Pick a Card, Any Card: Fast and easy Windows logon using any NFC smart card

UPDATE (September 27, 2018): Fixed a broken link to the article on bypassing MSI installer checks.

After finally reinstalling Windows on my main PC (the smart card components in the old install were trashed), I dusted off the old smart card reader and started looking into smart card-based logon options again.

Windows logon screen using a smart card

Windows logon screen using a smart card

After finding a way to force convince the installer for EIDAuthenticate, a program that lets you use smart cards to log on a Windows computer without the use of domains and Active Directory, to run on Windows 7 Professional (Microsoft DreamSpark only lets me obtain the Professional editions of Windows), I found a program called NFC Connector Light that lets you use any NFC-compatible smart card as a means of authentication.

Virtual smart card with certificate installed

Virtual smart card with certificate installed

NFC Connector Light links the unique identifier in an NFC-based smart card to create a virtual smart card on the local computer (no data is stored in the card itself), and that virtual card can be used like a real smart card within Windows. When paired with EIDAuthenticate, logging on is as simple as placing the smart card on the NFC reader and entering a PIN. This is especially useful when you set the Windows smart card policy to lock the computer when the card is removed (and it feels kind of cool to be able to lock your computer simply by taking your card off the reader).

Update: How to install Windows x64 drivers for the Schlumberger Reflex USB smart card reader

Update (December 11, 2017): For those on Windows 10, click HERE for the SCR300 driver package – digitally signed to ensure compatibility. Extract the files, right-click the appropriate x86/x64 .INF file and select “Install”. Proceed with the installation as shown below.

A viewer requested help on installing the drivers for the Schlumberger Reflex USB smart card reader, so I’ve created a step-by-step instruction guide on doing so.

1. Plug in the smart card reader into an available USB port. Windows should attempt to install a driver but won’t succeed.


2. Open Device Manager, and select the “SLB ReflexUSB SmartCard Reader” in the list.


3. Follow the wizard and opt to install the drivers manually.


4. Enjoy your now-functional smart card reader.


Making use of a Schlumberger Reflex USB Smart Card Reader in Windows 7 x64

2013-05-08 01.31.41 2013-05-08 01.34.57For a tutorial on how to install the drivers, click here.

A while back a friend of mine gave me an old smart card reader that was of no use to him; he had no need to use smart cards at home and the reader he gave me, a Schlumberger Reflex USB reader, had no support in 64-bit Windows 7, or so it seemed.

I cracked open the reader (didn’t take any effort, there are no screws nor snap-clips holding the case together) and found the internal part number: an SCM Microsystems SCR301 reader. Forcing Windows to use the SCM Microsystems SCR300 driver was successful in getting the reader to show up in Windows, meaning that I had a free, usable smart card reader to tinker around with. Awesome.

scr300 reflex usbUpdate on June 20, 2013: Added a screenshot of the reader in Device Manager.

Making Use of a Motorola Smart Card (Part 3)

(Disclaimer: As stated in previous posts, this blog is not intended to further piracy of paid TV and such. This is merely a personal blog outlining my recreational research.)

I seem to have finally stumbled across some potential information on the background of this smart card. A very old (dating back to 1997!) article from CNET showed that Motorola sent out a press release about their “new” M-Smart Combination Card, which combined a contact card with an RFID interface. However, the information track stops there. There is no picture of what their cards looked like, nor did they have a link to any sort of info from Motorola themselves (although I believe their smart card division was bought out a while ago.)

Might be a good time to email Motorola and see if they didn’t burn their old smart card documentation 🙂
EDIT: I asked my professor if he’d be alright with me taking a look at the chip under the microscope. He’s fine with it; hopefully I’ll have some pictures of the silicon die this week.

Making Use of a Motorola Smart Card – Part 2

(Disclaimer: Smart card piracy is a very bad thing. This set of blog posts is NOT intended to further illegal hacking of paid services, but is merely a personal record of my research, which is not being done for any financial reasons but is only done for personal leisure. Besides, these cards won’t help you break scrambled TV signals, so don’t bother trying it :))

In between pulling all-nighters goofing off doing college homework and trying to stay marginally sane and/or healthy, I’ve been doing some more research into the cards. This time, I was a bit more invasive with my approach. However, I’ve found out a bit more about the card’s brains this way.

I’ve torn open one of the cards and taken a peek inside. The chip itself is a bit different in that the epoxy backing is molded much like a regular chip as opposed to the drop of epoxy used in many newer cards. The chip itself is pretty big, at 6mm x 4mm and with 0.1 mm thickness; the center gold pad is the entire area of the card.

There are many methods of getting the plastic off of a chip, and the more professional labs use fuming nitric acid (very nasty stuff) but one easy way to do so at home is using a blowtorch to burn the epoxy and simply chip it off with a toothpick. If it’s burnt thoroughly enough, the epoxy will just fall off the chip, revealing the pretty silicon underneath. I used a small butane torch to heat up the chip, which was done outside and on a piece of ceramic tile (safety first! :)) After a bit of picking at the chip, I was able to see the inner workings of the smart card’s chip.

I see 4 large blocks on the die but can’t tell much more without a microscope, and a 10x jewelry loupe only goes so far. My best guess is that the 4 blocks encompass the CPU, RAM, program ROM and maybe some EEPROM storage. There’s 14 pads on the chip; 5 pins are used for the contacts, maybe 2-3 for the radio interface, and the others might be for factory testing or programming  but it’s speculation at best.

Now hopefully my college prof won’t mind me using the classroom microscope later this week 🙂

Making Use of a Motorola Smart Card (part 1 of ???)

(Disclaimer: Trying to pirate satellite TV using hacked smart cards is dumb and wrong; I am writing this article merely to explore the card and the field of smart cards in general, and to provide some sort of documentation on this otherwise unknown card.)

Back in the summer I bought four generic, blank (I assume) Motorola brand smart cards from Active Surplus during my vacation to Toronto. Over the past few weeks I’ve been doing some research and hands-on testing of what this card is (in)capable of doing.

The card itself is an ISO 7816-compliant smart card that uses the asynchronous (UART) T=0 byte-wise protocol and communicates using industry standard APDU (application protocol data unit) commands.

The card is a dual-interface card; it has the standard six-contact chip and also has an antenna for RFID. There is an antenna coil 3 windings wide around the perimeter of the card and connects to the chip itself. So far I have not had any progress in getting it to contact an RFID reader, but hooking up an LED from the chip’s Vcc to ground causes it to flash when brought up to a BlackBerry Bold’s NFC antenna.

The chip has an answer-to-reset of 3B 76 13 00 00 80 62 07 41 81 80. When parsing this via the PysCard smart card library (http://smartcard-atr.appspot.com/parse?ATR=3B76130000806207418180) the site identifies it as a “Generic mass produced Motorola smart card” which doesn’t get me any further than what I already know; the Motorola logo is in the center of the darn chip!

Current attempts to make use of the card have been unsuccessful. It responds with 0x6D00 (unknown command) on pretty much every industry-standard command I try. The only command that doesn’t give this is 0xC0 00 00 00, which is the “GET RESPONSE” command which returns 0x6F00 (generic error, no details available).

Attempts to get the card running with PC/SC have not gone far. The system will acknowledge its existence and with a bit of work in the Registry, I can get it to register as a “Generic Motorola SmartCard”. That said, this still doesn’t get anywhere. Attempts to use it to store credential certificates causes Windows to say that ‘the card is not the one required for the current operation.’

I think that the card may simply be unprogrammed and is merely running a bootloader to install firmware on, but since many smart cards have mask ROM, there is a chance that the card is of pretty much no use. But hey, for 50 cents for a smart card it’s no big loss.
If you know anything else about this smart card, gimme a shout in the comments section. I’ll be posting more updates as I find out more about this peculiar piece of plastic.