Dell embedded contactless smartcard reader

Updated (2009-10-13): How to enable PC/SC support for this reader.

I recently bought a Dell Precision M6400 Covet. One of it’s cool standard features is the embedded contactless smartcard reader. This reader is located under the right palm rest, and is also available on select Latitude E-series. All this is cool, but, where is the documentation? What cards does it support? Can I access the reader from my own programs? Unfortunately Dell seems to have very little information available on their web pages, so I had to start digging myself. (I’m the type of guy who can’t have a gadget in my house without knowing what’s inside, who made it, and how can I use it in strange ways to do cool things.)

The chipset is Broadcom BCM5880, and is listed under Device Manager as “Broadcom Unified Security Hub CV w/fingerprint sensor”. There is no separate entry in “Device Manager” for “Contactless Smartcard reader”. This chipset also contains a secuity processor, contacted smartcard support, fingerprint reader support, TPM v1.2, and a so-called “credentials vault” (CV).

From BCM5880 Product Information:

“The Broadcom BCM5880 secure applications processor combines platform identification, personal identification and data protection in a single chip and includes an integrated Trusted Platform Module (TPM) 1.2 device, as well as the credential “vault” capability. It also integrates many of the authentication applications available today, such as one-time-password (OTP), fingerprint readers, smart cards, and contactless readers, into silicon, where they all can be centrally managed and utilized as part of multi-factor authentication policies”.

On a side note: Many of the same features available in the TPM is also available in the Credentials Vault. The biggest differences seems to be that CV is enabled by default, but TPM must be manually activated in BIOS (according to the requirements by the Trusted Computing Group). The TPM interface is standardized, while CV is not? Also, when authenticating to the chip (updates/modifications etc), the TPM only supports passwords, while CV supports smartcards and fingerprints as well.

Anyway, through HID Global I found a document called “Dell E-Family PBA Enrollment Application Notes AN0124” which lists the compatible card technologies for this reader:

Dell Compatible Card Technologies Table

From this table we can see that the embedded contactless reader “natively” supports HID iClass cards (in software/hardware), it does NOT support 125kHz proximity cards, and the rest of the cards (MIFARE and generic ISO14443A/B or ISO15693) are supported by means of reading the CSN/UID only. Since the CSN should be unique, this means all ISO14443A/B or ISO15693 cards, eventhough not directly supported by the Dell software, will still work with the embedded reader through the use of the Card Serial Number. But be aware, the CSN can be read by anyone, and the communication between the card and reader is unencrypted, unlike the iClass cards, where the reader and card first goes through a mutual authentication process, before the identification number is read from secure memory, and then finally transmitted in encrypted form to the reader. The encryption and mutual authentication process uses HID iClass’ Standard Master Key. This key is then diversified using the CSN, to create a unique key that is stored in each iClass card. The Standard Master Key is stored in secure memory in all authorized iClass readers. (When it comes to the Dell laptops, my guess is that this Standard Master Key is stored securely in the reader itself or the Credentials Vault).

I have tested several different HID iClass cards, 2k2, 16k2, programmed and unprogrammed, and NXP Mifare 4K, Mifare Ultralight. They all seem to work fine with the embedded contactless reader. (Although the ultralight card is not read as easily as the other cards. I had to move the card over the reader for a few seconds before it was detected). On the unprogrammed iClass cards, I suspect that it reads the CSN only, as the length of the “Access Control ID” bytes are set to 0x00, which means there is no number stored on the card. Unfortunately, the enrollment software on the Dell Laptops does not inform you weither the card you enrolled was an iClass card, or just a generic card with CSN/UID, so there is no way to know what number was actually used. I also tried with a iso14443b java card, but it was not detected by the reader, even though the table above says the reader supports the 14443 ‘B’ protocol.

I bought most of the cards from http://www.smartcardfocus.com.  They sell individual cards, unlike most other stores who only sell batches of 100/200 etc.
Any of the iClass cards they have will work, but they are all supplied unprogrammed by default. Eventhough unprogrammed cards will work with your Dell contactless reader, you might want to ask them to program the cards for you using their free programming service, as I’m not sure if it actually reads some default ID from secure memory, or just uses the CSN because the card is not “activated”.

Using the card on your Dell laptop:
Enroll the card through “Dell Security Manger” or “Wave Embassy Security Center”. Be aware when logging in: Do NOT use the numpad when entering PIN on pre boot. The numpad keys do not work correctly, and will result in “Auth Failed”.

Here are scans of some of the cards I have tested:
(I have removed the external serial numbers where they appear)

HID Dell PBA testcard (front)
iclass-prox-latitude-testcard-front

HID Dell PBA testcard (back)
iclass-prox-latitute-testcard-back-cut-resized-anonFrom the markings on the card (“iCLASS Px G6L”) we can see that this is a dual technology card (HID iClass 13.56MHz + HID Prox 125kHz).

iClass 2K 2 app (ISO 15693 only) iclass-2k2-cut-resized-anonMarkings: “iClass DL + [external serial #]”

iClass 2k2 + Prox
iclass-2k2-prox-cut-resizedMarkings: “iCLASS Px D6L”

iClass 16k2
iclass-16k2-cut-resizedMarkings: “iCLASS EG”

iClass 16k16 + Prox
iclass-16k16-prox-cut-resizedMarkings: “iCLASS Px E6L”

This is the card I use to access the building where I work, a HID DuoProx 125kHz + magnetic strip combo:
duoprox-cut-resized-anonThe markings say (“HID 0004k”). The front is all white.
This card will not work with the Dell contactless reader, but you can get dual technology cards that have both iClass and Prox, so you can use the same card to access buildings and your computer.

All iClass cards supports both ISO14443/B2 and ISO15693, except the 2k2 versions which only support ISO15693. However, unfortunately, iClass cards only supports up to ISO layer 2, and this makes iClass reader support pretty slim, since they can only be read by readers that are specially prepared for iClass cards (usually only HIDs own readers, like HID or OmniKey, and some other licenced readers).

PC/SC support
I have previously experimented with reading EMV cards (see saush’s excellent example here) with the embedded contacted reader, so it would be nice if I could use the contactless reader in the same way. However the reader is not listed when I enumerate the available PC/SC terminals on my system.
In the last section of this document:
http://www.hidglobal.com/documents/dell_latitude_security_broch_en.pdf
it is stated that the contactless reader supports PC/SC… I have contacted Dell ProSupport, but they could not give me an answer. I will try to contact them again soon.
It seems for now, the reader can only be used by supported Dell software.

Update (2009-10-13): I finally found the solution to enable PC/SC support for this reader.

——

Many of the contactless cards use so called number “formats” (or “encoded numbers”). All HID iClass and Prox cards use this.
This number is different from the CSN/UID (which is unique to the chip), and is stored in the card EEPROM. On iClass cards, this number is stored in the HID Application Area, and is protected by the HID Standard Key (or a custom key in some cases).

A “Format” is simply the way you interpret a number.
For example given the number: 56128902

One “Format” can be:
Facility Code = 56
Card ID = 128902

Another one can be
Facility Code = 5
Card ID = 6128902

A format also specifies how long a number can be, for example 26, 34 or 36 bits etc.

H10301 – standard 26-bit format (original wiegand format) This format is supported by almost all contactless smartcard/proximity systems.
facility code 1-255
card id number 1-65535
= total 16,711,425 ( 24bit)  (facility code ‘0’ and card id ‘0’ not allowed)

When using the Dell reader with iClass cards, what formats does it support?
I would guess the reader is format agnostic. It doesn’t care about the format, it just reads the complete number, weither 26/34/36/37 or 84 bits, the reader just sees a large number.

Understanding card data formats (the id numbers stored on cards):
http://www.hidglobal.com/documents/understandCardDataFormats_wp_en.pdf

Format Guidelines:
http://www.hidglobal.com/page.php?page_id=10

Format and Facility (Site) Code explained:
http://www.identisource.net/format_and_facility_codes_expl.cfm

Custom Wiegand formats:
http://paxton.co.uk/docs/Application%20notes/AN1010.pdf

FIPS approval for the BCM5880:
http://www.fips201.com/product/view/418

The chip manufacturer for HID cards:
http://www.insidecontactless.com/products/picopass_suite.php

—–

Other links:

http://forum.notebookreview.com/showthread.php?t=354498
http://en.community.dell.com/forums/t/19277980.aspx
http://www.hidglobal.com/iclass

Glossary:

CSN = Card Serial Number. A unique number burnt into the chip at production. Same as UID.
UID = Unique ID. Same as CSN.
Access Control ID = The “encoded number” stored in the HID Application Area on iClass cards.
Encoded number = another name for the Access Control ID

About these ads

29 responses to “Dell embedded contactless smartcard reader

  • Maxime C.

    Nice post.
    I wish more blogs like yours in the RFID communauty.
    Because this blog is new, I encourage you to continue posting about it.
    I would like to discuss about some points. Could we be in touch ?

    Thanks for your work.

  • Jake

    Thanx for the article. How did you know iCLASS Px G6L is “a dual technology card (HID iClass 13.56MHz + HID Prox 125kHz)”?

    I can’t find the part no/card model translation anywhere.

    I’m trying to find iCLASS Px E4H

    -jp

    • ridrix

      The iClass technology in itself is 13.56MHz, and judging by the other cards I have, the “Px” seems to indicate “Prox” technology (125kHz).
      I’m not sure what “E4H” means, but in general these markings seems to indicate what memory areas are available for other “applications”. “Applications” in the HID sense is just a directory where you can store some files (bytes).

  • Maxime C.

    Indeed, Px mean you have a Prox chip on the card too.
    But E4H is juste a production reference, nothing more. If you want to know the memory structuration for the iClass chip (2K, 16K, …), you have to look on the ATR, or special HID iClass flags.

  • M. Ward

    I am trying to simulate the DESFire protocol with an embedded system I am working on. I have the NXP documentation MF3ICD81 “MIFARE DESFire Functional specification” Rev 3.5 which I received from NXP by signing some agreements with them. As I have started programming for the project I have run into some roadblocks that I am looking for help with (NXP hasn’t been as responsive as I hoped). In their document “mifare DESFire Features and Hints” section 4.3 they give an example of DES encryption that I have not been able to duplicate with my tools. I am able to duplicate the examples that I have found in (3)DES standards documentation, so I believe my code is compliant with the standard. Are you aware of any variation to DES that they are doing to make their encryption unique?

  • Emad

    hi

    i dont konow how to use or install the RFID and where i can find its drivers,please help me thank you

  • John

    Hi ridrix,

    Nice blog, very interesting :)

    I have two small questions for you:

    1- You mention in your post that you tested your reader with a ISO14443 Type B javacard … I’ve been searching for these for a long time, where did you find those/who is the manufacturer and model of the card?

    2- Regarding the iClass cards 13.56mhz/125khz cards, is it possible to program the facility/id code in them ourselves, or are they already programmed at the factory? If we can program them ourselves, it’s a big security issue I think …

    Thanks and keep up the good work!


    John

    • aetius

      Hi John,
      you can program the Facility/ID code on a card (iClass or Prox) if you own an HID programmer. that mean you have to sign contract and NDA etc… with HID.
      On the other end, depending of your “role”, the programmer may be restricted on the facility code you can use. Unless you are in their OEM program.

      with iClass cards, the key is an additional protection factor, so you need to have (also) the proper key in place.

      ae.

  • Basti

    Hi. Thanks for this great article. I ordered an HID iClass 2k card at smartfocus to use preboot authentification, but it doesnt work. after starting the wave software and try to register a new smartcard, I get this error: the card can not be accessed or it is not a proper dell formated card (sorry for bad translation). I’m using Win7 x64 on my E6400 so Dell says that they cannot support it because I bought this machine with WinXP. Is there any possibility to test the contactless reader? Maybe there is an hardware problem or something else? I updated the CV firmware to the latest version (14.6.118.0.). The contacted smartcard reader works fine… Greets from Germany.

    • Basti

      Short addition: I also tried to make the reader visible in the device manager following the instructions in your other post. the command “ushradiomode64.exe -n” replies:
      ——–
      ushradiomode (USH Radio Mode Utility) v1.3.0.0

      Current Radio Mode Configuration: CV Only Radio Mode
      RFID is not enabled
      Could not set Radio Mode configuration.
      ———-
      maybe this is helpful for you…

      • blobbybob

        Hi Basti!
        i am on win7 x64 with a M4400. The precision series have a high compitiblity with the EXXX models(Latitude?)
        i currently use the preboot authentification with a cheap Mifare contact less card so i guess. it should work for you. i dont kown if important but have you installed all the software(Embassy suite, CV firmware, all control point modules, etc).

  • vishnu

    please tell me any good smart card simulator software, which works for scosta card?

    waiting for your reply

  • Basti

    Hi blobbybob,
    thanks for your reply. I solved this problem some weeks ago doing a reinstall of win7 and install the drivers exactly in this order: http://support.euro.dell.com/support/topics/topic.aspx/emea/shared/support/dsn/de/document?c=de&l=de&s=gen&docid=1A0C0937D62A8739E0401E0A55174744&~lt=print

    It is importan to install the “system manager” at first!! otherwise all the contactless smartcard features and preboot logon will not work.

  • David

    It seems to me that the contactless SMART card reader doesn’t provide any additional security if the laptop is stolen. A thief would simply reset the BIOS password; they wouldn’t need to hack the reader.

    According to the DELL support website, you only need to enter the BIOS password if a card is unavailable, and since resetting a BIOS password is relatively simple…

    The contactless SMART card reader might provide additional security against friends, co-workers, and passer-bys, but anyone with permanent physical access to your machine (e.g. a thief) would have little trouble circumventing it.

    Am I mistaken?

  • Computers

    Hey, I found your blog on google and read a few of your other posts. I like what you have to say. I just added you to my Google News Reader. Keep up the good work. Look forward to reading more from you in the future.

  • Neal

    Hi,

    I was trying out different contactless smart cards I have around the house.

    I found that my CharlieCard, the mass transit pass for the MBTA here in Boston work perfectly.

    So, if anyone out in the Boston area needs a contactless card, just grab a CharlieCard.

  • ranjith

    hi,

    i would like to know what is HID iCLASS DL Cards? Is this iCLASS Cards with Wiegand?

    ANy possibility to understand the part no of the same.

    ranjith

  • Dave Evans

    Thanks very much for this article! I almost ordered this smart card reader on the new dell laptop that I’m buying. I’m in the reserves and use my DOD Common Access Card daily; I thought this might be a dell installed reader that I could use it with. I didn’t understand much of your article, but I understood enough to get the drift that this is something different and not what I need. I couldn’t find anything on the dell website that explained it at all. I appreciate your sharing of your knowledge!

  • Andu

    Thank you very much.
    I actually got the pre boot authentication working using my transport card. I’ll try and get windows login working as well, but it just says it can’t find the driver for the card. Do you think that getting a blank card from that site would get this working?

  • John

    I know this article is a few years old, but do you know if this smartcard reader will work with cell phones which have NFC? Such as the new blackerry bold, etc.

  • Hichem Souki

    used the CVFIPS201_Enable.exe(R211840) on windows vista, then i can’t find Contactless SmartCard in the DCP.

    please tell me how can i undo it? thanks

  • Hemelaer Stéphane

    Hi all,
    We have a strange behaviour with some of our Dell Latitude laptops.
    We use eSafe SmartCards with an embedded mifare chip.
    However, when we insert the smartcard in the card reader of the Latitude, the mifare chip stops working. I don’t know whether Mifare chip is destroyed, data are erased, or if it is just locked, but in any case it cannot be read by any of our Mifare reader systems anymore (like vending machines).
    This doesn’t happen on all laptops. Could it be possible that the wireless reader is sometimes wrongly configured and damage the card ?
    (note that we normally don’t use the wireless reader of the laptop, only the contact card reader is used).
    Any help welcome.
    Thanks

  • Torsten Nordentoft

    Hi. I have purchased a dell E 6220 with smart card reader embedded. I develop smart cards and thought it would be nice to have the reader embedded. I can find no documentation or driver for the reader and it is not active. Any suggestions ?
    Best regards,
    Torsten

  • Gary Giesen

    I know this is an older post, but what memory configuration did you order your iClass cards in? Or does it matter? I just bought an M4700 (the successor model to yours) and am looking at the HID Crescendo 700 series cards (407A specifically – Contact Smart Card/iClass Contactless Smart Card/HID Prox) and have the option of 16k/2+16k/1 or 16k/1k+16k/1. I’m not sure which option to go with, or if can be changed afterwards?

  • Ed

    Hello thank you for such a great article. I have a question: One of our customers has a Lattitude Laptop with this card reader in it and he asked us if we could find a way for it to be able to read our Plate Identification Cards (ISO15693) We understand that these are hardware compatible from the chart you provide… but what is the best way to decode what the reader will see? Does Dell provide software with the laptop that could help us read this type of card at all ?? All we are interested in extracting from the card is the amount of cycles the card has left in it (these cards are read by a roofing tool)
    Thanks

  • Chiase

    Hi Ridrix,

    The article is so helpful. I’m working DESFire EV1. I want to configure AES security for file. I don’t have full datasheet of DESFire EV1. So, how am I set up AES communication mode? Tks so much!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 36 other followers

%d bloggers like this: