wlcdLayout none
bPINSupport 0
bMaxCCIDBusySlots 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0004 1x 4 bytes
bInterval 32
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0010 1x 16 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0010 1x 16 bytes
bInterval 0
The insight in your edit is correct, if the CCID driver is blocking access to the device then Chrome cannot access it. In addition on Windows the operating system must know to load the WinUSB.sys driver (which comes with Windows) against the device or else any userspace application such as Chrome cannot access it. This can be accomplished using an INF file like this one or by adding Microsoft OS descriptors to the device to set the "compatible ID" to "WINUSB".
If you are building your own device the latter option is preferable as it will provide plug-and-play support for your users while the former still requires a manual installation step for Windows users.
If you are working with an existing device but have control over the Windows system then, similar to editing the Info.plist for the macOS driver, you can go into the Windows Device Manager and replace the existing driver with WinUSB.sys using an INF file like the above.
I'm pretty new to this but as far as i can see when a native driver takes hold of your USB device, your lost and there is nothing the browser can do about it. It seems a fix could be to change the vendor or product ID (if you can do this) so no native driver will claim your device. If this is not a solution, a chrome app has much more possibilities and might be able to overcome the problem.
Related
How does the default bios (OpenSBI) in qemu-system-riscv pass the Device Tree Blob to a guest?
I can see from the documentation for qemu-system-arm 'virt' platform that QEMU passes the address of the Device Tree Blob (dtb) to guests in r0 when using the Linux Boot Protocol, or at a hard-coded address for bare-metal guest kernels.
The source code in hw/riscv/virt.c within the QEMU repo shows that a Device Tree Blob is generated for the RISC-V 'virt' platform (Via the create_fdt function), however none of the documentation I can find describes how this is passed to the guest. Any help is appreciated.
How does the default bios (OpenSBI) in qemu-system-riscv pass the Device Tree Blob to a guest?
It doesn't. The mechanism is similar to all qemu "virt" machines. It's qemu responsibility to generate and load compiled dtb in this particular case.
Actually you can rely only on RAM and FLASH addresses all other information should be taken from Qemu generated DTB.
Citing from qemu/hw/riscv/boot.c:
riscv_load_fdt
/*
* We should put fdt as far as possible to avoid kernel/initrd overwriting
* its content. But it should be addressable by 32 bit system as well.
* Thus, put it at an 16MB aligned address that less than fdt size from the
* end of dram or 3GB whichever is lesser.
*/
OpenSBI expects the fdt addr passed via "a1", unless you compiled OpenSBI with dtb build-in FW_FDT_PATH, see:
opensbi/docs/firmware/fw.md
opensbi/docs/firmware/fw_payload.md
The address of fdt cannot be set directly (OpenSBI v0.9) currently during compile time.
The address of fdt passed to next mode however can be changed with FW_PAYLOAD_FDT_ADDR.
So FW_FDT_PATH and FW_PAYLOAD_FDT_ADDR affect fdt respectively.
Qemu setups reset vector in riscv_setup_rom_reset_vec and among other things sets fdt_load_addr
What happens next depends on OpenSBI mode (dtb can be reallocated by OpenSBI), but you can look at sbi_hart_switch_mode in opensbi/sbi_hart.c:
register unsigned long a0 asm("a0") = arg0;
register unsigned long a1 asm("a1") = arg1;
__asm__ __volatile__("mret" : : "r"(a0), "r"(a1));
__builtin_unreachable();
Finally see https://www.sifive.com/blog/all-aboard-part-6-booting-a-risc-v-linux-kernel for RISC-V kernel boot proccess:
Early Boot in Linux
When Linux boots, it expects the system to be in the following state:
a0 contains a unique per-hart ID. We currently map these to Linux CPU IDs,
so they're expected to be contiguous and close to 0.
a1 contains a pointer to the device tree, represented as a binary flattened
device tree (DTB).
Update:
For example you can see the following with:
build-qemu/qemu-system-riscv64 -machine virt -m 2G -nographic -bios opensbi/build/platform/generic/firmware/fw_jump.bin
And OpenSBI compiled with FW_OPTIONS=0x2:
Domain0 Name : root
Domain0 Boot HART : 0
Domain0 HARTs : 0*
Domain0 Region00 : 0x0000000002000000-0x000000000200ffff (I)
Domain0 Region01 : 0x0000000080000000-0x000000008003ffff ()
Domain0 Region02 : 0x0000000000000000-0xffffffffffffffff (R,W,X)
Domain0 Next Address : 0x0000000080200000
Domain0 Next Arg1 : 0x0000000082200000
Domain0 Next Mode : S-mode
Domain0 SysReset : yes
We have a several Windows 10 workstation - 6 out of 20 - constantly hitting the url "captive.apple.com/generate_204" over wired internet. Its not causing any issues but we don't understand why its happening and we want to turn it off.
Our FW logs give us this info which may be pertinent:
udp:6514
pan:threat
action allowed
app web-browsing
app:default_ports tcp/80
app:has_known_vulnerability yes
app:risk 4
app:subcategory internet-utility
app:technology browser-based
app:tunnels_other_application yes
app:used_by_malware yes
application web-browsing
category computer-and-internet-info
content_type text/html
dest 17.253.63.202
dest_hostname captive.apple.com
dest_interface ethernet1/4
dest_ip 17.253.63.202
dest_port 80
dest_zone dsl
direction client-to-server
filename generate_204
flags 0x42b000
misc captive.apple.com/generate_204
protocol tcp
rule User Internet Access - App
signature URL Filtering log(9999)
signature_id 9999
src_interface ethernet1/5.6
src_port 56363
src_translated_ip 192.168.50.1
src_translated_port 8089
threat_id 9999
threat_name -9999
type THREAT
url captive.apple.com/generate_204
user_agent Mozilla / 4.0
Solved.. The GlobalProtect client for VPN access was hitting this "URL" to test for connectivity. I found out by eliminating what services were active on startup and it was the second one I tried.
Now we can eliminate this call-out as it is a trusted app that's doing it with no payload anyhow.
So it wasn't a browser but an embedded agent within the client
I have a test environment of Parity POA of with 5 nodes. 3 nodes are synchronizing with each other but 2 are not able to synchronize. I am getting following error in the logs of nodes not synchronizing;
2018-03-13 17:19:13 Stage 3 block verification failed for #427607 (62e9…9621)
Error: Block(TooManyUncles(OutOfBounds { min: None, max: Some(0), found: 1 }))
Anyone experiencing same problem?
In my case 2 nodes are using parity client version 1.8.10, and other 3 nodes are using parity client version 1.8.3.
Nodes with parity 1.8.10 are throwing the above error.
After looking for this issue, I found out that parity clients with version 1.8.4 and above has default value 0 for a parameter "maximumUncleCount".
Few blocks in my blockchain has uncle blocks (don't know the reason, why) which cannot be imported by nodes using parity 1.8.10 and they give the error.
For now I set the "maximumUncleCount" value to 2 in the nodes with parity 1.8.10 (in blockchain-spec.json file) and now they are synchronizing with no problem.
A maximumUncleCount = 0 is recommended in POA environments by parity. I am going to hard fork to use maximumUncleCount = 0 soon.
https://github.com/paritytech/parity/releases/tag/v1.8.4
I'm experiencing problems while building my Codename One project for Windows Phone.
I've had 3 attempts: 2 failed and 1 was stuck on a build phase for more than an hour and I decided to cancel it.
I've downloaded error logs for both failed attempts (files were more than 60M and I've noticed it too late, so sorry for using your server's bandwidth). Here is the extract (files sizes are more than 60M) from the last error log (2f361a99-589d-4e29-9e6d-14d22b1cacc3-1453240937030-error.txt/Tue Jan 19 2016 23:46:42 GMT+0200 (FLE Standard Time)):
Executing: java -Xmx1024m -jar win_xmlvm.jar --in=C:\Users\Shai\AppData\Local\Temp\build6825805865501307423xxx\classes --resource=C:\Users\Shai\AppData\Local\Temp\build6825805865501307423xxx\ApplicationCN1\ApplicationCN1\res/ --out=C:\Users\Shai\AppData\Local\Temp\build6825805865501307423xxx\ApplicationCN1\ApplicationCN1\src --target=csharp --app-name=ApplicationCN1 [01/19/16 23:47:19.038] ERROR: Couldn't create node for com.codename1.impl.ImplementationFactory
[01/19/16 23:47:19.038] ERROR: Couldn't create node for com.codename1.impl.ImplementationFactory
...classes...
...lots of warnings about hidden inherited members...
"C:\Users\Shai\AppData\Local\Temp\build6825805865501307423xxx\ApplicationCN1\ApplicationCN1.sln" (default target) (1) ->
"C:\Users\Shai\AppData\Local\Temp\build6825805865501307423xxx\ApplicationCN1\ApplicationCN1\ApplicationCN1.csproj" (default target) (2) ->
(CoreCompile target) ->
src\com\yyy\yyy\DialogForm.cs(1133,5): error CS1511: Keyword 'base' is not available in a static method [C:\Users\Shai\AppData\Local\Temp\build6825805865501307423xxx\ApplicationCN1\ApplicationCN1\ApplicationCN1.csproj]
130875 Warning(s)
1 Error(s)
Time Elapsed 00:07:44.77
My configuration:
Windows 7 SP1 x64;
Java SE Development Kit 7 Update 45 (64-bit);
Eclipse IDE for Java Developers, Version: Luna Service Release 2 (4.4.2), Build id: 20150219-0600;
Plugin: CodenameOneFeature 1.0.0.201511241324;
Contents of my codenameone_settings.properties:
#
#Mon Jan 18 16:05:13 EET 2016
codename1.vendor=yyy
codename1.displayName=yyy
codename1.icon=icon.png
codename1.languageLevel=5
codename1.secondaryTitle=yyy
codename1.version=0.4
codename1.mainName=ApplicationCN1
codename1.ios.certificatePassword=
codename1.rim.signtoolDb=
libVersion=97
codename1.ios.certificate=
codename1.arg.j2me.nativeThemeConst=3
codename1.arg.ios.add_libs=CFNetwork.framework
codename1.arg.android.debug=false
codename1.arg.android.release=true
codename1.j2me.nativeTheme=
codename1.rim.signtoolCsk=
codename1.rim.certificatePassword=
codename1.ios.provision=
codename1.packageName=com.yyy.yyy
What am I doing wrong?
You probably have a field or method named base and our old XMLVM based backend isn't smart enough to deal with that (reserved word in C#).
Just rename that for now and also look at the project size.
We are currently working on a rewrite of the Windows Phone VM/port so this and many other issues won't exist when we are done. Since its almost a complete rewrite (we will probably base it in part on the community port) this might take a while to deliver.
I've published an app with integrated hockeyapp. But Windows Phone dashboard crash report contains mystic crashes that are not in hockeyapp. According to stacktrace they are native (OS crashes).
App is 8.0 DirectX + Xaml app. Crashes are generated by 8.1 devices.
8.0 devices worked perfectly. I've tested app on all known WP devices for many hours on each, everything works perfectly. Seems some ocasianal bug in 8.1 :(
The biggest crash group is the following:
EXCEPTION_FAILFAST_ON_ERRORCODE_ERROR_CODE_88000837_BEDB185E-7ADE-48E5-B755-D7556882BD1B
Frame Image Function Offset
0 KERNELBASE.dll RaiseException 0x00000036
1 npctrl.dll CXcpControl::CPReportError 0x00000066
2 npctrl.dll CXcpControl::ReportError 0x00000010
3 npctrl.dll CXcpDispatcher::OnError 0x000000c2
4 npctrl.dll CXcpDispatcher::OnWindowMessage 0x00011ba6
5 npctrl.dll CXcpDispatcher::GroupDispatchProcStatic 0x0000011e
6 CoreMessaging.dll Microsoft__CoreUI__DispatchGroupHandler$CallbackThunk 0x000000ca
7 CoreMessaging.dll Microsoft::CoreUI::DispatchGroupHandler::Invoke 0x00000016
8 CoreMessaging.dll Microsoft::CoreUI::Dispatch::Dispatcher::Callback_DispatchLoop 0x00000746
9 CoreMessaging.dll Microsoft::CoreUI::Dispatch::EventLoop::Callback_Run 0x0000007a
10 CoreMessaging.dll Microsoft::CoreUI::Messaging::MessageSession$R::Microsoft__CoreUI__IExportMessageSession_Impl::Run 0x0000002c
11 CoreMessaging.dll Microsoft::CoreUI::IExportMessageSession$X__ExportAdapter::Run 0x0000004e
12 TaskHostCore.dll HostDispatcher::Run 0x000000a8
13 TaskHostCore.dll TaskHost::RunMessageLoop 0x00000016
14 TaskHostCore.dll ThRun 0x0000000e
15 TaskHost.exe wmain 0x00000016
16 TaskHost.exe __wmainCRTStartup 0x000+H1:H2
Crash has attached minidmp for TaskHost.exe. Unfortunately i have no idea what can i get from it.
Any ideas what way i can go to fix the issue ?
Are you sure you're handling the Disconnect callback accordingly ? As in do you clear and reload all your resources after a Surface::Diconnect ? If you do not handle Disconnect at all, your app will crash on resume. If you do handle it and you're not doing it the proper way your app will start using more and more memory and will crash if it goes past 170MB or so.