How could one get started with smartcards programming? I am asking here about all the toolkit he needs in order to get started: books, tutorials, hardware etc.
I am planning in playing around with a couple of smartcards programmers and I am pretty new to this field.
Edit: I am mostly interested in programmers that play nice with Unix-like operating systems. Also, I am not sure how this works ... but I would like to program them in C/C++
Whenever I've needed to access smart cards for use in security applications it has been via either:
Microsoft CryptoAPI
a PKCS#11 library for the card.
To access a card using the Microsoft CryptoAPI a card specific Cryptographic Service Providers (CSP) is needed. The CSP sits under the CryptoAPI layer.
If you are developing on Unix/Linux using 'C/C++', however, then you will probably want to take a look at the PKCS#11 standard from RSA. The standard specifies a 'C' API called Cryptoki (Cryptographic Token Interface) which gives a common abstraction above all types of crypto devices. Nearly all smart card vendors provide a PKCS#11 library for their cards that you can program against using the Cryptoki API.
If you want to access the smart card/reader at a lower level you can use APIs such as PC/SC or CT-API.
PC/SC defacto standard for smart card access implemented on Windows, Linux and Mac OS X
CT-API provides only very minimal functionality; not very suitable for modern apps.
If you are interested in writing Java applets that run on smart cards then you probably want to look http://java.sun.com/javacard/
Resources that may be of use
OpenSC is a set of libraries and tools for smart cards. It is designed to work with PKCS#11 supporting cards. OpenCT provides drivers for card readers, and tokens that are comprised of both a card and a reader (ie. usb tokens, and other ’complete’ devices).
http://www.linuxnet.com/ MUSCLE - The movement for use of smart cards in a linux environment
PKCS#15 - Cryptographic Token Information Format Standard
Smart Card Handbook
A presentation on PKCS#11given at the RSA conf in 2009.
PyKCS11 A Python wrapper around PKCS#11. These type of wrappers can provide a simpler higher level interface than working directly at Cryptoki level.
Smart Card Alliance
Java is beginning to get a huge grip in the SmartCard market, pushed by very big players (like IBM).
There are entire countries where people are carrying a Java Card in their pocket. For example there are more than 10 millions Belgium citizens whose (mandatory-to-have-with-them) national ID card is a Java Card running the BELPIC "applet".
If I'm not mistaken the entire Brazilian health care system is also based on Java Card(s).
Regarding SmartCard and Linux, here's the Linux SmartCard howto (note that that howto is full of the "Java" keyword everywhere):
http://www.faqs.org/docs/Linux-HOWTO/Smart-Card-HOWTO.html
Then there's a .pdf called "Exploring SmartCards" from June 2008 which takes a look at the big mess that the "SmartCard" world is and that basically starts by explaining that "SmartCard" is about as descriptive as saying "computer": that is, not very descriptive ; )
If you google about you can find smartcard development kits that offer a programmer, a few sample cards, and manuals, reasonably inexpensively.
It also helps to have an understanding of cryptography (especially public-key crypto), and some practice at packing data into really really tiny structures.
Smartcards range from the incredibly dumb (a secure 1kb memory store) to the fairly sophisticated (I've see ones advertised that run a cut down .NET framework).
Probably the most commonly used smartcards are the units produced by Mifare which are generally made as travel tickets but also used as loyalty cards or even access permits.
It is very late to give answer but I would like to give one add-on to the answer of #bignum.
Well, you can start playing around with Java smart card development and I would like to recommed one good book for understanding the know how for beginners and developers. "Java Card Technology for Smart Cards".
If your pocket budget allows then you can buy a "Mobile Security Card" for researching and development of the smartcards applets using the knowledge gained from the book mentioned above.
And you can also refer or use a smart card API project SEEK FOR ANDROID hosted on googlecode for first hand experience.
Related
I've received a dk 3200 kit recently. I know it's old but I would like to start using it to have more of a challenge than just arduino. It came with the board, an st flashlink FL-101B and some cables. I do not have the install disc, but I found the software for psd soft express online. It doesn't work with current windows 7 64bit. If I could use my arduino to program it, that would be great! Or maybe just do it through USB or the parallel ports? I've read that st provides a stm32 library used to help make code. If that works for my mcu, I'll use that.
Thanks
ST is a company that loves to re-organize their website and break links, but a data sheet for a part of what seems to be the same family as on your board is available from a toolchain vendor at:
http://www.keil.com/dd/docs/datashts/st/upsd321x_ds.pdf
On page 118 this seems to indicate that programs can be loaded using JTAG In System Configuration commands, which may be somewhat standardized though quick searching isn't producing a lot of leads. A reference is also made to ST's AN1153 which would be worth trying to locate a copy of, however it's not entirely clear if that will say anything about the programming, or if it only covers the additional two optional signals which have been added for hardware acceleration of the interface.
In theory, if you can find sufficient information about this device (looking at related devices may provide clues) then you should be able to craft a programming from an Arduino or anything else that can be adapted to twiddle bits at the appropriate voltage/threshold levels.
In practice, you may be better off trying to find an old Windows XP box, or even trying to run that software on a virtual/emulated environment and trap the I/O access either to proxy or to figure out what it is doing and reverse engineer your own programmer.
But unless you have a large installed base of boards using these chips, or particular need some unusual feature of them (I thought I saw something about a built-in CPLD?) it's really not going to be worth the effort.
2 questions:
Can someone tell me if unmanaged c++ code will
be supported in future versions of Phone 7 OS for all developers?
What are MS reasons for not
supporting unmanaged c++ code?
This answer is purely speculative, but I feel that most others who have answered this question miss the point by a long shot. Let's for a moment assume that this is not a vindictive decision by Microsoft, but instead actually a very well thought out engineering decision that has absolutely nothing to do with content restrictions or otherwise. Those issues are just a bonus for MS
Microsoft is entering into the mobile market, this time for real it seems. Pretty soon there will be tens of millions of Nokia phone being shipped using Windows Phone and whatever they get on top of that will just be gravy. Windows Phone though still hasn't really found its home.
In the next year or two, phones, tablets and laptops will finally start converging into a single device. People will carry their phone in their pockets, but that phone will also be the CPU unit of their PC. That means that by simply sitting near a wireless HDMI monitor and connecting a keyboard and mouse via wireless USB (or bluetooth if we're all unlucky), the user will have their entire PC with them at all times. Tablets will become just a battery powered touch screen which interfaces to the PC in your pocket.
So, all software written for Windows Phone should be able to run unmodified on a PC, a tablet and/or a phone. This is because there's a huge chance that the PC you're running will be either x86 or ARM based running Windows 8. When the PC is in your pocket, the user interface you'll see will be the Windows Phone GUI. When you're hooked up to a monitor, you'll see the ribbon interface. But the underlying OS will most likely be Windows 8, not the Windows CE that is currently used.
Based on all this, the only way Microsoft can insure that developers who invest in producing apps for the Windows Mobile market will not be screwed and that users of Windows Mobile devices won't be shorted when the newer platform comes around is to ensure there is a standard system for running apps on all these processors.
Even now, writing for Honeycomb is a nightmare since if you develop native code, you have to support both ARM and x86 and there's no real support mechanism for it. The only solution is to develop, package and ship two versions. Writing apps for iDevices are a little easier since there's no overlap. x86 on desktop, ARM on device. If you have to use native code on device, ARM is all you need. Even then, there is fat binary support on both device and desktop, so this won't be a problem except when optimizing.
In the end, the decision by Microsoft to stick strictly to .NET is probably a good one. Once they have a gazillion Nokia phones on the market and things have settled a bit, native code could be a real possibility.
These answers are for the application development perspective. OEMs can write native code today, as that's how they create drivers, but that's not open or available to most developers and therefore of no use to most.
For #1 Microsoft has made no announcements, so only Microsoft knows the answer and they're not saying.
For #2 it's all about code security and overall platfrom stability It's very tough to sandbox native code and they don't want your app being able to affect other apps or the platform itself. The general idea is that you should be using Silverlight or XNA for application development, so that's what they expose.
Windows phones will go nowhere with native support. Games and other more intensive apps are driving sales. Android was forced to blow the lid off of its NDK to support the games industry. As far as supporting multiple processors, etc., those of us doing this kind of work have been doing it for a long time, so its no problem. Already handling Intel and ARM without a problems with our systems.
EDIT, finally: for WP7 unmanaged code won't ever be supported, but in Windows Phone 8 - yes it will! They've just announced it. Native apps, C/C++, iOS/Android portability and code sharing, DirectX. You'll need Visual Studio 2012 and Windows 8 for WP8 development, though. Looks like VS2010 is not getting the requisite WinRT SDK.
The nongame UI, however, will still be XAML-based. Win32 API will not be supported. They're pushing a model with managed UI layer and a native middleware beneath it.
SDK will be available later this summer.
For the sake of posterity, here's the pre-06/20/2012 answer:
Microsoft probably can.
To ensure platform closeness, as a means for attaining stability and UI consistency. To enforce app isolation. Also, to make jailbreaking/rooting harder.
EDIT: if you want a native SDK on WP7, like I do, please go sign this petition and/or that petition. Thank you!
EDIT: see this.
EDIT: also this. Still not official, but this rumor moves the timeframe for native app support even closer - to the upcoming Tango release.
I believe MS will support native development like C/C++. Really. Seriously.
Because, for end users, one of the killer app is game. And Most of game codes are based on C/C++. JS or C# based codes are exist, but meaningless from industrial perspective. Consider big players in game field like Unreal or EA. They made huge investment on C/C++ codebase. They won't give it up. In other words, MS has no power to force them to spend money for .NET. Even Xbox360 development offers C/C++ development. Because of that.
And leading platforms like iOS/Android all supports native development. WP can't bear up the situation without any game from big players. MS really wants 3rd path games, and offering native code is the only way to get them.
Of course, this can be applied to other apps which are not game, but games are biggest one. When C#/XNA just came out, there's no library. People had to make everything themselves. Now there're a little more, but still meaningless for professional games.
If MS won't offer native environment, just don't go there. MS wants to make developers to use managed .NET code, but .NET has too many limitations can be solved with only unmanaged code.
The only question is just when will MS support native development.
I've been trying to wrap my head around embedded. Since I will be self-taught in this specific niche, I realize it will be harder to get a job in the field, so I'm hoping to add a completed project to my resume to prove to potential employers that I've done it and can do it again for them.
Can someone suggest a project that I can undertake as a single person and actually be able to finish, but at the same time not too simple that it doesn't prove anything? Something reasonable that I can aim for.
If you can substantiate your example with a project you worked on yourself, and mention how many people were involved, and how long it took to finish it, that would also help me gauge the difficulty of projects I see in general and rule out the ones that are probably too big for my capacity. It's very difficult to gauge the amount of work a project needs from my position.
You should take a look at the arduino. To quote their site:
Arduino is an open-source electronics prototyping platform based on flexible, easy-to-use hardware and software. It's intended for artists, designers, hobbyists, and anyone interested in creating interactive objects or environments.
There is a really handy playground listing a bunch of personal projects on the arduino, any one of which might fulfil your need to do some embedded development. You can also trawl around the internet (e.g. instructables) to find many other interesting arduino applications -- I particularly like the one building a fancy control system for an espresso machine, and, of course, there is the mandatory fart detecting chair that tweets its findings.
Being an arduino experimenter myself, I can attest to the simplicity and power of this device -- and the great fun you will have playing with it. If you want to get started quickly, I can recommend buying the starter kit from the very helpful people at oomlout.
Are you looking specifically at embedded software development, or are you interested in circuit board design as well?
If it's just software, then I would suggest getting hold of an ARM development board (Possibly the Philips LPC range - sparkfun have some nice ones) that you can program via a bootloader over usb and start hacking. Get one with a display and an ethernet port and you can build up to making some sort of network attached sensor (temperature, water level, object counter, etc). Start out little (turn on a LED from a button) and work your way up.
If you're also into the electronics side of things, I'd suggest something like an MP3 (or WAV) player and maybe stick to the AVR or PIC 8bit microcontrollers (AVR is used on the Arduino) as these are a little easier to deal with than ARM. Here you could start with a usb powered device that streams wav files from a PC serial port out to a pair of headphones, and build up to a battery powered board, feeding data to an MP3 decoder IC from an SD card.
Some things you may want to learn & demonstrate:
Understands the bounds of working with limited resources, including memory management (dynamic and/or static); resource management (locks, semaphores, mutex); multiple tasks (interrupts); and appropriate data structures
Ability to interface with other devices/ICs over various interconnects (analog & digital IO, serial bus (RS232, I2C, SPI))
Ability to sanely structure a program and segment the various modules without producing 'spaghetti' code
Ability to use source and integrate 3rd party libraries where appropriate (think FAT filesystem, or TCP/IP stack)
Misc Tips:
read and understand the datasheets (yes all of them)
code and test on the desktop where possible, but understand that there are differences and bugs will still creep through (this is where it helps to be using a tool-chain that is common with the desktop - GCC is good, but the tools are generally CLI)
use assert a lot - you can flash the line number of a failed assert using a single LED - this is invaluable
Most of all have fun - it still makes me smile when you first get a new component working (display, motor, sensor). Embedded makes the world go round :)
I'm interested in the following features:
Writing an app for Android Market that is written completely in C++ (a port of existing product actually).
Use fast screen-buffer pixel pushing (or rather using OpenGL ES for this).
Grab user input and direct it to C++ code.
Is it legal to write such an app for Market? Is Market policy somehow strict to such things?
As of NDK r5 with Android 2.3 (Gingerbread) this is possible, although I assume only devices to support natives apps must have Gingerbread on them.
From the native-activity sample:
The Android SDK provides a helper class, NativeActivity, that allows you to write a completely
native activity. With a native activity, it is possible to write a completely native application.
NativeActivity handles the communication between the Android framework and your
native code, so you do not have to subclass it or call its methods. All you need to do is declare
your application to be native in your AndroidManifest.xml file and begin creating your native
application.
It is really not my cup of tea but there is something called Android NDK (Native Development Kit) to use if you want to write your program in C. Not sure how the C++ compiler support is though.
As far as I know your app can be almost 100% native code but keep in mind that by walking that way you will probably have a hard time supporting the different CPUs out there in Android hardware. If you need to bootstrap the native code so that it is started from java it is probably not a very big problem for you.
I found a few different tutorials when googling for "Android NDK". This one is a very minimalistic Hello World. Obviously you want something much more than a library that returns a string to java but it is a good first start and you will probably have to do all of the things described. Do a search using NDK and Android as keywords and you get a good selection. I see no reason to list them here as such lists tends to be outdated and broken within a year or so.
I guess the official Android Developer site from Google will stay put and be updated on new releases of the platform, it has a link to the current NDK.
With Gingerbread (Android 2.3) it looks like you can build your entire app in C++.
cf:
http://phandroid.com/2011/01/11/android-developers-blog-awesome-ndk-leads-to-awesome-apps/
"
With the latest version of the NDK, r5, many big improvements have been made to coincide with the release of Gingerbread. The most major is the ability to code a native application for Android 2.3 entirely in C++. This means even programmers and developers with no Java knowledge won’t have to implement a single line of that code..."
Can't vouch for the veracity of this blogger, however, from what I have read, it appears you can do this
There is no 100% native solution but what I think you are looking for is the Android NDK (Native Development Kit)
From their site "Please note that the NDK does not enable you to develop native-only applications. Android's primary runtime remains the Dalvik virtual machine."
I believe it lets you make calls to your own native code from an Android application
I have personally never used it for my games, but I am sure it would help on a lot of things (like being able to manage my own memory and not have "lag" do to the garbage collector)
conversations in this thread can help you.
http://groups.google.com/group/android-ndk/browse_thread/thread/50362904ae0574cf
essence is,
It is possible to make Native only apps and Android Market doesn't restrict you either.
But with limited support for native development, there is high chance of using some of the non standard functionality which might break in future releases.
http://developer.android.com/guide/basics/what-is-android.html
"The Android SDK provides the tools and APIs necessary to begin developing applications on the Android platform using the Java programming language."
http://arstechnica.com/open-source/news/2009/06/android-goes-beyond-java-gains-native-cc-dev-kit.ars
In general, you don't. There is some limited C++ support through JNI, but it is mostly intended to supplement Java code, not replace it. There's no framework/API support (AFAIK) for C++, so doing this isn't really an option.
I'm thinking of developing a game-like piece of software. It will probably require a bit of OpenGL, MIDI input, and math. I'd like to eventually sell the software, so it needs to be installable on PCs with different OSes. And I don't want to have to spend a lot of time on memory management and other low-level details.
My question is this: what language/framework would you use for such software?
You have got a lot of options my friend, here are just a few which allow you to use a high level language to develop.
Torque 3D http://www.garagegames.com/
I've used this a bit and can tell you its a pretty good solution. You can build you game logic in their TorqueScript. Using it also gets you the option to release on pretty much every major platform including consoles and the browser. The only snag is it does cost money, but is very affordable for indies.
Panda3d http://www.panda3d.org/
This a completely free open source engine. I provides a lot of functionality and also allows you to program your game logic in python. The platforms it supports is Linux/Mac/PC.
Mono http://mono-project.com/Main_Page
I have not played around with this too much, and am not sure how good their 3d is (it isn't known for it anyway). It does allow you to program in a number of high level languages (C# and python to name a few). It also allows you to deploy to a number of platforms including embeded devices and the iphone (MonoTouch).
I would check these out and see if any are a fit for your situation. If none are then there are a large number of other options out there.
I think the closest thing to what you're after is Java. It has decent support for OpenGL(JOGL) and a good standard library that works on most systems.
Despite what some people will tell you, Java isn't as fast as C, and this can rear it's head doubly so in a game. It is cross platform though, and you don't have to bother with all that tiresome memory-management.
I would use C# for scripting & the Unity 3D Engine. http://unity3d.com/
Unity has a reasonable licensing fee but it's also free to download and get started. Check the details for when a licensing fee is payable.
Anyways, Unity3D takes care of:
3D rendering
Memory management
Input
Audio & Video
Networking
Asset pipelines
Scripting through the Mono CLR (ie, you can use C#)
And has a great level/world editor
If you are willing to trade raw speed for ease of use then this is for you. We started a project intending to use Unity. Our project needed greater customization than we could get from the engine. We wanted source code and to run at 60fps so we upgraded. But I would still recommend it as a solid multi-platform multi-OS solution.