Full Disclosure mailing list archives
Re: RFID enabled e-passport skimming proof of concept code released (RFIDIOt)
From: Adam Laurie <adam.laurie () thebunker net>
Date: Mon, 30 Oct 2006 16:19:09 +0000
Michael Holstein wrote:
That article focuses on Dutch passports, but in the US it's essentially the same.The Passport numbera 10 digit number (I don't know where they start, but it certainly wasn't 0000000001).
If they're sequential, we only need to know where they start once the chips are installed, assuming you get a new passport number when you renew (as you do in th UK).
The Date Of Birth of the holderabout 32,000 possibilities (assuming < 90yrs old)The Expiry Date of the PassportPassports are vaild for 10 years (for an adult in the US), and expiration is just MM/YYYY .. so that's only 120 possibilities.
Currently even less, since, again, it will expire 10 years from the date chips were first installed, so here in the UK there is only one valid year so far, so only 12 possibilities.
A very small dictionary for "brute force" indeed, and I'd be happy to code such a routine.
Thanks for the offer, but I'm already pretty much there... It'll be in the next release... :)
Does anyone know if the chips in the latest passports (USA issue) prevent this sort of thing, or can you try keys as fast as the RF interface will permit?
There is nothing in the standard to require anti-bruteforcing mechanisms such as timing backoffs etc., and although I haven't done exhaustive tests on this, trying multiple wrong keys doesn't seem to have any bad effect on a UK passport. Using my python library I get about 3 tries per second, but I expect that speed could be improved... cheers, Adam -- Adam Laurie Tel: +44 (0) 1304 814800 The Bunker Secure Hosting Ltd. Fax: +44 (0) 1304 814899 Ash Radar Station http://www.thebunker.net Marshborough Road Sandwich mailto:adam () thebunker net Kent CT13 0PL UNITED KINGDOM PGP key on keyservers _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RFID enabled e-passport skimming proof of concept code released (RFIDIOt) Adam Laurie (Oct 27)
- Re: RFID enabled e-passport skimming proof of concept code released (RFIDIOt) Michael Holstein (Oct 30)
- Re: RFID enabled e-passport skimming proof of concept code released (RFIDIOt) Adam Laurie (Oct 30)
- Re: RFID enabled e-passport skimming proof of concept code released (RFIDIOt) Adam Laurie (Oct 30)
- Re: RFID enabled e-passport skimming proof of concept code released (RFIDIOt) Valdis . Kletnieks (Oct 30)
- Re: RFID enabled e-passport skimming proof of concept code released (RFIDIOt) Michael Holstein (Oct 30)
- Re: RFID enabled e-passport skimming proof of concept code released (RFIDIOt) Michael Holstein (Oct 30)