Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Smartcard Security - Suggested Hardware

From: Rogan Dawes <lists () dawes za net>
Date: Thu, 18 Dec 2008 12:24:24 +0200
bin4ry wrote:

The hardware i am looking for shouldn't be the hardware we are
researching. I am only looking for a powerful card reader _and_ writer
so that we can write specific data to blank smartcards, to see if we can
fool the actual reader which is used by the system we are researching.

Furthermore it think of severeal other attack vectors:

1. The card itself (maybe we can dump the data, replicate it and break
security system. If data is encrypted maybe we can extract a key)

2. The communication (maybe we can sniff the communication between card
and reader. I don't really know where to apply to get the communication
stream, yet).

3. The reader (Maybe we can manipulate the display, so it displas wrong
info. We'll also try to dump the eeprom to see whats going on in there.
Another approach would be to setup a serial connection to a pc or to
replace the microprocessor with our own, manipulated, on.


Cheers



You may want to take a look at something like the hackaday Bus Pirate,
which allows you to implement a variety of protocols.

Regards,

Rogan


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: