Ask for the PIN of the card using the PIN Windows Dialog

Custom_Pin_Dialog

Reverse engineering

When asking for the PIN, the BaseCSP component calls CredUIPromptForWindowsCredentials with KERB_CERTIFICATE_LOGON and CREDUIWIN_IN_CRED_ONLY

 DWORD WINAPI CredUIPromptForWindowsCredentials(
        __in_opt     PCREDUI_INFO pUiInfo,
        __in         DWORD dwAuthError,
        __inout      ULONG *pulAuthPackage,
        __in_opt     LPCVOID pvInAuthBuffer,
        __in         ULONG ulInAuthBufferSize,
        __out        LPVOID *ppvOutAuthBuffer,
        __out        ULONG *pulOutAuthBufferSize,
        __inout_opt  BOOL *pfSave,
        __in         DWORD dwFlags
        );
    

Arguments : (by order)

KERB_CERTIFICATE_LOGON

KERB_CERTIFICATE_LOGON

KERB_SMARTCARD_CSP_INFO

KERB_SMARTCARD_CSP_INFO

The flag changes everytime a smart card is inserted. In this example, its value is 0x50001.

Here is the formula to compute this field : (1 | dwActivityCount <<16) where dwActivityCount = (dwState >>16) and dwState is from SCardStatus The first time the card is inserted, its value is 0x10001. The second time, its value is 0x30001, then 0x50001, …

Behaviour

If it is not set, when the PIN is validated, an error about the removal of the smart card is shown.

The PIN is checked directly within the PIN Dialog. Only a valid PIN can be returned.

Then it can be retrieved as an ANSI buffer into the Pin field (which is an UNICODE_STRING).

Memory dump

Memory_dump

call stack :

Callstack