Full Disclosure mailing list archives
RE: SmartCards programming...
From: "Scott, Patrick" <Patrick.Smith () centrica co uk>
Date: Thu, 24 Nov 2005 12:01:19 -0000
Hi, The quickest way to code for this device is to use mplab and write your code in assembler - these devices use a pretty nice risc instruction set and it is very easy to access the built in io of the device. If assembler is a bit too low level for you, have a look around the microchip site for a c compiler, however I'm not sure if the device used in the goldcards (16F84) is supported by their compilers. There are plenty of 3rd party options, not all are free though - there are some excellent guides in the 'select a language' section here: http://www.voti.nl/swp/ <http://www.voti.nl/swp/> First step is to get a copy of the datasheet for the 16F84 and the assembler instruction set references, all available on the microchip site. There's a wealth of reference designs and code examples there that should get you started in next to no time. Also a schematic for the goldcard is going to be invaluable to you as you need to know which of the pics ports are connected to the smartcard interface before you start, you'll certainly find this if you google around - concentrate on satellite hacking sites. Cheers, Pat. -----Original Message----- From: khaalel [mailto:khaalel () gmail com] Sent: 24 November 2005 10:24 To: Scott, Patrick Subject: Re: [Full-disclosure] SmartCards programming... Thanks for the informatiion. To program a goldcard, which soft and which languages you advise me to use??? khaalel On 11/24/05, Scott, Patrick < Patrick.Smith () centrica co uk <mailto:Patrick.Smith () centrica co uk> > wrote: Hi,
From memory the goldcard uses a microchip pic device (16F84 I think) there
is also a small serial eeprom on board. You can pick up a full ide for the controller from www.microchip.com <http://www.microchip.com> but be a bit prepared to have to code down the assembler level if you want total control. You can use this ide to compile the .hex file you require. IMHO the goldcard is probably not the most ideal choice for this type of project, the controller used on the card is lacking in some of the nice hardware features of other cards, as already mentioned, if you look around you can find other card types with hardware RSA and a full iso card io implementation, with the goldcard you're pretty much looking at coding these from scratch.
From a security point of view the goldcard is less than ideal, the pic can
be programmed with a fuse to prevent code being read out - see the datasheets on the above site, but I'm sure I've seen exploits for this around the net. Also the onboard eeprom on the goldcards is a potential weakness. In order to program the eeprom you will need to use a loader - essentially a bit of code that runs on the cards processor and writes data received by the card to the eeprom. In order to read the data back all the attacker need do is reload a loader to the card and read the eeprom contents back out, so if you're using the eeprom to hold keys etc, be a bit careful. Goldcards have been the friend of the satelitte tv hacking crowd for a long time, have a google around for the old seca hacks (start with secanix) for some examples of source code used to emulate official paytv smart cards which should give you some good pointers on how to implement a card io layer and access the eeprom etc. Cheers, Pat. -----Original Message----- From: khaalel [mailto: khaalel () gmail com <mailto:khaalel () gmail com> ] Sent: 23 November 2005 15:17 To: adityad2005 () users sourceforge net <mailto:adityad2005 () users sourceforge net> Cc: full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk> Subject: Re: [Full-disclosure] SmartCards programming... HI (again), I found nothing about the language to use with Infinity USB, it asks me to provide it a .hex file... but what that? and how I can compile a code and convert it into a .hex file??? Can I use the <http://209.68.36.204/downloads/BasicCardKit.zip> BasicCard Kit Setup to program something and compile it... then use the Infinity USB writer to place the compiled file into my GoldCard? khaalel <http://209.68.36.204/downloads/BasicCardKit.zip> On 11/23/05, khaalel < <mailto:khaalel () gmail com> khaalel () gmail com> wrote: Thank you for all your informations...this morning, I assisted to a conference given by AXALTO (I found a contact that accepted to help me) and I learned a lot of things... I bought 2 Goldcards (one of my teacher advised me to buy a such card to do what I want... but I think a physical attack can allow someone to copy the content of the card or the stored key when the authentication is doing but to begin its perhaps the more simple card I can find ...) If you have more infromations, please give me them... for the moment I read the manual of the Infinity USB and there is no information about the language I can use to program the cards, Iwill search again with Google and perphaps on the usenet... khaalel On 11/23/05, Aditya Deshmukh < <mailto:aditya.deshmukh () online gateway strangled net> aditya.deshmukh () online gateway strangled net > wrote: Sorry for the top post If you are going to do something like this then RSA cards are the best specially securid It can be implemented almost out of the box and it has great lib support also. ________________________________ From: full-disclosure-bounces () lists grok org uk <mailto:full-disclosure-bounces () lists grok org uk> [mailto: <mailto:full-disclosure-bounces () lists grok org uk> full-disclosure-bounces () lists grok org uk ] On Behalf Of khaalel Sent: Wednesday, November 23, 2005 2:12 PM To: full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk> Subject: [Full-disclosure] SmartCards programming... Hello, I have to achieve a technical project for my french high school... And the subject is about cryptography and smart cards... The goal is to write the programs and all the associated stuff... in order to create a DRM-like system: when an user enter his card, a software check his key (or certificate or...) and if the authentication succeed, the wanted file (document, video, audio...) is open by the software... Yesterday I bought a programmer/writer : the Infinity USB but I wanna know if someone could give me some interresting links about smart card programming (java, basic, .....). I already know some things about cryptography but I am a newbie in smart card programming. Wich language I have to learn? Which type of smart cards I have to buy? Which algorithms I can use (DES, RSA, Elliptic Curves, AES...)?? thanks... khaalel ________________________________________________________________________ Delivered using the Free Personal Edition of Mailtraq ( www.mailtraq.com <http://www.mailtraq.com> ) _____________________________________________________________________ The information contained in or attached to this email is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. It may contain information which is confidential and/or covered by legal professional or other privilege (or other rules or laws with similar effect in jurisdictions outside England and Wales). The views expressed in this email are not necessarily the views of Centrica plc, and the company, its directors, officers or employees make no representation or accept any liability for its accuracy or completeness unless expressly stated to the contrary. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html <http://lists.grok.org.uk/full-disclosure-charter.html> Hosted and sponsored by Secunia - http://secunia.com/ <http://secunia.com/> _____________________________________________________________________ The information contained in or attached to this email is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. It may contain information which is confidential and/or covered by legal professional or other privilege (or other rules or laws with similar effect in jurisdictions outside England and Wales). The views expressed in this email are not necessarily the views of Centrica plc, and the company, its directors, officers or employees make no representation or accept any liability for its accuracy or completeness unless expressly stated to the contrary.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: SmartCards programming..., (continued)
- Re: SmartCards programming... Jon Barber (Nov 23)
- RE: SmartCards programming... Aditya Deshmukh (Nov 23)
- Re: SmartCards programming... khaalel (Nov 23)
- Re: SmartCards programming... khaalel (Nov 23)
- Re: SmartCards programming... Michael Holstein (Nov 23)
- Re: SmartCards programming... khaalel (Nov 23)
- Re: SmartCards programming... Valdis . Kletnieks (Nov 23)
- Re: SmartCards programming... Michael Holstein (Nov 23)
- RE: SmartCards programming... Lyal Collins (Nov 23)
- Re: SmartCards programming... Michael Holstein (Nov 23)
- RE: SmartCards programming... Scott, Patrick (Nov 24)
- Re: SmartCards programming... InfoSecBOFH (Nov 24)
- RE: SmartCards programming... Scott, Patrick (Nov 24)