- Cracking the Smartcards More Login. Cracking the Smartcards. Archived Discussion Load All Comments. The whole point is that a smart card is NOT a tamper resistant device. They might be worth. This makes it so nobody even wants to crack a card because there is a limited amount of harm that you can do with one cracked card.
- Smart Card Marketing Systems, Inc. Is a Fintech advisory company engages in payment services specializes in cloud-based EMV Host acquiring and issuing solutions to banks, telecoms, and enterprise.
• 2004 ABS Smart Card • ABS 2004 Users Manual • OTC-216094 Adapter Leads This kit provides you with the ability to reprogram all reprogrammable modules on 1993 to Current General Motors vehicles.Kit Includes:12-month subscription to the authentic General Motors AC Delco application and data CDs. The GM application. Pay-TV smartcard hacking – how easy is it. The smartcard is a plastic card with a chip - much like a modern credit card. You can see electrical contacts on the chip. A reasonably complex. Feb 15, 2007 Discuss OTC Genisys Smart Cards - 1 Tool Only? In the rec.autos.makers.chrysler forum at Car Dealer Forums; Wondering if anyone has actually tried using a smart card in more than 1 tool.
Last month, the Dutch government issued a warning about the security of access keys based on the ubiquitous MiFare Classic RFID chip. Thewarning comes on the heels of an ingenious hack, spearheaded by Henryk Plotz, a German researcher, and Karsten Nohl, a doctoral candidate incomputer science at the University of Virginia, that demonstrated a way to crack the encryption on the chip.
Millions upon millions of MiFare Classic chips are used worldwide in contexts such as payment cards for public transportationnetworks throughout Asia, Europe and the U.S. and in building-access passes.
The report asserts that systems employing MiFare will likely be secure for another two years, since hacking the chipseems to be an involved and expensive process. But in a recent report published by Nohl, titled 'Cryptanalysis of Crypto-1,' he presents anattack that recovers secret keys in mere minutes on an average desktop PC.
In December, Nohl and Plotz gave a presentation on MiFare's security vulnerabilities at the 24th Chaos Communications Congress (24C3), the annual four-day conference organized by Germany's notorious hacking collective, the Chaos Computer Club (CCC). Thousands of hackers from far-flung locales converged on Berlin between Christmas and New Year's for a raft of talks and project demonstrations.
In their popular talk at 24C3, punctuated by bursts of raucous applause, Nohl presented an overview of radio frequency identification security vulnerabilities and the process of hacking the MiFare chip's means of encryption, known as the Crypto-1 cipher. 'This is the first public announcement that the Crypto-1 cipher on the MiFare tag is known,' said Nohl in December at the 24C3 talk. 'We will give out further details next year.'
Get out the microscopes
To hack the chip, Nohl and Plotz reverse-engineered the cryptography on the MiFare chip through a painstaking process. They examined theactual MiFare Classic chip in exacting detail using a microscope and the open-source OpenPCD RFID reader and snapped several in-depthphotographs of the chip's architecture. The chip is tiny -- about a 1-millimeter-square shred of silicon -- and is composed sed of severallayers.
The researchers sliced off the minuscule layers of the chip and took photos of each layer. There are thousands of tiny blocks on thechip -- about 10,000 in all -- each encoding something such as an AND gate or an OR gate or a flip-flop.
Analyzing all of the blocks on the chip would have taken forever, but there was a shortcut. 'We couldn't actually look at all 10,000 of these small building blocks, so we wanted to categorize them a bit before we started analyzing,' said Nohl at 24C3. 'We observed that there aren't actually 10,000 different ones. They're all taken from a library of cells. There are only about 70 different types of gates; we ended up writing MATLAB scripts that once we select one instance of a gate finds allthe other ones.'
To find the cryptographically important regions of the chip, Nohl and Plotz scanned for clues in the blocks: long strings of flip-flops thatwould implement the register important to the cipher, XOR gates that are virtually never used in control logic, and blocks on the edge ofthe chip that were sparsely connected to the rest of the chip, but strongly connected to each other.
They then reconstructed the circuit using their data, and from the reconstruction, they read the functionality. It was a painful process, but once it was done, the researchers had decoded the security on the chip, unveiling several vulnerabilities. Among the potential securityrisks they uncovered was a 16-bit random number generator that was easy to manipulate -- so easy, in fact, that they were able to coax thegenerator into producing the same 'random' number in every transaction, effectively crippling the security.
Simpler from here on out
A potential attacker wouldn't have to go through all of the steps that Nohl and Plotz had to undertake to hack the RFID chip. A diagram ofthe Crypto-1 cipher, published in Nohl's recent paper, shows that the heart of the cipher is a 48-bit linear feedback shift register and afilter function. To find bits of the key, an attacker would send challenges to the reader and analyze the first bit of key stream sentback to the reader.
Though there are some tricks to generating these challenges, it is computationally not a terribly expensive, or expansive, procedure.'The number of challenges needed to recover key bits with high probability varies for different bits, but generally does not exceed afew dozen,' writes Nohl in the paper.
At 24C3, Nohl warned against the increasing ubiquity of RFID tags. 'We need some level of authentication, some security that has yet to be added to many of these applications,' he said. He pointed to the increasing use of RFID tags in public transit systems, car keys,passports, and even World Cup tickets -- and the potential worrying privacy implications of large-scale RFID tagging of products by big retailers such as Wal-Mart Stores Inc.
The gist? If you rely on MiFare Classic security for anything, you may want to start moving to a different system.
Over the last couple of days a small furore has erupted over allegations a News Corp subsidiary, NDS, has been hacking the pay-TV smartcards of News Corp’s competitors, and even News Corp’s own companies – allegations that NDS vigorously denies.
I’m not going to speculate on the reasons why a supplier of Conditional Access Systems – the technology that allows paid-TV providers to restrict access to their broadcasts – would want to undermine the security of their own product; but I am going to discuss how such systems work, and how secure they are.
A Conditional Access Module (CAM) is a combination of encryption keys, smartcards and electronics and computer code inside a satellite or cable-TV receiver (or “decoder”).
The pay-TV provider encrypts the digital signal sent to the subscriber with an encryption key. The subscriber plugs a smartcard into his/her decoder, which decrypts the signal so programs and films can be displayed on the screen. Some decoders have the smartcard built-in already, so there is no external slot.
The smartcard is a plastic card with a chip - much like a modern credit card. You can see electrical contacts on the chip. When the card is inserted, the chip is plugged into the decoder, allowing the CAM to get the decryption key. Other information is also stored on the chip – subscriber ID, subscription details, billing details, censorship filters and so on.
We don’t really know what’s there unless we hack into the chip, because it’s all kept secret. Each chip will have it’s own non-volatile memory (requires no battery), computer programs and a small central processing unit (CPU).
The security of the system depends on a few things:
- secrecy of the encryption algorithm
- secrecy of the keys
- secrecy of the hardware.
So let’s start with the algorithm. An algorithm is a recipe for doing something – in this case, for scrambling and descrambling the digital signal.
Some CAM providers write their own algorithm, and depend on it remaining a secret. That’s a bit like hiding your door key inside a brick or under a flower pot – once the secret (that the key is in the brick) is discovered, you have no security. DVD security works this way.
A much better approach is to keep the key with you (a secret key). Everybody knows how your door security works (you put the right key in the lock and turn), but that only works if you have the key. If your lock (algorithm) is faulty, you’ll find out quickly enough and replace the lock. Of course, Pay-TV subscribers would have to remember the key, and have to enter it into their decoder - very inconvenient, but very safe.
Foxtel uses Irdeto 5 CAMs. These use 3DES encryption - a reasonably complex encryption algorithm that’s difficult to crack without employing lots of supercomputers. 3DES is a known algorithm - it has been tested for years and, if implemented correctly, will be safe.
And the security of the decryption key? That’s stored on the chip in the smartcard. Not so good. Just like hiding it inside a (very thin) brick. 3DES is a symmetric-key algorithm, which means you use the same key to encrypt and decrypt. If hackers can open up the card and get to the key, they can extract the key and use it to make cloned cards.
This leads us to the secrecy of the hardware. Four years ago, Wired magazine posted a YouTube video (see below) showing Chris Tarnovsky demonstrating how to extract the chip from a smartcard, and access the electrical signals.
Otc Memory Card
Reprogramming the card to display its stored data (including the decryption key) is the next step. Modern cards are better, but the techniques for getting into them are also better.
It’s not even necessary to open up the card. Many digital TV watchers use techniques such as card sharing or internet key sharing to spread the cost of a Pay-TV subscription among tens or hundreds of people.
And you can buy blank smartcards online from places such as Alibaba.com for a few cents each. There are also dedicated forums online to help would-be criminals access satellite TV and Pay-TV without a subscription.
Just Google terms such asIrdeto 5 hacks, Sat Universe and MOSC (Modified Original Smart Card).
So just as with modding Xboxes (circumventing the built-in security mechanisms of the Xbox and Xbox 360 videogame consoles), rooting Android (gaining “superuser” permissions to your Android device’s software) and jailbreaking iPhones (gaining root access to Apple’s operating system), pay-TV piracy/hacking is happening now.
The information is out there and is easy to access. Of course, anyone attempting to use the information has to be technically capable and adventurous.
Is it being done on an industrial scale? Perhaps in places such as China or South America. A lot of the hardware which enables or supports unlawful access to IT systems (e.g. ATM card skimming – the illegal copying of information from the magnetic strip of a credit or ATM card) appears to be coming from those regions.
The Chinese government is trying to stop hacking and the systems which support it. My opinion is that the skills required (to hack these smartcards) are beyond most wannabe pirates and hackers.
Otc Smart Card Cracker
Besides, it’s much easier just to install the peer-to-peer file-sharing protocol BitTorrent and download any program or film you want.