Hi,
The
quickest way to code for this device is to use mplab and write your code in
assembler - these devices use a pretty nice risc instruction set and it is very
easy to access the built in io of the device.
If
assembler is a bit too low level for you, have a look around the microchip site
for a c compiler, however I'm not sure if the device used in the goldcards
(16F84) is supported by their compilers. There are plenty of 3rd party options,
not all are free though - there are some excellent guides in the 'select a
language' section here:
First
step is to get a copy of the datasheet for the 16F84 and the assembler
instruction set references, all available on the microchip site. There's a
wealth of reference designs and code examples there that should get you started
in next to no time.
Also a
schematic for the goldcard is going to be invaluable to you as you need to know
which of the pics ports are connected to the smartcard interface before you
start, you'll certainly find this if you google around - concentrate on
satellite hacking sites.
Cheers, Pat.
-----Original Message-----Thanks for the informatiion.
From: khaalel [mailto:[EMAIL PROTECTED]
Sent: 24 November 2005 10:24
To: Scott, Patrick
Subject: Re: [Full-disclosure] SmartCards programming...
To program a goldcard, which soft and which languages you advise me to use???
khaalel
On 11/24/05, Scott, Patrick <[EMAIL PROTECTED]> wrote:Hi,From memory the goldcard uses a microchip pic device (16F84 I think) there is also a small serial eeprom on board. You can pick up a full ide for the controller from www.microchip.com but be a bit prepared to have to code down the assembler level if you want total control. You can use this ide to compile the .hex file you require.IMHO the goldcard is probably not the most ideal choice for this type of project, the controller used on the card is lacking in some of the nice hardware features of other cards, as already mentioned, if you look around you can find other card types with hardware RSA and a full iso card io implementation, with the goldcard you're pretty much looking at coding these from scratch.From a security point of view the goldcard is less than ideal, the pic can be programmed with a fuse to prevent code being read out - see the datasheets on the above site, but I'm sure I've seen exploits for this around the net. Also the onboard eeprom on the goldcards is a potential weakness. In order to program the eeprom you will need to use a loader - essentially a bit of code that runs on the cards processor and writes data received by the card to the eeprom. In order to read the data back all the attacker need do is reload a loader to the card and read the eeprom contents back out, so if you're using the eeprom to hold keys etc, be a bit careful.Goldcards have been the friend of the satelitte tv hacking crowd for a long time, have a google around for the old seca hacks (start with secanix) for some examples of source code used to emulate official paytv smart cards which should give you some good pointers on how to implement a card io layer and access the eeprom etc.Cheers, Pat.-----Original Message-----HI (again),
From: khaalel [mailto:[EMAIL PROTECTED]]
Sent: 23 November 2005 15:17
To: [EMAIL PROTECTED]
Cc: [email protected]
Subject: Re: [Full-disclosure] SmartCards programming...
I found nothing about the language to use with Infinity USB, it asks me to provide it a .hex file... but what that? and how I can compile a code and convert it into a .hex file???
Can I use the BasicCard Kit Setup to program something and compile it... then use the Infinity USB writer to place the compiled file into my GoldCard?
khaalel
On 11/23/05, khaalel < [EMAIL PROTECTED]> wrote:Thank you for all your informations...this morning, I assisted to a conference given by AXALTO (I found a contact that accepted to help me) and I learned a lot of things...
I bought 2 Goldcards (one of my teacher advised me to buy a such card to do what I want... but I think a physical attack can allow someone to copy the content of the card or the stored key when the authentication is doing but to begin its perhaps the more simple card I can find ...)
If you have more infromations, please give me them... for the moment I read the manual of the Infinity USB and there is no information about the language I can use to program the cards, Iwill search again with Google and perphaps on the usenet...
khaalel
On 11/23/05, Aditya Deshmukh < [EMAIL PROTECTED] > wrote:
Sorry for the top post
If you are going to do something like this then RSA cards are the best
specially securid
It can be implemented almost out of the box and it has great lib support
also.
________________________________
From: [EMAIL PROTECTED]
[mailto: [EMAIL PROTECTED] ] On Behalf Of khaalel
Sent: Wednesday, November 23, 2005 2:12 PM
To: [email protected]
Subject: [Full-disclosure] SmartCards programming...
Hello,
I have to achieve a technical project for my french high school...
And the subject is about cryptography and smart cards...
The goal is to write the programs and all the associated stuff... in
order to create a DRM-like system: when an user enter his card, a software
check his key (or certificate or...) and if the authentication succeed, the
wanted file (document, video, audio...) is open by the software...
Yesterday I bought a programmer/writer : the Infinity USB but I
wanna know if someone could give me some interresting links about smart card
programming (java, basic, .....). I already know some things about
cryptography but I am a newbie in smart card programming. Wich language I
have to learn? Which type of smart cards I have to buy? Which algorithms I
can use (DES, RSA, Elliptic Curves, AES...)??
thanks...
khaalel
________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
_____________________________________________________________________
The information contained in or attached to this email is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. It may contain information which is confidential and/or covered by legal professional or other privilege (or other rules or laws with similar effect in jurisdictions outside England and Wales).
The views expressed in this email are not necessarily the views of Centrica plc, and the company, its directors, officers or employees make no representation or accept any liability for its accuracy or completeness unless expressly stated to the contrary.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_____________________________________________________________________
The information contained in or attached to this email is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. It may contain information which is confidential and/or covered by legal professional or other privilege (or other rules or laws with similar effect in jurisdictions outside England and Wales).
The views expressed in this email are not necessarily the views of Centrica plc, and the company, its directors, officers or employees make no representation or accept any liability for its accuracy or completeness unless expressly stated to the contrary.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
