Download - DEFCON Presentation
-
8/6/2019 DEFCON Presentation
1/116
Bypassing Smart-Card
Authentication and Blocking
Debiting:
Jonathan LeeNeil Pahl
Vulnerabilities in Atmel Cryptomemory basedStored-Value Systems
-
8/6/2019 DEFCON Presentation
2/116
Primer
Who are we?
Jonathan Lee UBC Computer Engineeringstudent
Neil Pahl UBC Electrical Engineering, recentgraduate
-
8/6/2019 DEFCON Presentation
3/116
Disclaimer !
- We are not (yet) security industry
professionals or 1337 code-breaking hackers
- We did not break Smart Card Security
- But, we can show that even with introductorysecurity knowledge, we were able to find
vulnerability in a secure systems
implementation
-
8/6/2019 DEFCON Presentation
4/116
Primer
What do we know about Security?
EECE 412: Intro to Computer Security Fundamental Security Principles
Cryptography
Authentication
Access Control
Secure Design
-
8/6/2019 DEFCON Presentation
5/116
Primer
What Was Our Motivation For this Project?
Term Project to Perform a Security Analysis(Opportunity to Legitimately try Cool Hacks)
Smart Cards are synonymous with Security
We hoped to emulate known replay attacks on anearby Smart Card laundry system
-
8/6/2019 DEFCON Presentation
6/116
Primer
Why should anyone care about our Hack?
Companies spend time and money to add more
security functions to their products
However, security functions cannot protect the
system if they are not implemented thoughtfully
-
8/6/2019 DEFCON Presentation
7/116
History?
The need for Authentication + Encryption
Joe Grand (2009) SF parking meters, vulnerable
to replay attack
Strom Carlson (2006) Fedex Kinkos SLE4442,
vulnerable to simple password replay
-
8/6/2019 DEFCON Presentation
8/116
Early Efforts
Smart card laundry machine (stored value card)
-
8/6/2019 DEFCON Presentation
9/116
Early Efforts
We were thinking of trying some of the usualattacks:
Could we simply read and modify monetary valuesdirectly on the card?
Could we sniff out read/write passwords?
Could we perform replay attacks?
But, the success of these attacks depend on thesecurity measures in place
-
8/6/2019 DEFCON Presentation
10/116
Early Efforts
A few Google searches lead us to an interestingblog of someone attempting to hack a laundrysystem (http://tinyurl.com/2csk6dr)
Their success was limited to reading theconfiguration settings from the card.
We couldnt confirm it yet, but we decided to startwith the assumption that our system used thesame chip.
http://tinyurl.com/2csk6drhttp://tinyurl.com/2csk6dr -
8/6/2019 DEFCON Presentation
11/116
Early Efforts
Atmel CryptoMemory AT88SC0404 Smart-card
ATR: 3B B2 11 00 10 80 00 04
-
8/6/2019 DEFCON Presentation
12/116
Early Efforts
High Security Features:
64-bit Mutual Authentication Protocol (under license
of ELVA)
Encrypted Checksum
Stream Encryption
Four Key Sets for Authentication and Encryption
Eight Sets of Two 24-bit Passwords
Anti-tearing Function
Voltage and Frequency Monitor
-
8/6/2019 DEFCON Presentation
13/116
Early Efforts
Security Modes:
Standard/password mode is Default
Command sequences are needed to enter othersecurity modes
-
8/6/2019 DEFCON Presentation
14/116
Atmel CryptoMemory AT88SC0404
-
8/6/2019 DEFCON Presentation
15/116
Atmel CryptoMemory AT88SC0404
-
8/6/2019 DEFCON Presentation
16/116
Atmel CryptoMemory AT88SC0404
Interpreting the Memory Dump:
-
8/6/2019 DEFCON Presentation
17/116
Atmel CryptoMemory AT88SC0404
Interpreting the Memory Dump:
Addresses
-
8/6/2019 DEFCON Presentation
18/116
Atmel CryptoMemory AT88SC0404
Interpreting the Memory Dump:
Addresses
Status - Access Granted
-
8/6/2019 DEFCON Presentation
19/116
Atmel CryptoMemory AT88SC0404
Interpreting the Memory Dump:
Addresses
Status - Access Granted
Status - Access Denied
-
8/6/2019 DEFCON Presentation
20/116
Atmel CryptoMemory AT88SC0404
Interpreting the Memory Dump:
DCR Data Config Reg
-
8/6/2019 DEFCON Presentation
21/116
Atmel CryptoMemory AT88SC0404
Interpreting the Memory Dump:
DCR Data Config Reg
1011 1111
-
8/6/2019 DEFCON Presentation
22/116
Atmel CryptoMemory AT88SC0404
Interpreting the Memory Dump:
DCR Data Config Reg
1011 1111
4 Authen. Attempts Allowed
-
8/6/2019 DEFCON Presentation
23/116
Atmel CryptoMemory AT88SC0404
Interpreting the Memory Dump:
DCR Data Config Reg
1011 1111
4 Authen. Attempts Allowed
Authen. Attemps Counter Enabled
-
8/6/2019 DEFCON Presentation
24/116
-
8/6/2019 DEFCON Presentation
25/116
Atmel CryptoMemory AT88SC0404
Interpreting the Memory Dump:
ARn Access Registers
1101 1111
-
8/6/2019 DEFCON Presentation
26/116
Atmel CryptoMemory AT88SC0404
Interpreting the Memory Dump:
ARn Access Registers
1101 1111
Encryption not necessary
-
8/6/2019 DEFCON Presentation
27/116
Atmel CryptoMemory AT88SC0404
Interpreting the Memory Dump:
ARn Access Registers
1101 1111
Encryption not necessary
no read/write passwords
-
8/6/2019 DEFCON Presentation
28/116
Atmel CryptoMemory AT88SC0404
Interpreting the Memory Dump:
ARn Access Registers
1101 1111
Encryption not necessary
no read/write passwords
Authentication required for
read/write command use
-
8/6/2019 DEFCON Presentation
29/116
Atmel CryptoMemory AT88SC0404
We Now Know: What it Tells Us:
-
8/6/2019 DEFCON Presentation
30/116
Atmel CryptoMemory AT88SC0404
We Now Know: Authentication Attempts
Counter Enabled
4 Authentication AttemptsAllowed
What it Tells Us:
Brute force key cracking is
impossible
-
8/6/2019 DEFCON Presentation
31/116
Atmel CryptoMemory AT88SC0404
We Now Know: Authentication Attempts
Counter Enabled
4 Authentication AttemptsAllowed
Encryption not necessary
What it Tells Us:
Brute force key cracking is
impossible
Might be able to sniff
read/write passwords
-
8/6/2019 DEFCON Presentation
32/116
Atmel CryptoMemory AT88SC0404
We Now Know: Authentication Attempts
Counter Enabled
4 Authentication AttemptsAllowed
Encryption not necessary
No read/write passwords
What it Tells Us:
Brute force key cracking is
impossible
Might be able to sniff
read/write passwords
No Passwords to sniff
-
8/6/2019 DEFCON Presentation
33/116
Atmel CryptoMemory AT88SC0404
We Now Know: Authentication Attempts
Counter Enabled
4 Authentication AttemptsAllowed
Encryption not necessary
No read/write passwords
Authentication required
for read/write command
use
What it Tells Us:
Brute force key cracking is
impossible
Might be able to sniff
read/write passwords
No Passwords to sniff
System will be run
under Authentication Mode
mode
-
8/6/2019 DEFCON Presentation
34/116
Atmel CryptoMemory AT88SC0404
Recall the Security Modes:
MAC Value used for data integrity check is a
checksum encrypted by a session key
This rules out Replay Attack!
-
8/6/2019 DEFCON Presentation
35/116
Early Findings
A simple replay attack isnt possible
And we have no expertise or time for crypto-
analysis of authentication procedure either
(6 weeks!!)
Whats left?
-
8/6/2019 DEFCON Presentation
36/116
-
8/6/2019 DEFCON Presentation
37/116
A HypothesisWhat would be the most logical implementation of this
type of system?
-
8/6/2019 DEFCON Presentation
38/116
A HypothesisWhat would be the most logical implementation of this
type of system?
Would there be a MiM opportunity here?
-
8/6/2019 DEFCON Presentation
39/116
Alice, Bob and Trudy
Man in the middle concept
Can we apply this in hardware?
-
8/6/2019 DEFCON Presentation
40/116
MACHINE-TO-CARD
COMMUNICATION
-
8/6/2019 DEFCON Presentation
41/116
Machine-to-Card Communication
Sniffing Tools:
Modified Smart Card
RESET
GROUND
DATA IO
CLOCK
-
8/6/2019 DEFCON Presentation
42/116
Machine-to-Card Communication
Sniffing Tools:
Modified Smart Card
Logic Analyzer
-
8/6/2019 DEFCON Presentation
43/116
-
8/6/2019 DEFCON Presentation
44/116
Machine-to-Card Communication
Communication Flow(Before Pressing Start): Card Sends Answer To Reset (ATR)
Machine Reads 8-Byte Cryptogram and 7-Byte IDo Machine uses Cryptogram to compute challenge value
Machine Sends Authentication Request Commando Machine sends 16-Byte challenge value and nonce
o Card uses challenge to compute new cryptogram
Machine Reads new8-Byte Cryptogramo New cryptogram is verified
Machine Reads from User Zones
-
8/6/2019 DEFCON Presentation
45/116
Machine-to-Card Communication
Communication Flow(Before Pressing Start): Card Sends Answer To Reset (ATR)
Machine Reads 8-Byte Cryptogram and 7-Byte IDo Machine uses Cryptogram to compute challenge value
Machine Sends Authentication Request Commando Machine sends 16-Byte challenge value and nonce
o Card uses challenge to compute new cryptogram
Machine Reads new8-Byte Cryptogramo New cryptogram is verified
Machine Reads from User Zones
-
8/6/2019 DEFCON Presentation
46/116
Machine-to-Card Communication
Communication Flow(Before Pressing Start): Card Sends Answer To Reset (ATR)
Machine Reads 8-Byte Cryptogram and 7-Byte IDo Machine uses Cryptogram to compute challenge value
Machine Sends Authentication Request Commando Machine sends 16-Byte challenge value and nonce
o Card uses challenge to compute new cryptogram
Machine Reads new8-Byte Cryptogramo New cryptogram is verified
Machine Reads from User Zones
-
8/6/2019 DEFCON Presentation
47/116
Machine-to-Card Communication
Communication Flow(Before Pressing Start): Card Sends Answer To Reset (ATR)
Machine Reads 8-Byte Cryptogram and 7-Byte IDo Machine uses Cryptogram to compute challenge value
Machine Sends Authentication Request Commando Machine sends 16-Byte challenge value and nonce
o Card uses challenge to compute new cryptogram
Machine Reads new8-Byte Cryptogramo New cryptogram is verified
Machine Reads from User Zones
-
8/6/2019 DEFCON Presentation
48/116
Machine-to-Card Communication
Communication Flow(Before Pressing Start): Card Sends Answer To Reset (ATR)
Machine Reads 8-Byte Cryptogram and 7-Byte IDo Machine uses Cryptogram to compute challenge value
Machine Sends Authentication Request Commando Machine sends 16-Byte challenge value and nonce
o Card uses challenge to compute new cryptogram
Machine Reads new8-Byte Cryptogramo New cryptogram is verified
Machine Reads from User Zones
-
8/6/2019 DEFCON Presentation
49/116
Machine-to-Card Communication
Communication Flow(Before Pressing Start): Card Sends Answer To Reset (ATR)
Machine Reads 8-Byte Cryptogram and 7-Byte IDo Machine uses Cryptogram to compute challenge value
Machine Sends Authentication Request Commando Machine sends 16-Byte challenge value and nonce
o Card uses challenge to compute new cryptogram
Machine Reads new8-Byte Cryptogramo New cryptogram is verified
Machine Reads from User Zones
-
8/6/2019 DEFCON Presentation
50/116
Machine-to-Card Communication
Communication Flow(After Pressing Start):
Machine Reads from User Zones
Machine Writes Newly Decremented Balance to User
Zones (Using 3 Write Commands)
l** Read and Write Commands Require Trailing CheckSum Cmds
-
8/6/2019 DEFCON Presentation
51/116
Machine-to-Card Communication
Communication Flow(After Pressing Start):
Machine Reads from User Zones
Machine Writes Newly Decremented Balance to User
Zones (Using 3 Write Commands)
l** Read and Write Commands Require Trailing CheckSum Cmds
-
8/6/2019 DEFCON Presentation
52/116
Machine-to-Card Communication
Communication Flow(After Pressing Start):
Machine Reads from User Zones
Machine Writes Newly Decremented Balance to User
Zones (Using 3 Write Commands)
l** Read and Write Commands Require Trailing CheckSum Cmds
-
8/6/2019 DEFCON Presentation
53/116
Machine-to-Card Communication
Communication Flow(After Pressing Start):
Machine Reads from User Zones
Machine Writes Newly Decremented Balance to User
Zones (Using 3 Write Commands)
l** Read and Write Commands Require Trailing CheckSum Cmds
-
8/6/2019 DEFCON Presentation
54/116
Machine-to-Card Communication
Looking closely at the final 3 write commands:
-
8/6/2019 DEFCON Presentation
55/116
Machine-to-Card Communication
Looking closely at the final 3 write commands:
5-Character Command
INS ADDRESS NCLA
-
8/6/2019 DEFCON Presentation
56/116
Machine-to-Card Communication
Looking closely at the final 3 write commands:
5-Character Command
Card replies with INS
INS ADDRESS NCLA
-
8/6/2019 DEFCON Presentation
57/116
Machine-to-Card Communication
Looking closely at the final 3 write commands:
5-Character Command
Card replies with INS
INS ADDRESS NCLA
N-Data Bytes (8)
-
8/6/2019 DEFCON Presentation
58/116
Machine-to-Card Communication
Looking closely at the final 3 write commands:
5-Character Command
Card replies with INS
INS ADDRESS NCLA
N-Data Bytes (8)
Card Sends Status
(waiting for cksm)
-
8/6/2019 DEFCON Presentation
59/116
Machine-to-Card Communication
Looking closely at the final 3 write commands:
5-Character Command
Card replies with INS
INS ADDRESS NCLA
N-Data Bytes (8)
Card Sends Status
(waiting for cksm)
-
8/6/2019 DEFCON Presentation
60/116
Machine-to-Card Communication
Looking closely at the final 3 write commands:
5-Character Command
Card replies with INS
INS ADDRESS NCLA
N-Data Bytes (8)
Card Sends Status
(waiting for cksm)
5-Character Command
-
8/6/2019 DEFCON Presentation
61/116
Machine-to-Card Communication
Looking closely at the final 3 write commands:
5-Character Command
Card replies with INS
INS ADDRESS NCLA
N-Data Bytes (8)
Card Sends Status
(waiting for cksm)
5-Character Command
Card replies
-
8/6/2019 DEFCON Presentation
62/116
Machine-to-Card Communication
Looking closely at the final 3 write commands:
5-Character Command
Card replies with INS
INS ADDRESS NCLA
N-Data Bytes (8)
Card Sends Status
(waiting for cksm)
5-Character Command
Card replies
CheckSum sent
-
8/6/2019 DEFCON Presentation
63/116
Machine-to-Card Communication
Looking closely at the final 3 write commands:
5-Character Command
Card replies with INS
INS ADDRESS NCLA
N-Data Bytes (8)
Card Sends Status
(waiting for cksm)
5-Character Command
Card replies
CheckSum sent
Card Sends Status
(OK)
-
8/6/2019 DEFCON Presentation
64/116
-
8/6/2019 DEFCON Presentation
65/116
The Vulnerability
The Plan:
-
8/6/2019 DEFCON Presentation
66/116
The Vulnerability
Recall the writing process
5-Character Command
Card replies with INS
INS ADDRESS NCLA
N-Data Bytes (8)
Card Sends Status
(waiting for cksm)
5-Character Command
Card replies
CheckSum sent
Card Sends Status
(OK)
-
8/6/2019 DEFCON Presentation
67/116
The Vulnerability
the Machine expects non-unique replies
Card replies with INS Card Sends Status
(waiting for cksm)
Card replies Card Sends Status
(OK)
-
8/6/2019 DEFCON Presentation
68/116
The Vulnerability
THERE IS NO SECURE RECEIPT AFTER WRITING!
- The card confirms that data from the Host is
legitimate
- However, the Host is not assured that the
writing actually took place
-
8/6/2019 DEFCON Presentation
69/116
The Vulnerability
What a hacker needs to do:
5-Character Command
INS ADDRESS NCLA
-
8/6/2019 DEFCON Presentation
70/116
The Vulnerability
What a hacker needs to do:
5-Character Command
Fake This Reply
INS ADDRESS NCLA
-
8/6/2019 DEFCON Presentation
71/116
The Vulnerability
What a hacker needs to do:
5-Character Command
Fake This Reply
INS ADDRESS NCLA
Block These Data Bytes
-
8/6/2019 DEFCON Presentation
72/116
The Vulnerability
What a hacker needs to do:
5-Character Command
Fake This Reply
INS ADDRESS NCLA
Block These Data Bytes
Fake This Status
(waiting for cksm)
-
8/6/2019 DEFCON Presentation
73/116
The Vulnerability
What a hacker needs to do:
5-Character Command
Fake This Reply
INS ADDRESS NCLA
Block These Data Bytes
Fake This Status
(waiting for cksm)
5-Character Command
-
8/6/2019 DEFCON Presentation
74/116
The Vulnerability
What a hacker needs to do:
5-Character Command
Fake This Reply
INS ADDRESS NCLA
Block These Data Bytes
Fake This Status
(waiting for cksm)
5-Character Command
Fake This Reply
-
8/6/2019 DEFCON Presentation
75/116
The Vulnerability
What a hacker needs to do:
5-Character Command
Fake This Reply
INS ADDRESS NCLA
Block These Data Bytes
Fake This Status
(waiting for cksm)
5-Character Command
Fake This Reply
Block CheckSum
-
8/6/2019 DEFCON Presentation
76/116
The Vulnerability
What a hacker needs to do:
5-Character Command
Fake This Reply
INS ADDRESS NCLA
Block These Data Bytes
Fake This Status
(waiting for cksm)
5-Character Command
Fake This Reply
Block CheckSum
Fake This Status
(OK)
-
8/6/2019 DEFCON Presentation
77/116
VULNERABILITY EXPLOITATION
-
8/6/2019 DEFCON Presentation
78/116
Vulnerability Exploitation
MCU
MUX SWITCH
REAL CARDDUMMY CARDIOIO
CLK, RST
Control
Logic
l b l l
-
8/6/2019 DEFCON Presentation
79/116
2 Strategies:
Vulnerability Exploitation
MCU
MUX SWITCH
REAL CARDDUMMY CARDIOIO
CLK, RST
Control
Logic
l b l l
-
8/6/2019 DEFCON Presentation
80/116
2 Strategies:
Microcontroller Forwarding
Vulnerability Exploitation
MCU
MUX SWITCH
REAL CARDDUMMY CARDIOIO
CLK, RST
Control
Logic
l bili l i i
-
8/6/2019 DEFCON Presentation
81/116
2 Strategies:
Microcontroller Forwarding
MUX Forwarding
Vulnerability Exploitation
MCU
MUX SWITCH
REAL CARDDUMMY CARDIOIO
CLK, RST
Control
Logic
V l bili E l i i
-
8/6/2019 DEFCON Presentation
82/116
Vulnerability Exploitation
LINE 1 : Machine to Microcontroller Node
LINE 2 : Microcontroller to Card Node
Answer To Reset is being forwarded through the MUX
switch (No Delay)
V l bili E l i i
-
8/6/2019 DEFCON Presentation
83/116
Vulnerability Exploitation
Subsequent commands are being forwarded through
the microcontroller
V l bili E l i i
-
8/6/2019 DEFCON Presentation
84/116
Vulnerability Exploitation
Subsequent commands are being forwarded through
the microcontroller (1 Character Delay)
V l bilit E l it ti
-
8/6/2019 DEFCON Presentation
85/116
Vulnerability Exploitation
V l bilit E l it ti
-
8/6/2019 DEFCON Presentation
86/116
Vulnerability Exploitation
Recognized Write Command
V l bilit E l it ti
-
8/6/2019 DEFCON Presentation
87/116
Vulnerability Exploitation
Recognized Write Command
Blocked all further communication to the card (Open Mux Switch)
V l bilit E l it ti
-
8/6/2019 DEFCON Presentation
88/116
Vulnerability Exploitation
Recognized Write Command
Blocked all further communication to the card (Open Mux Switch)
Forged Confirmation of Write Back to Machine
V l bilit E l it ti
-
8/6/2019 DEFCON Presentation
89/116
Vulnerability Exploitation
The Final Product:
Value of Components:
Less than $15
A M V l biliti ?
-
8/6/2019 DEFCON Presentation
90/116
Any More Vulnerabilities?
Session Hijacking: Allow system to reach the authenticated state
MIM communicates exclusively with smart card
Dump the protected user zones
A M V l biliti ?
-
8/6/2019 DEFCON Presentation
91/116
Any More Vulnerabilities?
Session Hijacking: Allow system to reach the authenticated state
MIM communicates exclusively with smart card
Dump the protected user zones
Our Injected command toread 0x7F bytes starting at
address 0x00Smart Card begins spewing its
guts out
Any More Vulnerabilities?
-
8/6/2019 DEFCON Presentation
92/116
Any More Vulnerabilities?
Analysing the Protected User Memory:
Any More Vulnerabilities?
-
8/6/2019 DEFCON Presentation
93/116
Any More Vulnerabilities?
Analysing the Protected User Memory: System uses History Buffer
Slot #1 Slot #2 Slot #3@1
Reference: Holds location of Current Card Value
Memory Slots: History of Values
Any More Vulnerabilities?
-
8/6/2019 DEFCON Presentation
94/116
Analysing the user memory: System uses History Buffer
For example,
@1
Any More Vulnerabilities?
$5 null null
MachineTimes Used: 0
Any More Vulnerabilities?
-
8/6/2019 DEFCON Presentation
95/116
Analysing the user memory: System uses History Buffer
For example,
@1
Any More Vulnerabilities?
$5 null null
Machine
Reads a 1
Times Used: 0
Any More Vulnerabilities?
-
8/6/2019 DEFCON Presentation
96/116
Any More Vulnerabilities?
Analysing the user memory: System uses History Buffer
For example,
$5 null null
Machine
Reads card
value @1
@1
Times Used: 0
Any More Vulnerabilities?
-
8/6/2019 DEFCON Presentation
97/116
Any More Vulnerabilities?
Analysing the user memory: System uses History Buffer
For example,
$5 $4 null
Machine
Writes new Value to slot 2
@1
Times Used: 0
Any More Vulnerabilities?
-
8/6/2019 DEFCON Presentation
98/116
@2
Any More Vulnerabilities?
Analysing the user memory: System uses History Buffer
For example,
$5 $4 null
MachineUpdates reference
to value
Times Used: 0
Any More Vulnerabilities?
-
8/6/2019 DEFCON Presentation
99/116
@2
Any More Vulnerabilities?
Analysing the user memory: System uses History Buffer
For example,
$5 $4 null
MachineTimes Used: 1
Any More Vulnerabilities?
-
8/6/2019 DEFCON Presentation
100/116
@2
Any More Vulnerabilities?
Analysing the user memory: System uses History Buffer
For example,
$5 $4 null
MachineTimes Used: 1
Reads a 2
Any More Vulnerabilities?
-
8/6/2019 DEFCON Presentation
101/116
@2
Any More Vulnerabilities?
Analysing the user memory: System uses History Buffer
For example,
$5 $4 null
MachineTimes Used: 1
Reads card
value @2
Any More Vulnerabilities?
-
8/6/2019 DEFCON Presentation
102/116
@2
Any More Vulnerabilities?
Analysing the user memory: System uses History Buffer
For example,
$5 $4 $3
MachineTimes Used: 1
Writes new Value to slot 3
Any More Vulnerabilities?
-
8/6/2019 DEFCON Presentation
103/116
@3
Analysing the user memory: System uses History Buffer
For example,
Any More Vulnerabilities?
$5 $4 $3
MachineTimes Used: 1
Updates reference
to value
Any More Vulnerabilities?
-
8/6/2019 DEFCON Presentation
104/116
@3
Analysing the user memory: System uses History Buffer
For example,
Any More Vulnerabilities?
$5 $4 $3
MachineTimes Used: 2
Any More Vulnerabilities?
-
8/6/2019 DEFCON Presentation
105/116
Can this system be manipulated?
Any More Vulnerabilities?
$5 $4 $3
MachineTimes Used: 2
@3
-
8/6/2019 DEFCON Presentation
106/116
Any More Vulnerabilities?
-
8/6/2019 DEFCON Presentation
107/116
Can this system be manipulated? When the final memory slot is reached, what if
Any More Vulnerabilities?
$5 $4 $3
MachineTimes Used: 2
@3
Reads a 3
Any More Vulnerabilities?
-
8/6/2019 DEFCON Presentation
108/116
Can this system be manipulated? When the final memory slot is reached, what if
Any More Vulnerabilities?
$5 $4 $3
MachineTimes Used: 2
@3
Reads card
value @3
Any More Vulnerabilities?
-
8/6/2019 DEFCON Presentation
109/116
Can this system be manipulated? When the final memory slot is reached, what if
Any More Vulnerabilities?
$5 $4 $2
MachineTimes Used: 2
@3
Write is redirected to slot 3MIM
Any More Vulnerabilities?
-
8/6/2019 DEFCON Presentation
110/116
@1
Can this system be manipulated? When the final memory slot is reached, what if
Any More Vulnerabilities?
$5 $4 $2
MachineTimes Used: 2
Updates reference
to value
Any More Vulnerabilities?
-
8/6/2019 DEFCON Presentation
111/116
@1
Can this system be manipulated? When the final memory slot is reached, what if
Any More Vulnerabilities?
$5 $4 $2
MachineTimes Used: 3
The card will now hold the original $5 value!
-
8/6/2019 DEFCON Presentation
112/116
Any More Vulnerabilities?
-
8/6/2019 DEFCON Presentation
113/116
Any More Vulnerabilities?
Machine
New Value is redirected to overlap
Slot #1 Slot #3@3
MIM
What value will slot #1 hold?
Slot #2
Any More Vulnerabilities?
-
8/6/2019 DEFCON Presentation
114/116
Any More Vulnerabilities?
So we tried to redirect the write
But, were denied.
Summary
-
8/6/2019 DEFCON Presentation
115/116
Summary
Communications that end in write commandare not secure!
Even though Atmel App note recommends thisexact behaviour
Fix: End Communication with a read command to verify the
new card value
Summary
-
8/6/2019 DEFCON Presentation
116/116
Summary
Dump User Zone memory using MiM andsession Hijacking
Fix:
Use encryption mode
Host side tamper detection(voltage/current monitor)
MONTAGE VIDEO TIME!!!