Penetration Testing mailing list archives
Re: Smartcard Security - Suggested Hardware
From: Matt Neely <matt-lists () matthewneely com>
Date: Tue, 16 Dec 2008 00:07:31 -0500
Check out Makinterface (http://www.makinterface.com/) for smart card related hardware. They sell readers, card emulators and inline sniffers to see the data being passed between a smart card and a reader. They make quality hardware I've used on a couple of assessments, they also make a great magstripe analysis tool (http://www.makinterface.com/makstusbe.php3). The Smartcard Explores Set (http://www.makinterface.com/smartcre.php3) is a good starting point. Be warned they are located in Europe so give plenty of time for shipping.
The forums (http://www.makinterface.de/forum/) would also be a good place to research information on smartcards.
Cheers, Matt http://www.matthewneely.com/ bin4ry wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi together, at university i am working on a project which tries to identify vulnerabilities in a smartcard system which consists of the actual smartcard plus a (pseudo?)level-3 reader (reader has a pinpad plus a display). This system will be used in major cities and we want to make people aware of the fact that it is (probably) pretty unsecure. At the moment we are in the pre-information gathering phase: We are about to import knowledge about smartcards, used protocols, etc. Since i want to dump the contents of that smartcard and maybe even rewrite it to another, empty card i need a smartcard reader/writer. Does anyone has ever done a pentest on that kind of system? Can somebody suggest special hardware? I know that the chaos computer club (ccc; local hacking group) has made its own reader/writer but this one isnt available any more. If you could hook me up with any info regarding this theme (books?), i really much would appreciate it. Kind regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJJRSo5AAoJELgHfGPPLPuOHpkH/2sLyhqrlA4A8sJZvT0cH7GY 9ffcjiDwtjffdGjHpA+HGTTA5+NKSViIQP0dKpHVOAp3lJkjLPFwnMduYTzV3Rra aDvKFdC6xX4NVPn46UUa1eZfc3fYZ2D4qgMOUrEnAmxCumxKjYd0D3XcA8/aQgNy 7BKT3FbHOifpE60iHiq2U21MtOIKaO8WXE07FYKcqv0pr6xFKpBF9cRd26n7qUsE 9uq7gr66pjxSdp1ZGnDpwmIXTEUufQ+5AyFlI6AS6PhgZ+H8c6JTDlqksp52CLJQ rXYZCvjXzqTJ1LWa3ZfDZ4jZX3FhONm2N4Zbd/eHh1eG+hdKnykR44XD5yDjYX0= =OKkh -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Smartcard Security - Suggested Hardware bin4ry (Dec 14)
- Re: Smartcard Security - Suggested Hardware Jerome Athias (Dec 15)
- Re: Smartcard Security - Suggested Hardware William Zellars (Dec 16)
- Re: Smartcard Security - Suggested Hardware Matt Neely (Dec 16)
- Re: Smartcard Security - Suggested Hardware Matthew Zimmerman (Dec 16)
- Re: Smartcard Security - Suggested Hardware bin4ry (Dec 18)
- Re: Smartcard Security - Suggested Hardware Rogan Dawes (Dec 18)
- Re: Smartcard Security - Suggested Hardware Ahmad Taha (Dec 18)
- Re: Smartcard Security - Suggested Hardware bin4ry (Dec 18)
- Re: Smartcard Security - Suggested Hardware Jerome Athias (Dec 15)