Slide 1
Slide 1 text
what’s in your pocket?
Henri Watson
Slide 2
Slide 2 text
$ whoami
• Software Engineering Intern at Judo Payments
• Second year student at Abertay University
(HackSoc Secretary + Securi-Tay 2017 Organiser)
• Lived in the Dominican Republic for 13 years
• I dig
• Payments technologies
• Security UX
• Embedded devices
• Public transportation
Slide 3
Slide 3 text
Smartcards are often used as
replacements for magnetic stripe cards
Slide 4
Slide 4 text
They rapidly grew in popularity as a
result of their trusted and secure nature
Slide 5
Slide 5 text
Take a look at your wallet
• GPG card
• Bank card
• Laundry card
• Transit card
• Identity documents
• Hotel/office key
• Student card
• Single Sign On card
Slide 6
Slide 6 text
Take a look at your appliances
• Satellite decoder cards
• SIM cards
• Gas/electricity top-up card
Slide 7
Slide 7 text
We are surrounded by smartcards
Slide 8
Slide 8 text
…but perhaps we haven’t stopped to
consider their security implications
Slide 9
Slide 9 text
…or the data held on them
Slide 10
Slide 10 text
We directly interact with the data
held on magnetic stripe cards
http://samy.pl/magspoof/iron-oxide-short-low.gif
Slide 11
Slide 11 text
Directly interacting with a smartcard’s
EEPROM is impractical
Slide 12
Slide 12 text
http://people.cs.uchicago.edu/~dinoj/smartcard/security.html
Slide 13
Slide 13 text
Realistically, there is no “data”
on the smartcard that can be cloned
Slide 14
Slide 14 text
We’re not interested in a smartcard’s
data, instead we care about its
responses to commands.
Slide 15
Slide 15 text
We have to speak with the smartcard
to inspect its contents
Slide 16
Slide 16 text
or
Slide 17
Slide 17 text
Contact cards are defined by
ISO/IEC 7816
Slide 18
Slide 18 text
Contactless cards are defined by
ISO/IEC 14443
Slide 19
Slide 19 text
Contactless cards are defined by
ISO/IEC 14443
(Uses ISO/IEC 7816’s T=1 protocol)
Slide 20
Slide 20 text
Contactless cards are defined by
ISO/IEC 14443
(Uses ISO/IEC 7816’s T=1 protocol)
(so it’s sorta the same, but more interference)
Slide 21
Slide 21 text
https://commons.wikimedia.org/wiki/File:Australia_Bank_Paypass_Card.png
Slide 22
Slide 22 text
Smartcards are varyingly clever ASICs
Slide 23
Slide 23 text
Many run JavaCard,
a stripped down Java Virtual Machine
Slide 24
Slide 24 text
No content
Slide 25
Slide 25 text
Others are more purpose-built ASICs
Slide 26
Slide 26 text
Let’s ask a smartcard to do something
Slide 27
Slide 27 text
Card Reader
Slide 28
Slide 28 text
Card Reader
Slide 29
Slide 29 text
Card Reader
3B 88 80 01 E1 F3 5E 11 77 83 B7 00 17
Slide 30
Slide 30 text
3B 88 80 01 E1 F3 5E 11 77 83 B7 00 17
https://smartcard-atr.appspot.com/
Slide 31
Slide 31 text
3B 88 80 01 E1 F3 5E 11 77 83 B7 00 17
(UK Biometric Residence Permit)
Slide 32
Slide 32 text
3B 88 80 01 00 00 00 00 80 81 71 00 79
Apple Pay
3B 81 80 01 80
Oyster Card / MIFARE DESFire
3B 8F 80 01 80 4F 0C A0 00 00 03 06 03 00 02 00 00 00 00 69
Scottish National Entitlement Card / MIFARE Classic 4k
3B 89 80 01 66 52 57 45 32 50 52 4F 4D 1C
Glasgow Subway Card / ITSO
Slide 33
Slide 33 text
Card Reader
Slide 34
Slide 34 text
Card Reader
Slide 35
Slide 35 text
except not really
Slide 36
Slide 36 text
Card Reader
Slide 37
Slide 37 text
Card Reader
Slide 38
Slide 38 text
¯\_(ツ)_/¯
Slide 39
Slide 39 text
but let’s assume you have a handshake
Slide 40
Slide 40 text
…then it’s up to the application
Slide 41
Slide 41 text
Applications usually implement a
handful of standard commands
• READ BINARY
• WRITE BINARY
• UPDATE BINARY
• ERASE BINARY
• READ RECORD
• WRITE RECORD
• APPEND RECORD
• UPDATE RECORD
• GET DATA
• PUT DATA
• SELECT FILE
• VERIFY
Slide 42
Slide 42 text
These commands are specified by
Global Platform
Slide 43
Slide 43 text
…but it’s cool to ignore them
Slide 44
Slide 44 text
Talking with a random card is a headache
Slide 45
Slide 45 text
but let’s assume you also know what
commands the card supports
Slide 46
Slide 46 text
As a simple example,
let’s look at basic GSM authentication
Slide 47
Slide 47 text
Phone Cell tower
Ki: ABCDEFGHIJKLMNO
Slide 48
Slide 48 text
SIM Card Phone
Remaining PINs: 3
Ki: ABCDEFGHIJKLMNO
Slide 49
Slide 49 text
SIM Card Phone
Remaining PINs: 2
Ki: ABCDEFGHIJKLMNO
Slide 50
Slide 50 text
SIM Card Phone
Remaining PINs: 2
Ki: ABCDEFGHIJKLMNO
Slide 51
Slide 51 text
SIM Card Phone
Remaining PINs: 3
Ki: ABCDEFGHIJKLMNO
Slide 52
Slide 52 text
SIM Card Phone
Remaining PINs: 3
Ki: ABCDEFGHIJKLMNO
Slide 53
Slide 53 text
SIM Card Phone
Remaining PINs: 3
Ki: ABCDEFGHIJKLMNO
Slide 54
Slide 54 text
Phone Cell tower
Ki: ABCDEFGHIJKLMNO
Slide 55
Slide 55 text
In this example, the SIM card demonstrates
two access control methods
Slide 56
Slide 56 text
The SIM card protects the PIN and the Ki
Slide 57
Slide 57 text
As the SIM card performs cryptographic
operations on-board, the Ki isn’t exposed
Slide 58
Slide 58 text
…unless you brute-force it
Slide 59
Slide 59 text
SIM Card Reader
Remaining PINs: 3
Ki: ABCDEFGHIJKLMNO
http://www.isaac.cs.berkeley.edu/isaac/gsm-faq.html
Slide 60
Slide 60 text
We also have smartcards in our bank cards
Slide 61
Slide 61 text
EMV attempts to provide a secure
payments environment in an
assumed hostile environment.
Slide 62
Slide 62 text
Multiple applications per card are
used in the United States to allow debit
cards to be run in stores over the
credit network or the debit network.
* Supporting this is legally required as a result of the Durbin Amendment
Slide 63
Slide 63 text
Smartcards are also used for
more generic data storage
Slide 64
Slide 64 text
Some of these are
MIFARE Ultralight cards
Slide 65
Slide 65 text
Mostly publicly readable,
basic access control settings
Slide 66
Slide 66 text
No content
Slide 67
Slide 67 text
No content
Slide 68
Slide 68 text
Many of these are
MIFARE Classic cards
Slide 69
Slide 69 text
Card Reader
Slide 70
Slide 70 text
No content
Slide 71
Slide 71 text
Some people store data on these cards
Slide 72
Slide 72 text
…but this is all safe because you need
encryption keys to read and write
Slide 73
Slide 73 text
https://eprint.iacr.org/2009/137
Slide 74
Slide 74 text
No content
Slide 75
Slide 75 text
Not everyone uses MIFARE Classic though
Slide 76
Slide 76 text
NXP touts MIFARE DESFire as being safer
Slide 77
Slide 77 text
DESFire cleanly supports multiple
applications and has a stronger ACS
Slide 78
Slide 78 text
https://codebutler.github.io/farebot/
Slide 79
Slide 79 text
http://www.proxmark.org/files/Documents/13.56%20MHz%20-
%20MIFARE%20DESFire/Cloning_Cryptographic_RFID_Cards_for_25USD-WISSEC_2010.pdf
Slide 80
Slide 80 text
No content
Slide 81
Slide 81 text
https://www.itso.org.uk/wp-content/uploads/2012/07/ISAM_small.jpg
Slide 82
Slide 82 text
https://www.itso.org.uk/wp-content/uploads/2014/11/ITSO-Application-layers.jpg
Slide 83
Slide 83 text
No content
Slide 84
Slide 84 text
…but there are other applications
Slide 85
Slide 85 text
…but there are other applications
…like passports
Slide 86
Slide 86 text
Passports have sensitive data that
must be protected
Slide 87
Slide 87 text
No content
Slide 88
Slide 88 text
Passport Reader
Slide 89
Slide 89 text
This is all numeric data
Slide 90
Slide 90 text
This is all numeric data
…that we can bruteforce
Slide 91
Slide 91 text
http://hgi.ruhr-uni-bochum.de/media/crypto/veroeffentlichungen/2011/01/29/
epasscrack_otm07.pdf
Slide 92
Slide 92 text
so basically
Slide 93
Slide 93 text
It’s impractical to attack
the smartcard itself
Slide 94
Slide 94 text
Instead, attacks rely on
broken crypto or side channel leaks
Slide 95
Slide 95 text
Cards run very small and
heavily optimised applications
Slide 96
Slide 96 text
There’s a lot of software that allows you to
interact with known smartcards
Slide 97
Slide 97 text
You can build your own smartcards too
Slide 98
Slide 98 text
https://simhacks.github.io/defcon-21/
Slide 99
Slide 99 text
There are tiny computers in
all of our pockets
Slide 100
Slide 100 text
Say hello to them
Slide 101
Slide 101 text
Say hello to them
maybe they’ll say hi back
Slide 102
Slide 102 text
Thanks!
@henriwatson
[email protected]
https://henriwatson.com/talks/yourpocket