WebUSB APDU Console

Vendor interface Bulk OUT/IN. WebUSB uses an explicit lock: connect locks owner=web, disconnect unlocks it, and a 15s inactivity timeout still auto-releases as a fallback. Status APDU: FF 00 00 00. Response data is TLV: 01 01 state, 02 01 owner, 03 L atr.

Protocol definition

Transport

USB interface: Vendor class 0xFF with two bulk endpoints.
Each WebUSB message is one C-APDU on Bulk OUT; device replies with one RAPDU on Bulk IN.
Max C-APDU length: 261 bytes (short APDU only; no extended Lc/Le).
Bulk framing: if C-APDU length is a multiple of 64 bytes, host should send a ZLP; otherwise device accepts an idle gap as end-of-message.

Arbitration (CCID vs WebUSB)

Owner: none / ccid / web.
CCID claims ownership only when sending APDU messages (PC-to-RDR XfrBlock / T0APDU).
WebUSB must explicitly lock before sending a normal APDU; the console does this automatically on connect.
Auto-release after 15 seconds of inactivity remains enabled for the current owner as a recovery fallback.

Control APDUs

Request: FF 00 00 00 for status.
Request: FF 01 00 00 for lock.
Request: FF 02 00 00 for unlock.
Compatibility alias: FF FF 00 00 also unlocks.
Response: TLV data + SW1SW2 9000 for success.

TLV tags

01 01 state: 00=no card, 01=present, 02=powered
02 01 owner: 00=none, 01=ccid, 02=web
03 L atr: ATR bytes (L=0..33)

Errors

If lock is owned by CCID, or WebUSB sends a normal APDU without holding the lock, the device returns 6985 (conditions not satisfied / busy).
Invalid length / unsupported APDU returns 6700 or 6D00.

Status: -

APDU (hex, max 261 bytes)

Log