Re: Kiwi expert cracks chip passport

2008-08-20 Thread Peter Gutmann
[Not sure if this is still of general list interest, let's take the followups
 off-list.  If anyone else wants to be included in the off-list discussion,
 let me know].

Stefan Kelm [EMAIL PROTECTED] writes:

Did the Golden Reader Tool (GRT) recognize the Cardman reader w/o any
modifications? The most current version I have (GRT v2.9) says in the
ePassport Reader List:

 - Integrated Engineering Smart-ID
 - NMDA Tx-PR-400
 - Philips Pegoda

I sense Vista running on your machine :-).  To get it to work I had to fire up
XP and explicitly install the Omnikey drivers from their web site rather than
using Windows auto-install to get them.  It also runs well in Parallels on a
Mac, although I haven't been able to get it to work under Vista.

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Kiwi expert cracks chip passport

2008-08-19 Thread Stefan Kelm
Peter,

 Which card reader(s) did you use?
 
 Adam and I used the Omnikey Cardman 5321

Did the Golden Reader Tool (GRT) recognize the Cardman reader w/o
any modifications? The most current version I have (GRT v2.9)
says in the ePassport Reader List:

 - Integrated Engineering Smart-ID
 - NMDA Tx-PR-400
 - Philips Pegoda

Cheers,

Stefan.


Symposium Wirtschaftsspionage 03.09.2008 KA/Ettlingen
http://www.symposium-wirtschaftsspionage.de/
-
Stefan Kelm
Security Consulting

Secorvo Security Consulting GmbH
Ettlinger Strasse 12-14, D-76137 Karlsruhe
Tel. +49 721 255171-304, Fax +49 721 255171-100
[EMAIL PROTECTED], http://www.secorvo.de/
PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B

Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Kiwi expert cracks chip passport

2008-08-18 Thread Peter Gutmann
David G. Koontz [EMAIL PROTECTED] writes:

http://www.stuff.co.nz/4659100a28.html?source=RSStech_20080817

Peter Gutmann has gotten himself in the news along with Adam Laurie and
Jeroen van Beek for altering the passport microchip in a passport.

The original story was actually the coverage in the UK Times last week,
http://www.timesonline.co.uk/tol/news/uk/crime/article4467098.ece.  It was a
three-person effort, Adam Laurie did the RFID part (via RFIDIOt), Jeroen van
Beek did the passport software implementation and tying the whole thing
together, all I did was the signing.  We never touched the passport chip, what
we showed was that it's possible to create your own fictitious e-passport
that's accepted as valid by the reference Golden Reader Tool.  In other words
we showed that what security researchers had been warning about ever since e-
passports were first proposed was actually possible, following the l0pht's
motto Making the theoretical practical.  Jeroen presented the work at Black
Hat'08,
http://www.blackhat.com/html/bh-usa-08/bh-usa-08-speakers.html#vanBeek.

http://www.stuff.co.nz/images/748842.jpg

Ugh, no, make it go away.

(Alert readers may notice the anomaly with the carefully-placed monitor right
behind my head, which is displaying something slightly different from the
surrounding sea of Vista desktops :-).  It's actually a file photo from a news
story from the start of last year about Vista).

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Kiwi expert cracks chip passport

2008-08-18 Thread Stefan Kelm
Peter,

 The original story was actually the coverage in the UK Times last week,

Which card reader(s) did you use?

Cheers,

Stefan.


Symposium Wirtschaftsspionage 03.09.2008 KA/Ettlingen
http://www.symposium-wirtschaftsspionage.de/
-
Stefan Kelm
Security Consulting

Secorvo Security Consulting GmbH
Ettlinger Strasse 12-14, D-76137 Karlsruhe
Tel. +49 721 255171-304, Fax +49 721 255171-100
[EMAIL PROTECTED], http://www.secorvo.de/
PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B

Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Kiwi expert cracks chip passport

2008-08-18 Thread Peter Gutmann
Stefan Kelm [EMAIL PROTECTED] writes:

 The original story was actually the coverage in the UK Times last week,

Which card reader(s) did you use?

Adam and I used the Omnikey Cardman 5321 (I'm not sure what Jeroen used,
probably the same), which is cheap, well-supported with drivers, and cheap.
Oh, and it's cheap too.  The card was a standard NXP JCOP 41, one country's
passport implementation didn't change the ATR so when you ping the passport it
returns the product ID in the response :-).  Having said that, going with the
JCOP 41 was more a case of OK, we'll use that too then rather than now we
know the secret so having the product ID returned in the ATR isn't really a
security problem.  In practice anything programmable with a 13.56MHz RFID
interface should do it, you don't have to specifically use a JCOP 41 card.  As
with the reader, the card just happened to be available and cheap.  Given that
people have built their own prox card emulators it wouldn't surprise me if
someone did the same for a 13.56MHz card (e.g. using the freely-available
OpenPICC design) so you can return foo'; DROP TABLE passports; -- as your
passport MRZ when the card is read :-).

One thing that wasn't mentioned in the news coverage is that, as with any
SCADA-type software, there are bound to be all manner of bugs and holes in the
various reader implementations just waiting to be exploited.  For example when
I was initially playing with creating signatures I just memcpy()d some fixed
data together to create something to sign and was surprised when the Golden
Reader software accepted invalid signed data that should have been rejected as
valid.  I also managed to crash it at one point, quickly fixed the problem,
and then spent the next day kicking myself for not recording what data I'd fed
in to cause this (all your readers are belong to buffer overflows).  I'm sure
there's going to be many more Black Hat/Defcon talks on this in the future.

Has there ever been any third-party analysis of passport reader software as
there has for voting-machine software?  By analysis I don't mean the usual
Common Criteria rubber-stamping, I mean actual independent scrutiny of the
code.

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Kiwi expert cracks chip passport

2008-08-17 Thread David G. Koontz
http://www.stuff.co.nz/4659100a28.html?source=RSStech_20080817


Peter Gutmann has gotten himself in the news along with Adam Laurie and
Jeroen van Beek for altering the passport microchip in a passport.

Think of this as a local boy makes good piece of news, well worth it for the
picture of Peter:

http://www.stuff.co.nz/images/748842.jpg


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]