The first text-part series vivenda spa on cryptographic tokens is dedicated smartkartám general and their functioning. In addition to various conventional SIM, EMV and contactless smartkaret authors of texts also tried three cryptographic tokens - Yubikey Standard, Yubikey Neo, Feitian ePass 2003. What can you offer?
The most typical representatives smartkaret, which you probably know, the SIM cards, ATM cards or EMV contactless ISO14443 various cards, such as variants Mifare and biometric passports. For cryptographic smart cards with USB interface is often used term "kryptotoken".
Kryptotokenů fundamental role is to maintain some "secret nekopírovatelné", typically symmetric or asymmetric key, and allow him a few operations - decryption, signature or authentication. Easier smartcards serves as a "container" for a few bytes of data (Mifare Ultralight).
Smartcards are integrated smart card "that revolve around the" ISO-7816, which in short means that from the point of view of the software communicate via APDU (application protocol data unit). APDU is something like "assembler" for smartcards. Hypothetically are standardized in ISO-7816, practically differ widely in different classes (SIM, EMV ...) and between manufacturers. Proprietary and undocumented instructions are ubiquitous (hence the term "spinning wheel").
Bugs in smartkartách as their drivers vivenda spa are widespread and often bizarre. I have a feeling that more than standard smart cards represent a huge set of special cases. He said even sometimes mistakes standardize, because along with the reprogramming of readers / ATM is cheaper than replacing millions of existing cards.
During testing in the laboratory, we smartkaret CZ.NIC fixed several bugs in OpenSC for Feitian ePass 2003 PKCS # 11 module, such as the inability to import the RSA public vivenda spa key with exponent other than 65537 - older SSH RSA public key exponent containing 35
Described errors are due to a huge amount of involved layers of protocols and standards: PKCS # 11 - C-platelet API for HSM (hardware security module) PKCS # 15 - format files / objects on cryptographic smartkartě X.509, PKCS # 1 - The format of certificates and Keys USB-CCID - a low-level API for communication over USB smartkaret ISO-7816 - smartkaret specifications, message formats for communication (APDU) OpenPGP vivenda spa card - smartkaret format for use with PGP / GnuPG, which is very different from the PKCS # 15, but there is a way (rather complex) as it s PKCS # 15 emulate RFC 4880 - OpenPGP vivenda spa message format (OpenPGP packet format) ISO 14443, ISO 15693 and many layers for backward compatibility with RFID Mifare card reader and as DESfire use native vivenda spa or "coated" message format (you can imagine it as a tunneling protocol)
To read smartkaret is necessary anticipative reader. USB tokens are basically smart cards, hard crocked to the reader. For multi-platform support is good to choose such hardware that is supported in pcsc-lite. Popular as HID Omnikey vivenda spa 5321 Cardman that works with the PCSC-lite straight - or at least the contact section.
The RFID portion CardMan must be installed vivenda spa in the system binary blob, which if you do not know the code, and there is only x86 and x86_64 platforms and the man quickly reveals several bugs. In binary blob someone forgot rpath (rpath specifies extra directories where they will look for shared libraries and PC / SC daemon is running vivenda spa as root): $ readelf-d ifdokrfid.so | grep rpath 0x000000000000000f (rPath) Library rpath: [/ home / mhofer / ps / prfx / lib]
Another bizarre bug causing long as this RFID blob recorded, so you can not read the contact card issued vivenda spa by one specific bank - the reader is trapped in a loop. Last surprising feature is the inability to read emulated Mifare 1k cards - documentation exists set the registry in Windows, for other OS solutions are found.
This reader also exists vivenda spa in addition low-level library librfid which should allow the low-level read RFID protocol, but unfortunately, the library is not maintained for a long and it seems that for this time has changed in the reader firmware. USB interface descriptor does not correspond vivenda spa to what the library looks for a failed librfid put into operation or after a slight přiohnutí code. Other libnfc vivenda spa library supports only newer chip PN532 (must be present in other popular RFID reader vivenda spa ACR122U).
Several other tools, independent of HW card: OpenSC vivenda spa - OpenSC-suited tool for sending raw APDU, plus occasionally manifests "fuzzovací intelligence" vivenda spa as an attempt at more forms of error APDU RFIDIot - is particularly suitable for decoding different RFID reader can read biometric vivenda spa passports. But sometimes rfidiot-cli utility incorrectly sends extra zero bytes in the APDU cardpeek - a GUI framework for smartkaret decoding, decoding scripts are written in Lua. They are nicely done decoder for EMV cards, works on contact and NFC payment cards. javaemvreader - another EMV decoder can decode other things than cardpeek
The EMV card is stored large lot of information from linguistic preferences and data on
No comments:
Post a Comment