Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Inside .NET Smart Card Operating System - 44CON 2012

44CON
September 06, 2012

Inside .NET Smart Card Operating System - 44CON 2012

Behrang Fouladi presents Inside .NET Smart Card Operating System at 44CON 2012 in London, September 2012.

44CON

September 06, 2012
Tweet

More Decks by 44CON

Other Decks in Technology

Transcript

  1. Did you know? • How many of you have Orange

    SIM cards? • What applications are running on your SIM card? • Any other apps working silently?
  2. Example: SIM Tracker Applet • Operators goal: sending the MMS/APN

    settings to the new handset • Can also be used for investigation purposes
  3. In The News… – Oyster card: Crypto-1 encryption algorithm attack,

    2004 – Cambridge university: EMV relay attack, 2010 – Sykipot malware Targeting US DoD smart cards, 2011-2012
  4. Why? • 8 billion smart cards by 2014 • The

    “Internet of Things” • Chip-enabled mobile payments • Hardware backdoors • Malware is everywhere!
  5. .NET Smart Card • First .NET virtual machine on the

    chip • Native support in Windows 7 and server 2008 • Used in: – Smart card based corporate badges (Microsoft employees badge) – Remote Access Control (USA DoD and UK MOD)
  6. .NET smart card security model App Domain A App Domain

    B App Domain C RSA Sig(A) RSA Sig(C) RSA Sig(B)
  7. Card application development .NET assembly Converter Plug-in Comm. Proxy (1)

    Compiles program (2) Conversion to card binary (3) Signed card binary (4) .NET remoting comm. (5) APDU comm. Vendor’s SDK
  8. How secure is .NET card? • Has EAL5+ certified Infenion

    chip • EAL certification is widely used by smart card industry (EAL3 to EAL7) • .NET card OS is designed to achieve EAL4+ • EAL4+ audit: – takes 6 to 9 months, costs high 10sk to low 100sk £ – includes independent penetration testing and source code review in some case • No published vulnerabilities so far
  9. Smart Card Vuln. research • No Chip OS binary is

    available • Traditional tools (debuggers, disassemblers) are useless • No publicly available testing tools • Secure chips have sensors, shields, encryption • ON-card bytecode/IL code verifier
  10. HiveMod • Vulnerability research tool, for: – .NET card binary

    (Hive format) visualization – Card Binary manipulation – Card binary Re-signing
  11. .NET Card Binary Compiler Header Digital signature Header Object counters

    Header Namespaces reference table Types reference table Methods reference table Fields reference table Blob definitions Type definitions Method definitions Program code (IL code) RSA signature
  12. Manipulating Digital Signature Header offset Field name size 32 SHA1

    hash of the full assembly 20 52 Public key token 8 60 RSA modulus length 4 (len) 64 RSA public exponent 4 68 RSA modulus len Compiler Header Digital signature Header Object counters Header Namespaces reference table Types reference table Methods reference table Fields reference table Blob definitions Type definitions Method definitions Program code (IL code) RSA signature
  13. Manual testing vs. HiveMod • Rev. engineering the SDK: ~2

    months • Hex editor for binary patching : Frustrating • Modified card binary needs to be signed • Destroying at least 10 cards: ~200 Euros
  14. Real World Attack? Employee corporate cafeteria POS terminal Attacker’s system

    (1) Attacker plants malware in e-purse Access control app E-Purse app GSM (data) GSM (data) (2) Payment (3) Access control data exfiltration (4) save to card (no GSM access)
  15. Vendor’s Response • “An attacker needs administration key to be

    able to upload his malicious application on the card, This Key is normally securely stored in a HSM or a smart card based controller”.
  16. Vendor’s Response • “Knowledge of the Public Key Token of

    the targeted application is required”.
  17. Vendor’s Response • “The targeted application must use private file-system

    storage for its data to be exposed. Therefore, internal (Application Domain) storage is immune to such attack”. byte[] key={0xaf,0x09,0x45,0x12,....};
  18. More Vulnerabilities... • Unauthorized memory read in InitializeArray(): public static

    void InitializeArray(Array array,RuntimeFieldHandle fldHandle); • Results: Partial memory dump • Destroys the card (no reliable exploitation yet)
  19. Conclusions • don’t worry! • check the apps PKTs for

    tampering. • Use a secure card management system • Smart card apps can be patched/updated , but not the card’s OS! • Smart cards OS and apps and card management software need pen tests too!
  20. Closing words • HiveMod Tool would be available to Smart

    Card vendors and security researchers (contact [email protected]) • I’d like to thank Dr. Kostas Markantonakis for supervising my research