Otc Smart Card Cracking
Here’s a quick prototype from Travis Goodspeed. We’ve used the MSP430 because of its low power demands. He says this business card currently supports 1.8V to 3.3V, but a future design will have 5V as well. Technologies like exist for running applets on smart cards, but a familiar microcontroller like the MSP430 could certainly make development much faster. Knowing Travis, there’s a reader somewhere about to go through some serious. Posted in, Tagged, Post navigation.
Seaching for 'smart-card hacking' just turns up satelite TV piracy websites and virtually nothing for (sort-of) legitimate investigation to our cards. So what methods are available to hack smart-card chips and see what information about us our banks store on our cards?' W3bbo asks: 'With the ever-increasing information being stored on so-called 'Smart-Cards', including credit cards with the chips, how do we know what data is read by stores when you hand over your plastic? Seaching for 'smart-card hacking' just turns up satelite TV piracy websites and virtually noth.
These are legal, but they can have serious implications if you use them to pirate satellite tv. I know it’s just an ISO-7816 interface and not an unlooper, but if you write any pirat3 war3z for an interface like this, prepare to be served with a lawsuit if you don’t post anonymously. The satellite companies have been suing for decades and if you naively post any DIY involving sat, even if it doesn’t actually amount to pirating, you will get hit severely.
Most people who do this already know, but I’m saying this just in case a normal hardware modder puts 1 and 1 together and experiments. Definitely like the idea of this project. Lots of smart card readers to be data fuzzed. Given the way its designed, couldn’t this also potentially capture smart card passwords as well. The general idea, is that you “program” this smart card with the complete memory contents of the smart card you wish to capture the password for, since you only need the password for writing any memory cells on the original smart card, but not for reading said memory cells. Once the emulator has a complete copy of the memory cells, but not the password, since you don’t know it yet, the emulator is then programmed to take the very first password guess supplied to it as correct, and store the password it receives to its internal memory, to be read out later. From that point, you could then apply the password to your actual smart card and do what you wish with it, within certain limits.
Otc Smart Card Balance
I guess the point I’m trying to make is that the sat co’s zealously defend their I.P. You could probably get a slap on the wrist for using this thing to reprogram the laundromat and wash you dirty gym socks for free, but even if you publish a minute technical detail of the sat systems, say on your own DIY hack blog, next to the blog about a tic-tac-toe AVR circuit, they more than likely would sue you under DMCA (if you were an easy target hosted in the US and had an otherwise legit “Joes hardware blog” site with your name and everything).
Even if you aren’t found liable, I”m sure being sued is a nightmare that no one wants to experience. @wwhat – so I’m supposed to just keep my mouth shut and let someone make a mistake (if they didn’t understand the legality first) and get burned? It’s intimidation if I try to help someone avoid getting sued? If you want to challenge the law (the penalties are usually civil but the DMCA.is law.) then do the opposite of what I just said. To expedite the process, post your first and last name along with your hack. If you want to hack sat but not get caught, use overseas websites, and if you want to stay legal, don’t hack sat.
As Olmek said on Legends of the hidden temple: the choices are yours and yours alone. There is nothing illegal about making a home-brew smartcard as Travis did. There is nothing illegal about making a smartcard reader or one that can electrically glitch a smartcard inserted into it. What is illegal and still is today is using ANY kind of technology to circumvent payment for reception of signals that are otherwise impossible to get without paying!
Whoever got sued by Dtv/Dish bought unloopers including the software explicitly for “unlooping” Dtv/Dish cards and thus had no argument except to settle. Reply to mike: Yes, sometimes you should let people use their own mind, and exercise their freedom, you aren’t hired to warn people about all dangers in the world anyway. Having said that I hope you understand I’m not attacking you per se, I was just pointing out some thoughts, pointing out that there are more sides to most things. It’s good to know a risk, but it’s the MO of many companies (and in fact religions and political groups) currently to go for intimidation and threats, suing grannies just so the news reports it so people get scared, and helping them ‘spread the word’ is something you (meaning everybody) should just think about a bit, if you want to be part of that ‘system of intimidation’, is my point.
@wwhat, I see your point. I am not trying to dissuade anyone from experimenting by sounding intimidating. What bothers me most about the dmca applied to sat is that even if you dont post a 1.2.3 guide to steal the signal, the dmca protects against publishing any tech. Info on protection technology. So I dont want to see some 19 yr old kid do this hack, and publish on a site a guide like “I send 0x3F and it returned 0x9C”, and have a sat co ruin his future via a lawsuit he cannot defend himself against. What i just described Rather, I want to see him do it, but I want him to be aware that he needs to do so more carefully than if he posts the same info about the smartcard at the laudromat. In short, if getting into some hot water at the laundromat is like a garter snake, I’m trying to say the sat co’s are the black mamba.
That could be interpreted as intimidation, but it is also supported via fact as we have seen all the lawsuits in the news, justified or not. No it’s not my job to warn people, but it’s my choice to be compassionate and pass on knowledge that could help someone. Hope this clarifies. Happy hacking everybody.
This site has gone down hill, but not from the staff, more like from you trolls. Mike was pointing out a VERY real and clear issue. The rest of you just say “be quiet” and “can I get free laundry?” In my not so humble opinion, mike and the others that pitched in along his lines are doing a great thing, they’re not discouraging hacking, they’re just saying “be smart” with it and dont do anything that you’re gonna regret after some legal trouble.
You may have saved someone from going to jail mike.
A student at the University of Virginia has discovered a way to break through the encryption code of RFID chips used in up to 2 billion smart cards used to open doors and board public transportation systems., a graduate student working with two researchers based in Germany, said the problem lies in what he calls weak encryption in the MiFare Classic, an RFID chip manufactured. Now that he's broken the encryption, Nohl said he would only need a laptop, a scanner and a few minutes to get the cryptographic key to an RFID door lock and create a duplicate card to open it at will.
And that, according to Ken van Wyk, principal consultant at, is a big security problem for users of the technology. 'It turns out it's a pretty huge deal,' said van Wyk. 'There are a lot of these things floating around out there. Using it for building locks is the biggy, especially when it's used in sensitive government facilities — and I know for a fact it's being used in sensitive government facilities.'
Van Wyk told Computerworld that one European country has deployed military soldiers to guard some government facilities that use the MiFare Classic chip in their smart door key cards. 'Deploying guards to facilities like that is not done lightly,' he added. 'They recognize that they have a huge exposure. Deploying guards is expensive.
They're not doing it because it's fun. They're safeguarding their systems.' He declined to identify the European country. Manuel Albers, a spokesman for NXP Semiconductors, said the company has confirmed some of Nohl's findings. However, he said there are no plans to take the popular chip off the market.
'The MiFare chip was first introduced in 1994. At the time, the security level was very high,' he said in an interview. 'The 48-bit key lengths for encryption was state of the art.' Albers added that the company has other, more secure chips in its product portfolio these days, but the is a relatively inexpensive, entry-level chip. Anyone needing a highly secure smart card should make sure there's layered security and not just depend on the chip's encryption, he said. 'We have to start this discussion, really, at the level where we differentiate between the security level the chip provides and the additional security features an entire card provides. You're dealing with a layered security system, like strands to a rope,' said Albers, noting that between 1 billion and 2 billion smart cards with this MiFare Classic-type chip have been sold.
'As long as there's demand for this product and system integrators saying this product is good enough for their platforms, we will continue to offer it.' Albers noted that NXP recently released MiFare Plus, which is backward-compatible with the MiFare Classic while offering better security. He said the company did not release the updated chip because of Nohl's findings, but it did use some of his information when designing it.
'The problem is the card and the card reader,' said Nohl. 'They speak the same cryptography language that is flawed. Both need to be replaced. There is a lot of infrastructure to be replaced. The encryption is not standard.
It uses two short keys.' While Albers said 'the majority' of the smart cards with this chip are used as bus or subway cards, both van Wyke and Nohl said the real problem lies in the cards that are used as door locks. 'I don't think people want to steal other people's bus tickets,' said Nohl. 'But think about chemical waste storage buildings or military facilities. The stakes are a lot higher. If you break in, you don't get a $2 bus ticket, but you get whatever is in that warehouse.
These cards are used around the world to secure high-level buildings. All these applications will suffer as soon as somebody with criminal intent finds the details that we have.' Nohl explained that since the MiFare Classic smart cards use a radio chip, he can easily scan them for information. If someone came out of a building, carrying a smart card door key, he could walk past them with a laptop and scanner in a backpack or bag and scan their card.
Otc Smart Card Cracking For Mac
He also could walk past the door and scan for data from the reader. Once he's captured information from a smart card and the card reader on the door, he would have enough information to find the cryptographic key and duplicate a smart card with the necessary encryption information to open the door. How long would it take him to capture the necessary information? About two minutes, he said.
Van Wyk thinks Nohl might be humble in his estimate. 'He says it would take him two minutes to crack it? I'd like to know what he did with the other minute and 55 seconds,' he said. 'It is so easy to crack most of that stuff I don't think it's general to RFID, but there are a lot of RFID implementations that haven't done this very well. You could do RFID well, but it turns out that not many vendors are.'