Re: Kiwi expert cracks chip passport
[Not sure if this is still of general list interest, let's take the followups off-list. If anyone else wants to be included in the off-list discussion, let me know]. Stefan Kelm [EMAIL PROTECTED] writes: Did the Golden Reader Tool (GRT) recognize the Cardman reader w/o any modifications? The most current version I have (GRT v2.9) says in the ePassport Reader List: - Integrated Engineering Smart-ID - NMDA Tx-PR-400 - Philips Pegoda I sense Vista running on your machine :-). To get it to work I had to fire up XP and explicitly install the Omnikey drivers from their web site rather than using Windows auto-install to get them. It also runs well in Parallels on a Mac, although I haven't been able to get it to work under Vista. Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Kiwi expert cracks chip passport
Peter, Which card reader(s) did you use? Adam and I used the Omnikey Cardman 5321 Did the Golden Reader Tool (GRT) recognize the Cardman reader w/o any modifications? The most current version I have (GRT v2.9) says in the ePassport Reader List: - Integrated Engineering Smart-ID - NMDA Tx-PR-400 - Philips Pegoda Cheers, Stefan. Symposium Wirtschaftsspionage 03.09.2008 KA/Ettlingen http://www.symposium-wirtschaftsspionage.de/ - Stefan Kelm Security Consulting Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Kiwi expert cracks chip passport
David G. Koontz [EMAIL PROTECTED] writes: http://www.stuff.co.nz/4659100a28.html?source=RSStech_20080817 Peter Gutmann has gotten himself in the news along with Adam Laurie and Jeroen van Beek for altering the passport microchip in a passport. The original story was actually the coverage in the UK Times last week, http://www.timesonline.co.uk/tol/news/uk/crime/article4467098.ece. It was a three-person effort, Adam Laurie did the RFID part (via RFIDIOt), Jeroen van Beek did the passport software implementation and tying the whole thing together, all I did was the signing. We never touched the passport chip, what we showed was that it's possible to create your own fictitious e-passport that's accepted as valid by the reference Golden Reader Tool. In other words we showed that what security researchers had been warning about ever since e- passports were first proposed was actually possible, following the l0pht's motto Making the theoretical practical. Jeroen presented the work at Black Hat'08, http://www.blackhat.com/html/bh-usa-08/bh-usa-08-speakers.html#vanBeek. http://www.stuff.co.nz/images/748842.jpg Ugh, no, make it go away. (Alert readers may notice the anomaly with the carefully-placed monitor right behind my head, which is displaying something slightly different from the surrounding sea of Vista desktops :-). It's actually a file photo from a news story from the start of last year about Vista). Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Kiwi expert cracks chip passport
Peter, The original story was actually the coverage in the UK Times last week, Which card reader(s) did you use? Cheers, Stefan. Symposium Wirtschaftsspionage 03.09.2008 KA/Ettlingen http://www.symposium-wirtschaftsspionage.de/ - Stefan Kelm Security Consulting Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Kiwi expert cracks chip passport
Stefan Kelm [EMAIL PROTECTED] writes: The original story was actually the coverage in the UK Times last week, Which card reader(s) did you use? Adam and I used the Omnikey Cardman 5321 (I'm not sure what Jeroen used, probably the same), which is cheap, well-supported with drivers, and cheap. Oh, and it's cheap too. The card was a standard NXP JCOP 41, one country's passport implementation didn't change the ATR so when you ping the passport it returns the product ID in the response :-). Having said that, going with the JCOP 41 was more a case of OK, we'll use that too then rather than now we know the secret so having the product ID returned in the ATR isn't really a security problem. In practice anything programmable with a 13.56MHz RFID interface should do it, you don't have to specifically use a JCOP 41 card. As with the reader, the card just happened to be available and cheap. Given that people have built their own prox card emulators it wouldn't surprise me if someone did the same for a 13.56MHz card (e.g. using the freely-available OpenPICC design) so you can return foo'; DROP TABLE passports; -- as your passport MRZ when the card is read :-). One thing that wasn't mentioned in the news coverage is that, as with any SCADA-type software, there are bound to be all manner of bugs and holes in the various reader implementations just waiting to be exploited. For example when I was initially playing with creating signatures I just memcpy()d some fixed data together to create something to sign and was surprised when the Golden Reader software accepted invalid signed data that should have been rejected as valid. I also managed to crash it at one point, quickly fixed the problem, and then spent the next day kicking myself for not recording what data I'd fed in to cause this (all your readers are belong to buffer overflows). I'm sure there's going to be many more Black Hat/Defcon talks on this in the future. Has there ever been any third-party analysis of passport reader software as there has for voting-machine software? By analysis I don't mean the usual Common Criteria rubber-stamping, I mean actual independent scrutiny of the code. Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
