Specifications

ManualsBrandsClassic Electronics ManualsUniversal RemoteSmart 4F

SMART CARDS LAB

UCL M.Sc. in Information Security 2011

Nicolas T. COURTOIS

Room 7.06a., Computer Science, University College London,

Gower Street, WC1E 6BT, London, UK

n.courtois@ucl.ac.uk

http://www.cs.ucl.ac.uk/staff/N.Courtois/

Abstract

This is an interactive pdf form to ﬁll. It is not graded.

The form can be ﬁlled with Acrobat Reader or with other appropri-

ate software, see below. BUT, beware: All changes to the document

are lost with Acrobat Reader, it is NOT able to save forms.

The document with changes can be saved reliably if it is opened

with the full ”professional” (paid) version of Adobe Acrobat. A free

and tested alternative (recommended) is FoxIt 3.1 which can be down-

loaded for free from the Internet. Further alternatives include printing

the document with a printer (real paper printer), or printing it as a pdf

ﬁle with GNU pdf creator (free), but this usually fails if we try to print

the whole document at once, which apparently can be circumvented

by printing a selection of pages at one time.

1 Copyright

The copyright for the present documents belongs to Nicolas T. Courtois

and University College London. This document cannot be distributed to

people not enrolled in COMPGA12 unless explicitly authorized by Nicolas

T. Courtois.

Summary of content (59 pages)

PAGE 1
SMART CARDS LAB UCL M.Sc. in Information Security 2011 Nicolas T. COURTOIS Room 7.06a., Computer Science, University College London, Gower Street, WC1E 6BT, London, UK n.courtois@ucl.ac.uk http://www.cs.ucl.ac.uk/staff/N.Courtois/ Abstract This is an interactive pdf form to fill. It is not graded. The form can be filled with Acrobat Reader or with other appropriate software, see below. BUT, beware: All changes to the document are lost with Acrobat Reader, it is NOT able to save forms.
PAGE 2
Smart Cards Lab 2 COMPGA12 University College London Structure of the Smart Cards Lab Students may skip some parts or do them in a different order. • Section 4: Software Setup. • Section 7: Smart card commands ABC. • Section 8: How to identify smart card products and individual smart cards by ATR and UID, anonymity issues. Anti-collision mechanisms. • Section 11: Exploring an electronic passport. • Section 12: Exploring RFID Memory Cards, Oyster Cards, Building Passes etc.
PAGE 3
Smart Cards Lab 4 COMPGA12 University College London Hardware and Software Setup 4.1 PC/SC Interface for Smart Card Readers PC/SC Interface in Windows Smart card commands are called APDUs, see Section 7. In Windows, the support for smart card commands (APDUs) is included through the so called PC/SC interface that is included in windows (uses winscard.dll) and does not require any installation. The only thing that needs to be installed are drivers for specific smart card readers.
PAGE 4
Smart Cards Lab 4.3 COMPGA12 University College London Drivers For Windows: For ACR122, and for Windows XP, drivers are in \Smart Cards Lab docs and free software\drivers\ ACR 122 driver 09 2008\ACR122U_inst_Win_0101_P\ For ACR122, and for Windows Vista or 7, the drivers sometimes are not needed (built-in CCID driver) and otherwise can be found in \Smart Cards Lab docs and free software\drivers\ ACR122 Windows 7 drivers 2011\ Also drivers can be found on the Internet, for example at: http://www.
PAGE 5
Smart Cards Lab COMPGA12 University College London http://linux.die.net/man/1/opensc-tool Probably requires to install some packages such as openct and pcsc-lite... APDU Tools - Windows (recommended) Any of these can be used: (the first two are recommended): 1. A simple ready program SCardDemo.exe is provided in the folder \APDUtools\SCardDemo.exe. The source code for this program is essentially the same as the source code for TimingAttackDemo which is provided, see also Section 17. 2.
PAGE 6
Smart Cards Lab 5 COMPGA12 University College London rfidiot library The rfidiot library is developed by Adam Laurie, a well-known English security researcher. It works under Windows, Mac and Linux. It is based on pyscard, a French Python library by Jean-Daniel Aussel from Gemalto and a few other Python libraries such as pycrypt. 5.0.1 Installing and configuring rfidiot We will only describe how to do things under Windows.
PAGE 7
Smart Cards Lab COMPGA12 University College London 1. Install Python Imaging http://www.pythonware.com/products/ pil/ 2. Install pyscard, http://pyscard.sourceforge.net/ 3. Install pyserial, http://pyserial.sourceforge.net/ 4. Install also pywin32-213.win32-py2.5 package (only sometimes needed). http://sourceforge.net/projects/pywin32/. 5. Install pycrypt http://www.amk.ca/python/writing/pycrypt/ and http://www.pythonware.com/products/pil/ A ready installer for pycrypt is provided.
PAGE 8
Smart Cards Lab 5.0.5 COMPGA12 University College London Installation Directory Files from the rfidiot installation can be for example copied to C:\Program Files\rfidiot 6 rfidiot Tips Documentation: http://rfidiot.org/documentation.html 6.1 Change the Reader Several Smart Card readers can be connected to a PC. Omnikey 5321 Actually contains two readers in one box. To change the smart card reader, use -r0 or -r1, with any command: C:\Program Files\rfidiot>isotype.
PAGE 9
Smart Cards Lab 7 COMPGA12 University College London APDUs Smart Card commands are called APDUs (Application Protocol Data Unit). They are strings of bytes, written in order of their transmission. The card is only answering to commands (master/slave principle, halfduplex) and never initiates any communication. Quiz We call an C-APDU a: APDU used in contactless smart cards string of bytes sent to the smart card.
PAGE 10
Smart Cards Lab COMPGA12 University College London Some Application Independent Error Messages These or similar codes will be used in bank cards, GSM etc. . 7.2 Vendor Extensions Specific families of smart cards will only use or implement some parts of commands, that can have a slightly different behavior, or even differ considerably from ISO 7816-4. For example: Quiz The set of commands for GSM cards is specified in ISO 7816-17 ETSI GSM 11-11.
PAGE 11
Smart Cards Lab 8 COMPGA12 University College London How to Identify a Smart Card Here there is no command. The command is to physically RESET the card (for example switch the power off and on, or connect RESET contact C2 to VCC for a short while). Then the card responds with a string of bytes. This is called ATR = Answer To Reset. Quiz ATR is a nested structure defined in ISO 7816-1 ISO 7816-3. ATR is a sort of unique ID of a smart card product.
PAGE 12
Smart Cards Lab COMPGA12 University College London This displays the ATR values and decodes them. This works well only for contactless cards, and a few other. If this does not work, we can try also cd C:\Program Files\rfidiot cardselect.py If still no success, try to disconnect the reader from the USB port, close all the other applications that talk to smart cards, and connect only one PC/SC reader at a time.
PAGE 13
Smart Cards Lab COMPGA12 RID: University College London 0C 12 bytes follow A000000306 PC/SC Workgroup PIX: 03000100000000 SS: 03 ISO 14443 A, part 3 Name: 0001 Mifare Standard 1K RFU: 00000000 Checksum TCK: 6A (OK) The Initial Header It specifies the relationship between A/Z and 0/1 where Z=high voltage, A=low voltage. This byte is either: 1. TS = ’3B’ for a direct convention [originates from Germany], where A=0, Z=1. 2. TS = ’3F’ for the inverse convention [originates from France], with A=1, Z=0.
PAGE 14
Smart Cards Lab COMPGA12 University College London In fact with an RFID reader there is no serial communication between the card and the reader at all. The PC/SC layer and the reader basically simulate the presence of a smart cards, so that RFID smart cards are seen as normal smart cards with contact. So T=CL is just a convention to say it is something completely different than T=0 or T=1, Commands are translated by the reader’s firmware in a non-transparent way.
PAGE 15
Smart Cards Lab COMPGA12 University College London Example 4: You SIM card ATR (with a USB SIM reader, or with a normal reader such as Omnikey 5321 and a simple adaptor. Type in the ATR obtained: Copy here are the explanations given by the program: 8.5 ATR and ATS, RFID/Contacless Cards With RFID cards, there is no ATR. But there is ATS = Answer To Select.
PAGE 16
Smart Cards Lab COMPGA12 University College London that powers the passport (if the passport is continuously powered, the ATR stays the same). Your own passport: Country: ⇒ UID is , issued: , VERY IMPORTANT: For the ATR to change, you MUST remove the passport from the magnetic field, and put it back again. This is equivalent to RESET, (or power off and back on) for a normal smart card with contact.
PAGE 17
Smart Cards Lab 9 COMPGA12 University College London Unique ID for RFID Tags: It is fixed, usually stored in the first block, that is read-only, and can never be changed. This read-only feature is currently the main reason why a blank card cannot be used as a clone of an Oyster card (all the other data can be copied). Motto: software cannot be protected by software. cd C:\Program Files\rfidiot cardselect.py Example 1: Your Oyster Card UID: Example 2: Your university smart card UID: 9.
PAGE 18
Smart Cards Lab COMPGA12 University College London because though the functionality implemented may seem the same, the security will usually be degraded in cloned products. Interestingly, such authentication data available inside the smart card, that can be protected against modification also by a hardware mechanism. Then one card cannot be reprogrammed to simulate another card. 10.
PAGE 19
Smart Cards Lab 11 COMPGA12 University College London Exploring an Electronic Passport We are going to implement (with high-level standard APDUs) the first steps of a typical transaction between the RFID reader at the border, and an electronic passport. With any APDU tool we execute the following sequence: GET CARD SERIAL NUMBER CLA INS P1 P2 Le FF CA 00 00 00 Write here the answer received: And here are some error messages you may get: .
PAGE 20
Smart Cards Lab 11.1 COMPGA12 University College London Basic Access Control Now the reader and the passport do a mutual cryptographic authentication as specified in the Basic Access Control. It is done following ISO 11770-2. The high level description is as follows: 1. The passport and the terminal have a shared 224-bit double triple DES key (written on 2 · 128 bits) K = (KM AC , KEN C ), computed from the MRZ. 2. The passport generates two randoms rA on 64 bits and KA on 128 bits.
PAGE 21
Smart Cards Lab COMPGA12 University College London Here we will implement only the first step. GET CHALLENGE CLA INS P1 P2 00 84 00 00 Le 08 Where Le is the length of the expected answer, which is 64 bits. The answer will be a 64-bit random: We will stop the exploration ’by hand’ here, one now needs to compute the correct cryptogram. 11.
PAGE 22
Smart Cards Lab 12 COMPGA12 University College London High-Level Exploration of RFID Memory Cards on the Example of MiFare Classic We will be further exploring MiFare Classic cards. 12.1 Software and Hardware Setup and Troubleshooting Again we use one of the APDU programs described in Section 4.4. (recommended software is one of the three SpringCard tools that contains 3 programs, and EACH of these 3 programs allows to do the exercises.) The exercise can be done with either ACR122 or Omnikey 5321.
PAGE 23
Smart Cards Lab COMPGA12 University College London Quiz The MiFare Classic card energy comes from: a tiny battery radio transmission magnetic field Quiz The MiFare Classic card radio communications operate at the frequency of: 13.
PAGE 24
Smart Cards Lab COMPGA12 University College London See mifare.pdf that is distributed with rfidiot library. Depending on installation directory it could be here: file:///C:/Program%20Files/ rfidiot/mifare.pdf). Each sector with 4 blocks can be accessed using the same key. We can choose to use key A or key B. Here below we will be only using keys A.
PAGE 25
Smart Cards Lab 12.6 COMPGA12 Which Key to Use Please enter the key A for block value): 13 University College London of your card (or leave the default Accessing MiFare Classic Cards From now on, everything should work both with ACR122 and Omnikey 5321 readers. 13.1 Accessing MiFare Classic Cards - 1 Card We send the following command: GET CARD SERIAL NUMBER CLA INS P1 P2 Le FF CA 00 00 00 Write here the answer bytes received: 13.
PAGE 26
Smart Cards Lab CLA FF INS 82 COMPGA12 P1 20 Kt 00 Le 06 University College London Key Here P2=Kt is the key number, should be 0. The answer should be: 13.4 Mutual Authentication We use the following command: MIFARE CLASSIC AUTHENTICATE CLA INS P1 P2 Nb Kt FF 88 00 60 00 Remark: We need to replace 60 by 61 if we are using the alternative key B. The answer should be: 13.
PAGE 27
Smart Cards Lab COMPGA12 University College London Assuming that we know the key for a given Oyster card, how can we know how much money there is currently on our card? First of all, the exact amount cannot always be determined with certitude. This not as much because of the complex pricing system used by Transport For London with price capping and penalties for not touching out. But rather because in the real life transactions are not always guaranteed to be billed properly.
PAGE 28
Smart Cards Lab 13.7 COMPGA12 University College London Writing One Block We use the following command: MIFARE CLASSIC WRITE CLA INS P1 P2 Lc FF D6 00 10 Data Where Data= bytes. The answer should be: 13.8 must be exactly 16 Reading The Block Again We can verify if writing was done correctly: MIFARE CLASSIC READ CLA INS P1 P2 Le FF B0 00 10 Write the answer obtained here: and compare to the data written: 13.
PAGE 29
Smart Cards Lab COMPGA12 University College London and compare to the data written: 13.11 Reading Script To read several blocks at once with one key we can use the following program: (with Omnikey we need -r1 option) cd C:\Program Files\rfidiot readmifaresimple.py -r0 0 64 FFFFFFFFFFFF AA This reads all blocs from 0 to 63 with key A, or those for which the key provided is correct.
PAGE 30
Smart Cards Lab 13.12 COMPGA12 University College London Ready Software - EasyKey A ready Windows program to explore MiFare Classic cards is provided by ACS, the manufacturer of ACR122 reader. It is called EasyKey, and is also known as ACS MiFare Key Management Tool. \Smart Cards Lab docs and free software\ APDU tools\ACR122U NFC Reader complete SDK with tools\setup.exe During the installation select ’Advanced Installation’ and install only the tools. c Nicolas T.
PAGE 31
Smart Cards Lab COMPGA12 University College London It is a tool which allows to do arbitrary operations on MiFare Classic cards. In particular it allows to understand various access conditions for various sectors. (MiFare Classic has 16 sectors with 4 blocks each). The reader must be warned that many operations will be irreversible and can render the card impossible to use. c Nicolas T.
PAGE 32
Smart Cards Lab 14 COMPGA12 University College London GSM SIM Card Exploration We mean a classical (2G) SIM card, what we present here also works on many (but not all as it seems) 3G cards that are (not always?) backwards compatible with 2G phones. Quiz SIM stands for: Standard ICC for Mobile (phones) Subscriber Identity Module Bibliography: The exact specifications of how a mobile phone communicates with a SIM card can be found in the ETSI GSM 11-11 document. 14.
PAGE 33
Smart Cards Lab GET RESPONSE CLA INS P1 P2 A0 C0 00 00 COMPGA12 University College London Le The answer is the FCI of the DFGSM directory. Handling Errors All the above should work for any 2G SIM card and for many if not all 3G cards. In case we recall some standard error messages: . Specific products and specific commands also frequently have special error codes, one example will be seen below. Decoding of Certain Bytes According to GSM specs we can here look at certain bytes in FCI.
PAGE 34
Smart Cards Lab COMPGA12 University College London However if the PIN is correct, the counter for the number of CHV attempts will be reset to 3. 14.4 Cryptographic Functionality of a SIM Card Imagine that the base station in GMS sends to the mobile phone a 16-byte random.
PAGE 35
Smart Cards Lab 14.5 COMPGA12 University College London An Embarrassing Discovery If we do the above steps and are able to run RUN GSM ALGORITHM for a SIM card from a number of countries the Kc keys obtained are typically NOT random (!). For example, depending on the card, the operator and the country, we will see that no matter how many times we try, certain bits of the key will always be 0.
PAGE 36
Smart Cards Lab 15 COMPGA12 University College London Bank Card Magnetic Stripe Exploration Warning: your bank card belongs to your bank, not to you. It is specifically written in card contracts. You are NOT allowed to do what you want with your card. You are NOT allowed to hack your bank card. Students are asked not to try anything with their current UK bank card. We will experiment with some old and foreign bank cards. Reading the magnetic stripe of your card: 15.1 Track 1 High resolution track.
PAGE 37
Smart Cards Lab 15.3 COMPGA12 University College London Decoding Service Code - 3 Digits D1: Interchange and technology. D2: Authorization processing. D3: Range of goods and PIN requirements. Example: Glossary: RFU = Reserved for Future Use, IC = Intergrated Circuit, or chip when feasible = each time the terminal accepts it, if the chip is broken or missing the financial transaction should not be handled Note: We see that second LS bit of D1 indicates that the chip is present and must be used.
PAGE 38
Smart Cards Lab 16 COMPGA12 University College London Bank Card Chip Exploration Warning: your bank card belongs to your bank, not to you. It is specifically written in card contracts. You are NOT allowed to do what you want with your card. You are NOT allowed to hack your bank card. Here we will do some very simple tests with reading some public zones of the card to establish the basic capabilities of each card.
PAGE 39
Smart Cards Lab COMPGA12 University College London which means FILE NOT FOUND. For example certain cards from MasterCard. For these at least, all is not lost. We we can skip this and the next sub section and go directly to Section 16.5 (!). 16.3 Select The Master File In the case of Normal Processing (61 Le) one can issue a next command: GET RESPONSE CLA INS P1 P2 00 C0 00 00 Le Le Only then we get the actual file 1PAY.SYS.DDF01.
PAGE 40
Smart Cards Lab 16.5 COMPGA12 University College London Select The Application Typically a bank card supports several applications. Applications are identified by AIDs.
PAGE 41
Smart Cards Lab COMPGA12 SELECT FILE by an AID CLA INS P1 P2 Lc 00 A4 04 00 University College London DataIn Answer obtained: SW1 SW2 61 If the answer was indeed of form ’61 Le’, we can issue a next command: GET RESPONSE CLA INS P1 P2 00 C0 00 00 Le Response obtained: 16.
PAGE 42
Smart Cards Lab COMPGA12 University College London Answer obtained: SW1 SW2 61 If the answer was indeed of form ’61 Le’, we will be able to recover the answer: GET RESPONSE CLA INS P1 P2 00 C0 00 00 Le Response obtained: Here the card returns both: 1. Application Interchange Profile (AIP): supported functions (for example that the card supports SDA or DDA, and if the card supports Cardholder verification) 2.
PAGE 43
Smart Cards Lab 16.10 COMPGA12 University College London Cardholder Verification In EMV many cardholder authentication methods are supported. But by default most cards with PIN support the simplest unencrypted PIN verification (the PIN is sent in cleartext to the card). Warning: typically, if one enters incorrect PIN 3 times, the card chip will be blocked forever ! Before we try the PIN verification, let’s check how many trials are left.
PAGE 44
Smart Cards Lab COMPGA12 University College London One needs also to know how to encode the PIN and the special padding that extends it to 8 bytes. The encoding is somewhat strange, we simply write the decimal PIN as text, treat it as a hex number, 4 digits makes 2 bytes, then we prepend ’24’, and append five times ’FF’. Thus we get 8 bytes.
PAGE 45
Smart Cards Lab 16.11 COMPGA12 University College London Further Exploration: chap.py Adam Laurie wrote an open-source program to explore a bank card. It is far from being perfect and 100 % compatible. Use at your own risk. cd C:\Program Files\rfidiot chap.py -h ChAP.py [options] [PIN] If the optional numeric PIN argument is given, the PIN will be verified (note that this updates the PIN Try Counter and may result in the card being PIN blocked).
PAGE 46
Smart Cards Lab 17 COMPGA12 University College London How to Become a Smart Card Developer Any student vaguely familiar with Microsoft Visual Studio should be able start developing smart card applications in 10 minutes. Below we explain how and give example source code. More examples are found in the files provided to students. 17.
PAGE 47
Smart Cards Lab COMPGA12 University College London { \ printf(text ": OK\n\n"); \ } void print_hex(const byte* pbtData, const ui32 uiBytes) { ui32 uiPos; for (uiPos=0; uiPos < uiBytes; uiPos++) { printf("%02X ",pbtData[uiPos]); } printf("\n"); } void print_hex_nocr(const byte* pbtData, const ui32 uiBytes) { ui32 uiPos; for (uiPos=0; uiPos < uiBytes; uiPos++) { printf("%02X ",pbtData[uiPos]); } //printf("\n"); } int readhex(BYTE *bSend,char *Text) { int i=0,j=0; while(Text[j]) { while(!IsHex(Text[j]) && T
PAGE 48
Smart Cards Lab COMPGA12 University College London bSend[i]=ReadHex(Text[j]); j++; }; i++; }; }; return i; }; int PCSCExample(int readernb) { SCARDCONTEXT hContext; LONG lReturn,lReturn2; // Establish the context. lReturn = SCardEstablishContext(SCARD_SCOPE_USER,NULL,NULL,&hContext); if ( SCARD_S_SUCCESS != lReturn ) PCSC_ERROR(lReturn, "SCardEstablishContext") else { // Use the context as needed.
PAGE 49
Smart Cards Lab COMPGA12 University College London // Display the value. /*sprintf(CurrReader,"%S", AReader ); if( strnicmp(CurrReader,WantReader1,6)==0 || strnicmp(CurrReader,WantReader2,6)==0 ) break;//*/ if(readernb==nbReaders-1) { MyReader=AReader; } // Advance to the next value.
PAGE 50
Smart Cards Lab COMPGA12 University College London break; case SCARD_PROTOCOL_UNDEFINED: default: printf("Active protocol unnegotiated or unknown\n"); break; }; lReturn = SCardBeginTransaction( hCardHandle ); if ( SCARD_S_SUCCESS != lReturn ) PCSC_ERROR(lReturn, "SCardBeginTransaction") if(1)//determine ATR, does not give anything with contactless { WCHAR szReader[200];DWORD cch = 200; BYTE bAttr[32]={0};DWORD cByte = 32; DWORD dwState, dwProtocol;LONG lReturn; // Determine the status.
PAGE 51
Smart Cards Lab COMPGA12 University College London case SCARD_POWERED: printf("Card has power.\n"); break; case SCARD_NEGOTIABLE: printf("Card reset and waiting PTS negotiation.\n"); break; case SCARD_SPECIFIC: printf("Card has specific communication protocols set.\n"); break; default: printf("Unknown or unexpected card state.
PAGE 52
Smart Cards Lab COMPGA12 University College London printf("APDU: "); print_hex_nocr(bSend,dwSend); printf("\n"); lReturn = SCardTransmit(hCardHandle, pioSendPci,bSend,dwSend,pioRecvPci,bRecv,&dwRecv ); if ( SCARD_S_SUCCESS != lReturn ) { PCSC_ERROR(lReturn, "SCardTransmit") return -3; // or other appropriate error action } else { printf(" RE: "); print_hex_nocr(bRecv,dwRecv); printf("\n"); }; } lReturn = SCardEndTransaction(hCardHandle,SCARD_UNPOWER_CARD); if ( SCARD_S_SUCCESS != lReturn ) PCSC_ERROR(lRe
PAGE 53
Smart Cards Lab COMPGA12 University College London char* pcsc_stringify_error(const long pcscError) { static char strError[75]; switch (pcscError) { case SCARD_S_SUCCESS: (void)strncpy(strError, "Command successful.", sizeof(strError)); break; case SCARD_E_CANCELLED: (void)strncpy(strError, "Command cancelled.", sizeof(strError)); break; case SCARD_E_CANT_DISPOSE: (void)strncpy(strError, "Cannot dispose handle.
PAGE 54
Smart Cards Lab COMPGA12 University College London (void)strncpy(strError, "Internal error.", sizeof(strError)); break; case SCARD_F_UNKNOWN_ERROR: (void)strncpy(strError, "Unknown error.", sizeof(strError)); break; case SCARD_F_WAITED_TOO_LONG: (void)strncpy(strError, "Waited too long.", sizeof(strError)); break; case SCARD_E_UNKNOWN_READER: (void)strncpy(strError, "Unknown reader specified.", sizeof(strError)); break; case SCARD_E_TIMEOUT: (void)strncpy(strError, "Command timeout.
PAGE 55
Smart Cards Lab COMPGA12 University College London break; case SCARD_W_UNRESPONSIVE_CARD: (void)strncpy(strError, "Card is unresponsive.", sizeof(strError)); break; case SCARD_W_UNPOWERED_CARD: (void)strncpy(strError, "Card is unpowered.", sizeof(strError)); break; case SCARD_W_RESET_CARD: (void)strncpy(strError, "Card was reset.", sizeof(strError)); break; case SCARD_W_REMOVED_CARD: (void)strncpy(strError, "Card was removed.
PAGE 56
Smart Cards Lab COMPGA12 University College London default: /*(void)snprintf(strError, sizeof(strError)-1, "Unkown error: 0x%08lX", pcscError);//*/ (void)sprintf(strError, "Unkown error: 0x%08lX", pcscError); }; /* add a null byte */ strError[sizeof(strError)-1] = ’\0’; return strError; } c Nicolas T.
PAGE 57
Smart Cards Lab 17.2 COMPGA12 University College London More Examples Many ready Visual Studio and other development projects examples are provided with our collection of software. Thus one can easily develop Windows applications with or without GUI which talk to smart cards. 1. Many examples can be found in the ACS 122 Software Development Kit which contains examples of code for Borland Delphi 7, Java, MS Visual Basic 6.0, MS Visual Basic.NET 2005, MS Visual C#.
PAGE 58
Smart Cards Lab 18.1 COMPGA12 University College London A Simple Timing Attack Project For this we use the following program provided to students on a flash disk, and based on a known open-source PC/SC project. The source code is also given (so students can directly modify it by opening the .dsw file. ) To simply run it: TimingAttackDemo.
PAGE 59
Smart Cards Lab COMPGA12 University College London T ms: 31.210 APDU: FF8800006000 Resp: (90 00) T ms: 62.759 In contrast, if the key is wrong, the second command takes much longer: APDU: FF82200006FFFFFF000000 Resp: (90 00) T ms: 31.779 APDU: FF8800006000 Resp: (90 00) T ms: 136.417 Thus somebody that does not have the access to the USB port communications but only to their timing, can infer some information with certainty (for example if the result of some cryptographic check is correct or not).