Easy, cheap, portable way to fry RFID tags: Rfiddler
Original article here.
"The gun was fabricated using a Nerf N-Strike Recon CS-6, with a 0.6 kilojoule camera flash driving a 50-turn copper spool."
It seems simple enough.
Implications:
1) Easy theft - "disappear" tagged items.
2) Easy impersonation - no interference from existing tags.
Applications:
Commercialisation on the grey market for use by crime syndicates: firstly, stealing from RFID-automated warehouses and dispatch centres; secondly, re-routing shipped items; thirdly, changing tariffs on shipped items; fourthly, clearing shipping containers illegally; fifthly, passport/ID disabling.
Moral of the story: beware taking the human out of the decision loop because you never know when they will become necessary again.
Monday 28 December 2009
Thursday 10 December 2009
JCOP performance
Interesting and relevant to real-world implementation: JCOP performance differs between revisions.
Update on Java Card GDIs
For what it's worth, here are the most popular options currently available to Java Card developers:
- eclipse-jcde 0.1: Free plugin for Eclipse wrapping the Sun Java Card Development Kit. Use with Eclipse 3.5 (JDK1.5 or later) and JCDK 2.2.2 Classic , Java Card 2.2.2, GlobalPlatform 2.2 (including JC Export file 1.3). The GlobalPlatform API may also be useful for manually or programatically communicating with a smart card. If your target is Java Card 3.0, use Netbeans and JCDK3.0.1 instead.
Note: a useful off-card interface for Java is Global Platform for Java SmartCardIO.
- Netbeans IDE 6.7: Free; use with Sun JCDK 3.0.1 Connected Edition.
- JCOP Tools 3.1.2: Free devkit from NXP (proprietary, requires an NDA). Use with Eclipse 3.3 (JDK1.4.2 or 1.5 only). Target OS is JCOP 2.2 (?). Includes libraries from GlobalPlatform 2.1.1, Java Card 2.2.1. Not all ECC functions (Java Card) are represented in the simulator.
- JCOP Tools 3.2.8: Latest version; free from NXP (proprietary, requires an NDA). Use with Eclipse 3.5 (JDK1.6). Target OS is JCOP 2.4.1 (supporting Java Card 2.2.2 and GlobalPlatform 2.1.1), and possibly JCOP 2.4.2 (Java Card 3.0, GlobalPlatform 2.2). Simulator includes most of the Java Card functionality.
- Giesecke&Devrient Sm@rtCafe Professional Toolkit 2.0: free demo. Supports Java Card 2.2.1 and GlobalPlatform 2.1.1; target OS is G&D Sm@rtCafe 3.x.
Monday 24 August 2009
More on GPShell commands
It can be hard to know the AID of the applet instance to select with the GPShell select command, and the accompanying readme really doesn't enlighten the novice developer.
I find that the best way to get the necessary info is to open a secure channel to the Card Manager, and then do a get_status instruction. For example:
Note that the select command requires hex values: ASCII characters don't seem to be supported (with or without single or double quotation marks), and an error is not thrown; instead some default domain or package on the card is selected (APDU 00A4040000). This can lead to extreme frustration on the part of the developer when all subsequent test APDU's return the status word 6D00 (unknown INS value).
I find that the best way to get the necessary info is to open a secure channel to the Card Manager, and then do a get_status instruction. For example:
select -AID a000000003000000This returns all selectable applet instances on the card.
mode_211
enable_trace
establish_context
card_connect
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f
get_status -element 40
Note that the select command requires hex values: ASCII characters don't seem to be supported (with or without single or double quotation marks), and an error is not thrown; instead some default domain or package on the card is selected (APDU 00A4040000). This can lead to extreme frustration on the part of the developer when all subsequent test APDU's return the status word 6D00 (unknown INS value).
Card Recognition Data
To get the GPShell open_sc command to work with an applet instance (not the Security Domain), we must ensure that the correct Secure Channel Protocol implementation number is specified.
This number can be retrieved from the Card Recognition Data TLV fields via the OpenPlatform get-data command on tag 0x66 (send APDU 80CA0066) after selecting the Card Manager. For example, with the Nokia 6131 NFC phone, the command returns:
The field at tag 64 (offset 50 in the unformatted string) aka "application tag - GP OID 04" has scp=0x2 (SCP02), i=0x55=85 (scpimpl). Note that this is different from the default i=0x15!
The field at tag 60 aka "application tag - GP OID 02" specifies the GlobalPlatform version, namely GP2v2.1.1 (compare with value in given by ATR and OpenPlatform get-cplc command). This gives a clue as to the Java Card version that can be expected (2.2.1).
The GPShell command to open a secure channel (MAC and ENC) to an applet in the Secure Domain would then be (after selecting the applet):
Note: according to the GP spec. H.3, the GP select command on the Security Domain may return TLV values which - if present - override the Card Recognition Data described previously. What exactly this implies I still have to figure out ...
****
Update: I discovered that the COS on the IC in the Nokia is G&D SmartCafe Expert 3.1 which is indeed Java Card 2.2.1 compliant. See this post.
This number can be retrieved from the Card Recognition Data TLV fields via the OpenPlatform get-data command on tag 0x66 (send APDU 80CA0066) after selecting the Card Manager. For example, with the Nokia 6131 NFC phone, the command returns:
66 4CThe response is formatted into TLV fields according to GP 2.1.1 Section F.2 or GP 2.2 Section H.2, "Structure of Card Recognition Data".
--73 4A
----06 07 2A864886FC6B 01
--60 0C
----06 0A 2A864886FC6B 02 02 01 01
--63 09
----06 07 2A864886FC6B 03
--64 0B
----06 09 2A864886FC6B 04 02 55
--65 0B
----06 09 2B8510864864020103
--66 0C
--06 0A 2B060104012A026E0102
9000
The field at tag 64 (offset 50 in the unformatted string) aka "application tag - GP OID 04" has scp=0x2 (SCP02), i=0x55=85 (scpimpl). Note that this is different from the default i=0x15!
The field at tag 60 aka "application tag - GP OID 02" specifies the GlobalPlatform version, namely GP2v2.1.1 (compare with value in given by ATR and OpenPlatform get-cplc command). This gives a clue as to the Java Card version that can be expected (2.2.1).
The GPShell command to open a secure channel (MAC and ENC) to an applet in the Secure Domain would then be (after selecting the applet):
open_sc -security 3 -keyind FF -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -scpimpl 85 -scp 2where "-scpimpl 85" specifies the decimal value of the SCP number.
Note: according to the GP spec. H.3, the GP select command on the Security Domain may return TLV values which - if present - override the Card Recognition Data described previously. What exactly this implies I still have to figure out ...
****
Update: I discovered that the COS on the IC in the Nokia is G&D SmartCafe Expert 3.1 which is indeed Java Card 2.2.1 compliant. See this post.
Thursday 20 August 2009
JCOP version and feature info
On my desk I have two of NXP JCOP smart cards (contact and dual interface), and I'm wondering how to get details about the OS, features and which version of GlobalPlatform they are compatible with.
Using JCOP Tools v3.1.2, start with /atr on the single interface card:
It seems JCOP21 is GlobalPlatform2.1.1 compliant (and I take the "V22" in the ATR to mean JavaCard2.2.1, since I obtained this card in 2007 before GlobalPlatform v2.2 was released). [EDIT: No, it refers to v2.2 of JCOP21]. Older versions of JCOP (1.0, 2.0 and 3.0) are usually OpenPlatform 2.0.1' compliant. A way to test this is to see if the card supports SCP02 - if it does, it is GP2.1.1 or later, otherwise OP2.0.1'.
To confirm this, we try OpenPlatform command get-data 0066:
The get-cplc command (send APDU 80CA9F7F) returns a load of cryptic information, as below (card has NXP packaging serial P521G072V0/T0PB108):
More obscure data about the chip type and mask can be obtained via JCOP Tools command /identify.
To personalise the card we would use the OpenPlatform command store-data (CLA 0x80, INS 0xE2, P1 0x80) with the payload data being the IC Personalizer field followed by the length and then the custom data.
As for JCOP features, lexdabear was kind enough to assemble and publish the following summary (Dec 2006) on JavaCard forum:
And an update from Dec 2008:
Getting the info from the dual-interface card (NXP P521G072V0/T0PB108) delivers JCOP31v22, GP2.1.1, GP SCP 02 option 15, JavaCard v2.2, and same OS ID and IC fabricator as single interface card.
In closing, it must be mentioned that this is a lazy way of going about obtaining the information, but a developer in a hurry will find it useful. The right way is of course to read the GlobalPlatform card specifications, familiarising yourself with TLV encoding, and then playing around with the get-data command on all conceivable tag values.
Using JCOP Tools v3.1.2, start with /atr on the single interface card:
ATR=3B F9 18 00 00 81 31 FE 45 4A 43 4F 50 32 31 56 ;.....1.EJCOP21VIBM has a load of old information including briefs about JCOP. Useful to know: IBM calls JCOP the "WebSphere Everyplace Chip Operating System" (WECOS).
32 32 A9 22.
ATR: T=1, FI=1/DI=8 (31clk/etu), N=0, IFSC=254, BWI=4/CWI=5, Hist="JCOP21V22"
It seems JCOP21 is GlobalPlatform2.1.1 compliant (and I take the "V22" in the ATR to mean JavaCard2.2.1, since I obtained this card in 2007 before GlobalPlatform v2.2 was released). [EDIT: No, it refers to v2.2 of JCOP21]. Older versions of JCOP (1.0, 2.0 and 3.0) are usually OpenPlatform 2.0.1' compliant. A way to test this is to see if the card supports SCP02 - if it does, it is GP2.1.1 or later, otherwise OP2.0.1'.
To confirm this, we try OpenPlatform command get-data 0066:
Global Platform version : 2.1.1Of course, you could also write an applet containing the JavaCard command JCSystem.getVersion()...
Global Platform Secure Channel Protocol: 02 option 15
Java Card version : 2.2
The get-cplc command (send APDU 80CA9F7F) returns a load of cryptic information, as below (card has NXP packaging serial P521G072V0/T0PB108):
IC Fabricator : 4790Apparently, Operating System ID 4051 is IBM. Since this card was obtained from NXP, I would guess that corresponds to IC Fabricator 4790. Apparently the list of ID-to-vendor mappings is proprietary info of VISA, and not readily disseminated (although it used to be included in OpenPlatform specs).
IC Type : 5016
Operating System ID : 4051
Operating System release date : 5158 (7.6.2005)
Operating System release level : 2400
IC Fabrication Date : 6165 (14.6.2006)
IC Serial Number : 00818890
IC Batch Identifier : 9886
IC Module Fabricator : 4810
IC Module Packaging Date : 6172 (21.6.2006)
ICC Manufacturer : 0000
IC Embedding Date : 0000
IC Pre-Personalizer : 0B12
IC Pre-Perso. Equipment Date : 3A30
IC Pre-Perso. Equipment ID : 38313838
IC Personalizer : 0000
IC Personalization Date : 0000
IC Perso. Equipment ID : 00000000
More obscure data about the chip type and mask can be obtained via JCOP Tools command /identify.
To personalise the card we would use the OpenPlatform command store-data (CLA 0x80, INS 0xE2, P1 0x80) with the payload data being the IC Personalizer field followed by the length and then the custom data.
As for JCOP features, lexdabear was kind enough to assemble and publish the following summary (Dec 2006) on JavaCard forum:
ProX family, JCOP v2
JCOP-10: DES, no SSD, contact interface
JCOP-20: DES, no SSD, dual interface
JCOP-30: DES and RSA, no SSD, dual interface
JCOP-31: DES and RSA, SSD, dual interface
SmartMX family, JCOP v2.2
JCOP-10: DES, no SSD, contact interface
JCOP-S-10: DES, no SSD, static, contact interface
JCOP-S-20: DES, RSA, no SSD, static, contact interface
JCOP-S-30: DES and RSA, no SSD, static, dual interface
JCOP-21: DES,AES*, RSA and ECC, SSD, contact interface
JCOP-31: DES, RSA and ECC, SSD, dual interface
JCOP-41: DES,AES*, RSA and ECC, SSD, dual interface
* According to the update thread below, JCOP v2.2.1 does not support AES.
And an update from Dec 2008:
SmartMX family, JCOP v2.3.1 (HW: CC EAL5 and OS: CC EAL4+ certified, USB compliance for JCOP 41)Much more info on JCOP features (as well as card IC detail) can be found at the NXP homepage in document 75016165.
JCOP-10: DES, no SSD, contact interface, 18kb EEPROM
JCOP-S-10: DES, no SSD, static, contact interface, 10kB EEPROM
JCOP-S-20: DES, RSA, no SSD, static, contact interface, 10kB EEPROM
JCOP-S-30: DES and RSA, no SSD, static, dual interface, 12kB EERPOM
JCOP-21: DES, AES, RSA and ECC, SSD, contact interface, 18kB, 36kB and 72kB EEPROM
JCOP-31: DES, RSA and ECC, SSD, dual interface (AES can be enabled via an encrypted APDU for 72kB version), 36kB and 72kB EEPROM
JCOP-41: DES, AES, RSA and ECC, SSD, tripple interface (T=0/1/15, power class A/B/C, T=CL up to 424kB, USB according to ISO7816-12), 72kB EEPROM
SmartMX family, JCOP v2.3.2, Visa edition (HW: CC EAL5 and OS: CC EAL4+ certified)
JCOP-10: DES, no SSD, contact interface, 18kb EEPROM
JCOP-S-10: DES, no SSD, static, contact interface, 10kB EEPROM
JCOP-S-20: DES, RSA, no SSD, static, contact interface, 10kB EEPROM
JCOP-S-30: DES and RSA, no SSD, static, dual interface, 12kB EERPOM
JCOP-21: DES, AES, RSA and ECC, SSD, contact interface, 18kB and 36kB EEPROM
JCOP-31: DES, RSA and ECC, SSD, dual interface (AES can be enabled via an encrypted APDU for 72kB version), 36kB and 72kB EEPROM
SmartMX family, JCOP v2.4, eGov edition, CMOS14 technology (CMOS18 previously)
JCOP-31: DES, AES, RSA and ECC (GFp up to 320 bit and F2M), SSD, dual interface, 80kB EEPROM
SmartMX family, JCOP v2.4.1, eGov edition, CMOS14 technology, Java Card 2.2.2, (HW: CC EAL5; OS certification ongoing targeting EAL5)
JCOP-31: DES, AES, RSA and ECC (GFp up to 320 bit), SSD, dual interface, 80kB EEPROM
new features: Java Card 2.2.2, extended length, Mifare API according to JC 2.2.2 (IBM's JZsystem previously), SHA-2, ..
Getting the info from the dual-interface card (NXP P521G072V0/T0PB108) delivers JCOP31v22, GP2.1.1, GP SCP 02 option 15, JavaCard v2.2, and same OS ID and IC fabricator as single interface card.
In closing, it must be mentioned that this is a lazy way of going about obtaining the information, but a developer in a hurry will find it useful. The right way is of course to read the GlobalPlatform card specifications, familiarising yourself with TLV encoding, and then playing around with the get-data command on all conceivable tag values.
Thursday 2 July 2009
SCP02 sample applet
This thread on Sun JavaCard Forum has an excellent sample applet for anyone wanting to get started with SCP02. The nice thing about this applet is that you can encrypt and unencrypt APDUs (using the default keyset in this case), and can replay them against the applet to verify them.
Note that R-MAC and R-ENC are not supported by JCOP ...
Playing around with the PUT_KEY command in the sample applet (GP2.1.1 Specification 9.8, see also table 9-18), I can't get it work with my JCOP31 card from NXP - I always get "reference data not found" when trying to load a DES key. This happens even when using correct values for P1 on JCOP (0x01..0x6F according to this thread). Strangeness. Perhaps this only works when the APDU is sent directly to the SD (i.e. SD is selected) instead of accessing the SD via the applet.
Note that R-MAC and R-ENC are not supported by JCOP ...
Playing around with the PUT_KEY command in the sample applet (GP2.1.1 Specification 9.8, see also table 9-18), I can't get it work with my JCOP31 card from NXP - I always get "reference data not found" when trying to load a DES key. This happens even when using correct values for P1 on JCOP (0x01..0x6F according to this thread). Strangeness. Perhaps this only works when the APDU is sent directly to the SD (i.e. SD is selected) instead of accessing the SD via the applet.
Thursday 25 June 2009
Smart Card SCP02
GlobalPlatform Secure Channel Protocol 2 (GP SCP02) allows secure communication with an applet. It is documented as Appendix E in the GP Card Specification 2.1.1
GP card-side classes (org.globalplatform.GPSystem and org.globalplatform.SecureChannel, included in JCOP Tools gp211.jar or in GP Card Specification) make it easy to process, wrap and unwrap secured APDUs.
Card managers supporting SCP02 include JCOP Tools and GPShell.
(No info on terminal-side classes for SCP02 yet. Watch this space.)
SCP03 has been specified by GP middle of 2007 as part of Card Specification 2.2 but it's not clear if there are any implementations which support this yet.
Tips for managing sessions and applets:
GP card-side classes (org.globalplatform.GPSystem and org.globalplatform.SecureChannel, included in JCOP Tools gp211.jar or in GP Card Specification) make it easy to process, wrap and unwrap secured APDUs.
Card managers supporting SCP02 include JCOP Tools and GPShell.
(No info on terminal-side classes for SCP02 yet. Watch this space.)
SCP03 has been specified by GP middle of 2007 as part of Card Specification 2.2 but it's not clear if there are any implementations which support this yet.
Tips for managing sessions and applets:
- Remember that have only 10 tries to authenticate to a JCOP card manager. Successfully authenticating will reset its internal counter. After 10 failures the card manager will be locked and cannot be unlocked, although the applets on the card will remain usable. This is different than the situation where the card itself is in GP state CARD_LOCKED, which is reversible.
Using the wrong key-set is the most common mistake people make. Confirm that you are using the right key-set: read the tutorials on-line and contact your vendor if you don't have supporting documentation for the card.
JCOP Tools get-cplc prints the production info for the card (aka ISD), which you can send to the card vendor (or google!) to get the key-set. If you are already authenticated to the card and want to confirm the default key-set number, use init-update: the response APDU has the key-set number you used to authenticate in the 11th byte, and the SCP version in the 12th byte. (Refer to GP2.1.1 Appendix D4.1 and D4.2 for init-update and ext-auth commands). Remember that using init-update when not authenticated counts as authentication failure, which will use up one of your tries! First reset the ISD failure counter by authenticating successfully, then continue experimenting. - SCP02 requires key-type CBC (valid key types are DES, DES-ECB, DES-CBC, RSA-PRIV, RSA-PUB, RSA-CRT, DSA-PRIV, or DSA-PUB). If you specified SCP02 ENC+MAC by using JCOP Tools command ext-auth enc, JCOP Tools will automatically set key type to CBC even if you set key type for example DES-ECB.
- The card has several life-cycle states, usually READY or SECURED (the latter requiring external authentication level C-MAC at least). Refer to GP2.1.1 Section 5.1.
Nokia NFC SDK
Nokia rolled out their 6131 NFC model around January 2007, aimed mainly at developers. To upload your own MIDlets to the phone you have to ask your dealer to factory unlock the phone, or do it yourself via an Unlock MIDlet (Nokia wiki listed below has a link) which will prevent it from working with trusted MIDlets and applets afterwards. Nokia makes up for this royal pain by offering a decent NFC and MIDlet SDK, and the developer community for their products is quite big and provides good support.
Good places to start reading:
Note: Unlocked Nokia 6131 NFC phones all use the same key-set, namely
Good places to start reading:
- Official Nokia NFC SDK page
- Forum Nokia Documentation and Tools pages
- Forum Nokia wiki FAQ for 6131 NFC
- Nokia Secure Chip FAQ
- Nokia MIDlet development tutorial
Note: Unlocked Nokia 6131 NFC phones all use the same key-set, namely
42/1/DES-ECB/404142434445464748494a4b4c4d4e4fand security protocol is the GP default: SCP02 option 15 (CMAC+ENC, refer to Nokia 6131 NFC Technical Product Description v1.0 section 7.2, p 26). For JCOP Tools this translates to using ext-auth enc, while in GPShell you would use mode_211 and open_sc -security 3 [...] A detailed discussion with examples can be found on the Nokia Forum. For detailed definitions of SCP02 and its options, refer to Global Platform Card Specification 2.1.1 Appendix E.1.1, p213.
42/2/DES-ECB/404142434445464748494a4b4c4d4e4f
42/3/DES-ECB/404142434445464748494a4b4c4d4e4f
Wednesday 24 June 2009
Subscribe to:
Posts (Atom)
