Full Disclosure mailing list archives
Re: Re: Fedex Kinkos Smart Card AuthenticationBypass
From: "Dave Korn" <davek_throwaway () hotmail com>
Date: Thu, 2 Mar 2006 13:26:07 -0000
Lance James wrote:
Dude VanWinkle wrote:On 2/28/06, Lance James <bugtraq () securescience net> wrote:Our response: http://ip.securescience.net/exploits/P1010029.JPGlol, now thats a funny picture! So am I to assume that normally you can go beyond 31337 on a Kinko's card and this is a modding of the original to produce the displayed picture?The max is $100.00
Given this bit...
card as an ExpressPay stored-value card. Bytes 0x20 through 0x27 contain the value stored on the card, represented in IEEE 754 double-precision floating point format. Bytes 0x60 through 0x6A
.... was there anything to have stopped you loading the card with ... say
.... $1.7976E+308 ?
:P LOL, using an fp double to store an amount of currency. Hmm, maybe
it's not the range, but the precision they want. Maybe it's not that
they're expecting Bill Gates to use their cards after all. Maybe they're
expecting people to load them up with units of femtocents?
cheers,
DaveK
--
Can't think of a witty .sigline today....
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Re: Fedex Kinkos Smart Card Authentication Bypass Dude VanWinkle (Mar 01)
- Re: Re: Fedex Kinkos Smart Card Authentication Bypass Lance James (Mar 01)
- Re: Re: Fedex Kinkos Smart Card AuthenticationBypass Dave Korn (Mar 02)
- <Possible follow-ups>
- Re: Re: Fedex Kinkos Smart Card Authentication Bypass Michael Holstein (Mar 01)
- Re: Re: Fedex Kinkos Smart Card Authentication Bypass Gaddis, Jeremy L. (Mar 01)
- Re: Re: Fedex Kinkos Smart Card Authentication Bypass Lance James (Mar 01)