Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

[ANNOUNCE] eCL0WN v1.01 released

From: "Jeroen van Beek" <jeroen () dexlab nl>
Date: Wed, 21 Jan 2009 12:05:57 +0100
Hi,

I'm pleased to announce the release of eCL0WN v1.01.

Introduction
============
eCL0WN is a J2ME ePassport utility for Nokia NFC phones that allows you to
read and clone your ePassport's chip content. The following functionality is
implemented in the current release:

- Read passport data using a given authentication key (if needed).
- View passport details including the JPEG picture.
- Write passport data to an emulator chip.
- Write passport data to microSD memory (not very secure).

Changes
=======
NEW: add full support for reading non-BAC chips (e.g. early chips Belgium)
NEW: sets target device to the same mode as the source chip (BAC / non-BAC)*
NEW: support for reading, writing and displaying DG7 (signature JPEG)
FIX: fixed bug in index stripping routine for chips with 4+ tags in EF.COM
*  = requires ePassport emulator v1.02.

Supported devices
=================
eCL0WN is successfully tested on the Nokia 6131 NFC and Nokia 6212 NFC.

Details
=======
eCL0WN reads BAC-protected ePassport files EF.COM, EF.SOD, EF.DG1 and
EF.DG2. If present, the optional files EF.DG7, EF.DG11, EF.DG12, EF.DG13 and
EF.DG15 will also be read. Retrieved data can be written to an ePassport
emulator. Before writing files to the emulator all Active Authentication
(AA) related, Extended Access Control (EAC) related and unknown files (if
any) are removed from index EF.COM. This allows one to bypass AA and EAC
checks of inspection systems vulnerable to downgrade-attacks.

Note that eCL0WN does not comply with ICAO Doc 9303 at all. Please do not
use it to check authenticity or integrity of machine readable travel
documents.

Future work
===========
- Add support for viewing JPEG-2000 pictures, used in e.g. German and Dutch
    ePassports.

Contact
=======
Jeroen van Beek @ jeroen [at] dexlab [dot] nl

Download
========
You can download the latest version of eCL0WN - including pointers to other
relevant information - at <http://www.dexlab.nl/>.


Happy cl0wning!

--
Jeroen van Beek

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: