Hacking smartcards & RFID

Erik Poll
Digital Security Radboud University Nijmegen

!"at are smartcards & RFID tags#

$icro%controller

&it" contact inter'ace

or contactless inter'ace

Erik Poll ( Digital Security

!"y use t"em#

*onvenience more convenient t"an username+,ass&ord Security more secure t"an username+,ass&ord

-lso more convenient & secure t"an barcodes and magstri,es

Erik Poll ( Digital Security

!"at makes t"em secure#

/am,er%resistant and tam,er%evident ( to some degree0 but never tam,er%,roo' no &ay to remove or access t"e 1"ard disk2 t"ere'ore any access to data % say t"e credit on your ov%c"i,card % is under control o' t"e card3s 'unctionality t"e same goes 'or adding or c"anging code on t"e card i' ,ossible at all

Erik Poll ( Digital Security

!"at can t"ey do #

5 stu,id card just re,orts some data card s"outs out a 6uni7ue8 serial number on start%u, )5 stu,id smartcard aka memory card ,rovides con'igurable 'ile system &it" some access control
by means o' PIN code+,ass&ords or cry,to keys or even sim,ler9 irreversible &rites 6:/P or !:R$ memory8

.5 smart smartcard aka micro,rocessor card ,rovides ,rogrammable *PU t"at can im,lement any 'unctionality

Erik Poll ( Digital Security

Smartcard "ard&are 'or micro,rocessor cards

< *PU 6usually = or >0 but no& also .) bit8 < ,ossibly also cry,to co%,rocessor & random number generator 6RN?8 < memory9 R-$ and R:$ & EEPR:$ ( EEPR:$ serves as t"e smartcard@s "ard disk no ,o&er0 no clockA
- modern card may "ave ; ) bytes R-$0 >B R:$0 >4B EEPR:$ and o,erate at .5; $HC

Erik Poll ( Digital Security

>

Do%it%Doursel'
Euy a card reader or NF* mobile ,"one Euy some tags and cards

Programming you o&n smartcards is ,ossible using Fava*ard or $UG/:S smartcards *"eck &&&5ru5nl+ds+smartcards libn'c ,roHmark r'idiot5org

Erik Poll ( Digital Security

-ttacking smartcards and RFID

logical attacks 'ind 'la& in t"e 'unctionality0 targeting eg t"e cry,to ( ie t"e cry,togra,"ic algorit"ms t"e ,rotocol t"e key management any ot"er 'unctionality ,"ysical attacks ,"ysically mess &it" t"e card combinations abuse 'unctionality &"ile you mess &it" t"e card

Erik Poll ( Digital Security

/"e sim,lest ,"ysical attack

EHternal ,o&er su,,ly and eHternal clock < Jcc9 orignally ; J0 no& also .J or 5=J < J,,9 "ig"er voltage 'or &riting EEPR:$ 6 . J8 J,, no longer used9 ,ainting over t"is contact is a major security t"reat
Erik Poll ( Digital Security

Gogical attacks9 tools o' t"e trade

'or ,assive eavesdro,,ing or active $an%in%t"e%$iddle

Gogical attacks9 - very &eak RFID tag

Erik Poll ( Digital Security

$i'are Ultralig"t
< < < < Used in dis,osable ov%c"i,kaart No keys to ,rotect memory access Relies on read%only and &rite%once memory 'or security $emory organised in > ,ages o' 4 bytes ( 'irst ,art is read%only < includes I byte serial number ( second ,art is :ne /ime Programmable 6:/P8 < you can &rite @s0 not L@s < includes data 'or locking ( t"ird ,art is readable & &ritable

Erik Poll ( Digital Security

12 )

$IF-RE Ultralig"t memory layout

Page byte L

byte UID

byte ) UID) lock L

byte .
c"ecksum

read only

L ) .
4

UIDL
c"ecksum

serial number UID OTP

lock
:/P .

:/P L

:/P

:/P )

; read/ write > I = K

Erik Poll ( Digital Security

a,,lication data

13 .

Fla& in dis,osable ov%c"i,card

< &o lock bytes initially LHLLFL < set to LHF=FF to invalidate tag < &e can c"ange an invalid tag so t"at terminals 'ail to recogniCe it as invalid555 < remaining . lock bits can still be set to one0 so t"at lock bytes become LHFFFF < 'la& in terminals9 tags &it" lock bytes LHF=FF are recogniCed as invalid0 but tags &it" LHFFFF are not < 'la& since 'iHed by ,atc"ing terminals
MSource NSecurity Evaluation o' t"e dis,osable :J c"i,kaartN0 by Uvstudents Pieter Siekerman and $aurits van der Sc"ee 0 Fuly )LLIO

Erik Poll ( Digital Security

14 4

$ore 'undamental limitation9 re,lay attack

< $i'are Ultrarig"t can store signed or encry,ted data0 but cannot do any ,rocessing0 or o''er any access control to reading t"e data < No &ay to ,rotect against s,oo'ing o' tags

< :nly mitigation9 serial number 6UID8 cannot be over&ritten0 so s,oo'ing re7uires s,ecial "ard&are i' UID is used
Erik Poll ( Digital Security

15 ;

-ttacking t"e cry,to

Gogical attacks9

Erik Poll ( Digital Security

>

*"allenge%res,onse
secret key B *PU

c"allenge c res,onse encry,tK6c8

< I' t"e card can do encry,tion0 t"e secret key B never leaves t"e card < *ard issuer does not "ave to trust card "older0 terminal0 or net&ork
< /"is is "o& you bank card &orks9 it uses a .DES key t"at only t"e bank kno&s

Erik Poll ( Digital Security

Ereaking t"is#
secret key B *PU

c"allenge c res,onse encry,tK6c8

5 Figuring out &"ic" encry,tion 'unction is used maybe t"is is kno&n & ,ublis"ed ot"er&ise9 reverse engineering0 eH,erimenting to 'igure out "o& encry,tion &orks )5 For ,oor encry,tion9 by trying out 'e& c"allenges0 you may be able to reconstruct key For good cry,to ( .DES0 -ES0 RS-0555 ( t"is is "o,eless

Erik Poll ( Digital Security

Pro,rietary cry,to broken in DS grou,

$i'are *lassic -/$EG Secure$emory0 *ry,to$emory and *ry,toRF HID i*lass and i*lass Elite Hitag)

$oral o' t"e story9 use establis"ed0 cry,to ,rimitives ,ublicly studied according to Berck"o''s ,rinci,le

Erik Poll ( Digital Security

*ry,to

in $i'are *lassic

Erik Poll ( Digital Security

)L

-ttacking t"e key management

Gogical attacks9

Erik Poll ( Digital Security

*ommon ,roblems &it" cry,to keys

,eo,le using t"e same key in all cards
'or one customer0 or % &orse % all t"eir customersA HID i*lass uses a globally uni7ue master key0 &"ic" is built into all HID card readers 75% o' $IF-RE a,,lications &as 'ound to use de'ault keys or keys used in eHam,les in documentation
MSource9 Gukas ?run&ald0 DEF*:N 40 )LLIO

&orse still0 using t"e de'ault keys

-L- -)-.-4-; is an initial trans,ort key o' $IF-RE tags5 ?oogling 'or -L- -)-.-4-; ,roduces links to documentation &it" ot"er eHam,le keys to tryA

Erik Poll ( Digital Security

)) 22

attacking security ,rotocols

Gogical attacks9

Erik Poll ( Digital Security

).

Fraud &it" internet banking in Net"erlands

)LL= )LLK )L L )L )L ) 6 st "al'8 )5 $P 5K $P K5= $P 6I LLP ,er incident8 .; $P 64;LLP ,er incident8 )I5. $P
[source: NVB]

Erik Poll ( Digital Security

)4

Internet banking & $an%in%t"e%Ero&ser attacks

dis,lay o' P* can not be trusted 6des,ite 8

3 6 54 2 1

59 23 4

8 76

Erik Poll ( Digital Security

);

Internet banking & ,rotecting against $an%in%t"e%Ero&ser attacks

t"is dis,lay can be trusted and understood

USB

Erik Poll ( Digital Security

)>

Protocol o' USE%connected e5denti'ier)

Erik Poll ( Digital Security

)I

Protocol o' USE%connected e5denti'ier)

Erik Poll ( Digital Security

)=

Protocol o' USE%connected e5denti'ier)

Vulnerability: e5denti'ier) tells P* t"at user ,ressed :B P* instructs e5denti'ier) to continue transaction

Erik Poll ( Digital Security

)K

-ttack

Erik Poll ( Digital Security

.L

$ovie

Erik Poll ( Digital Security

:t"er eHam,le logical &eaknesses % 'or e%,ass,orts

Erik Poll ( Digital Security

.)

Un&anted 'unctionality
/est version o' Dutc" ,ass,ort ,rovided so't&are emulation o' $i'are *lassic &it" de'ault key0 o' course555

/"is allo&s adding a cloned ov%c"i,card on t"e ,ass,ort

Erik Poll ( Digital Security

..

-ttacking t"e terminal so't&are

Gukas ?run&ald managed to cras" e%,ass,ort terminals by sending a mal'ormed FPE? causing a bu''er over'lo& in t"e gra,"ics library

Smartcards and RFID tags s"ould be treated as untrusted in,uts

until &e "ave aut"enticated t"e card and+or t"e data it ,rovides

Erik Poll ( Digital Security

.4

e%,ass,ort leaking in'o by error res,onse

) byte error res,onse >K=> >K=) >FLL >DLL >ILL meaning not allo&ed security status not satis'ied no ,recise diagnosis not su,,orted &rong lengt"

Eelgian Dutc" Frenc" Italian ?erman

Error code 'or illegal EL0 ie5 RE-D EIN-RD0 instruction

/"is reveals t"e nationality o' a ,ass,ort in s,ite o' access control to ,ass,ort data

);; ot"er instructions to try0 Eut attack range limited to .L cm0 so danger o' ,ass,ort bombs over"y,ed and &e can try di''erent ,arameters 555
Erik Poll ( Digital Security

.;

side%c"annel attacks

P"ysical attacks9

Erik Poll ( Digital Security

.>

Po&er trace o' an RS- encry,tion

MSource9 RiscureO

Erik Poll ( Digital Security

.I

Po&er analysis9 reading t"e key 'rom t"is traceA

Erik Poll ( Digital Security

.=

P"ysical0 invasive attacks

Erik Poll ( Digital Security

.K

First ste,9 removing c"i, 'rom smartcard

Erik Poll ( Digital Security

4L

:,tical reverse engineering

microsco,e images &it" di''erent layers in di''erent colours0 be'ore and a'ter etc"ing

MSource9 :liver BQmmerling0 $arcus Bu"nO

Erik Poll ( Digital Security

Probing

:bserve or c"ange t"e data on t"e bus &"ile t"e c"i, is in o,eration5 eg to observe key

,robing &it" = needles

Erik Poll ( Digital Security

4)

Fibbing
FIE R Focussed Ion Eeam can observe or modi'y c"i, by < drilling "oles < cutting connections < soldering ne& connections and creating ne& gates

"ole drilled in t"e c"i, sur'ace

Erik Poll ( Digital Security

blo&n 'use
4.

EHtracting R:$ content

Staining can o,tically reveal t"e bits stored in R:$9 dark s7uares are lig"t s7uares are L

MSource9 Erig"tsig"tO
Erik Poll ( Digital Security

44

Gatest 'as"ion9 'ault attacks

Introduce a 'ault &"ile c"i, is o,erating by glitc"ing9 di,,ing t"e voltage by s"ooting a laser at t"e c"i,

Erik Poll ( Digital Security

4;

*onclusions
Smartcard & RFID security not ,er'ect c"ea,0 logical attacks little e7ui,ment0 but some time & brain,o&er eH,ensive0 ,"ysical atacks more e7ui,ment bot" can be devastating555 /"e ongoing arms race bet&een de'enders and attackers &ill never end t"ese days es,5 'or side%c"annel and 'ault attacks

Erik Poll ( Digital Security

4>