Back in the day, true hackers – the kind that would build VCRs out of 555 chips only to end up in the Hackaday comments section in their twilight years – would steal satellite TV feeds with the help of tiny little microcontrollers embedded in a credit card. This was the wild west, when a parallel port was the equivalent of a six-shooter and Jnco jeans were a ten gallon hat. The backdoors that enabled these satellite pirates have long been closed, but these devices for stealing HBO have now evolved into stealing €600,000 worth of goods using a most unlikely source: chip and pin card terminals., and although the exploit has now been closed, the researchers behind the investigation have published their war story for one of the most interesting hacks in recent memory. Chip and pin verification for Point of Sale (PoS) transactions are a relatively simple process; during a transaction, the PoS system asks for the user’s PIN and transmits it to the card. The card then simply answers ‘yes’ or ‘no’. In 2010,, making it a simple matter for anyone to break chip and pin systems.
This system used an FPGA with a backpack worth of modified hardware – executing it in a store would raise more than a few eyebrows. The 2010 exploit hardware The problem of implementing this system into something that was easily concealable was simply a matter of miniaturization. Thanks to the proliferation of smart cards over the last 20 years, very tiny microcontrollers are available that could manage this man-in-the-middle attack on a chip and pin system. What is a gang of criminals to do?
Simply program a smart card with all the smarts required to pull of the hack, of course. To pull off this exploit, an engineer in the gang of criminals used a FUNcard, a development platform for smart cards loaded up with an Atmel AVR AT90S8515 microcontroller and an EEPROM packaged in a small golden square.
By removing the chip from this chipped card and replacing the chip in a stolen credit card, the criminals were able to reproduce the 2010 exploit in the wild, netting them €600,000 in stolen merchandise before they were caught. How were they caught? The ‘buyer’ of the gang kept shopping at the same place. Rookie mistake, but once security researchers got their hands on this illegal hardware, they were amazed at what they found. Not only did the engineer responsible for this manage to put the code required for the exploit in an off-the-shelf smart card, the gold contact pads from the original credit card were rewired to the new microcontroller in an amazing feat of rework soldering. Before this exploit was made public, the researchers developed a countermeasure for this attack that was swiftly installed in PoS terminals.
Your Smart Card is fitted into a thin horizontal slot behind the SKY/MY SKY cover on the front of your box. Remove the Smart Card and on the back it contains a number.
They also came up with a few additional countermeasures that can be deployed in the future, just in case. In any event, it’s an amazing bit of reverse engineering, soldering, and craftsmanship that went into this crime spree, and as usual, it only took a massive loss for retailers to do anything about it. Posted in Tagged,,,, Post navigation. In Europe if your chip and pin card is stolen, the card-holder, not the credit card company, is liable for misuse, because they’re considered “uncrackable”.
The “Chip and pin is broken” paper mentions this and the challenges of addressing it, but I don’t think it’s been addressed. The paper discussing the 600K fraud doesn’t say who was liable for this attack. Seems unfair that the card holders should be. The incentives are not in place to make the fair thing happen, though. An interesting situationif anyone knows more, please chime in! The US is about to deploy chip and pin broadly, but I haven’t heard how this is going to change the credit fraud liability equation.
Hopefully lessons like this will be taken into account. Exactly because they do believe it is unbreakable Which means that if a transaction (well an “online pin-verified” one at least) goes through, the one making it had both the original card and the PIN.
And keeping the card in his possession and the PIN secret is the holder’s responsibility. Then if card is stolen and pin taken under duress, it’s your personal insurance against theft (assuming you subscribed to one that cover that case) that would kick in and not the bank.
And TBH if it were unbreakable, I’d tend to agree. But that’s a _big_ IF and I’m not sure they have sufficient proof of that.
And I’m appalled how this attack worked in 2010 not linking the PIN check to the actual unlocking of the crypto key to make the transaction auth is just unforgivable. SIM cards have been doing that for like 20 years. There is an *excellent* Computerphile video explaining all this: It is quite depressing in fact. One of the easiest hacks that still exist is to hack the display that shows the amount of transaction. There is no paper record and thus no protection against this except for a sting. As the video says due to the liability rules, when you have chip and pin cards in your wallet, you are literally walking with thousands of dollars worth of CASH. I think the only way to protect against the myriad of possible attacks is to have an active device.
Of course, if that is your phone that opens up even more attack vectorsso. Very interesting video!
What I found interesting was the “transition from magnetic to chip” fraud, which I had never heard of before. (Maybe it’s because I’m too young or because the technology to do it was not as easily available when my country switched to chip credit cards in the 90’s). Another thing I found amazing was how much could be done by tampering with card readers!
I’m sure the fraud that uses a spying device planted in the reader can easily be defeated using better cryptography, but I’m not sure how you could avoid theft when the merchant is dishonest and has a reader with a fake display that shows a lower amount than charged. One of the basic security conditions is: “2. For the purposes of paragraph 1(a), the payment service user shall, in particular, as soon as he receives a payment instrument, take all reasonable steps to keep its personalised security features safe.” Which is to say, if the bank decides you didn’t keep your PIN safe you’re on the hook for the entire amount – and UK banks have successfully argued in court that this attack is so difficult that, if someone’s chip and PIN card was used successfully, they must have been careless with their PIN and are liable for all the transactions in question.
I’m not sure if there is a general rule in the US, as I believe it’s all in the Cardholder/Merchant contracts. As far as I’m aware, I’m personally not liable for any fraud of any kind happening on my account, I just have to be sure to report it if it happens.
The only time it happened to me, the card company actually contacted me about a suspicious transaction (almost immediately), $60 at a conveniences store several states away. I also have a right to dispute any charges. I think the store is only liable if they violate their merchant agreement.
The criteria are different store to store, card to card. The one major change in the US, is with the adoption of chipped cards, merchants who still accept swipes on chipped cards are responsible for the fraud. The card company still accepts liability if the chip is used. So it’s probably not smartcard but ‘stupidcard’, chip is used only as EPROM that stores card info, just as a magnetic track does. In Europe, magnetic swipe cards became rare, most of the banks use chip cards.
Those also have magnetic track, but when cashier swipes it terminal prompts “insert card into reader”, then it reads smart chip and you have to enter PIN and verify transaction. Funny thing about cards that are verified by signature. They have paper track below the magnetic track, and bank requires you to put your signature there, so that cashier can verify that your signature is same as one on the card. I always laughed about that, that is one big security hole, if you lost your card, finder gets your magnetic track and your signature, everything he needs for transaction completion. Besides, in most of Europe card transactions are often in offline mode. Terminal stores and accepts all transactions in memory until next online session. Similarly card store the same info.
This “feature” can be used to hack RFID/NFC enabled credit cards by reading info from a card of unsuspecting victim and sending it to device that interacts with the terminal. By scanning multiple cards in public place and because each card scanned equals one transaction, one can get lots of goods from this scheme, albeit most of those transactions are limited by maximum payment allowed. For full protection one can either keep his cards in Faraday wallet, or set RFID/NFC transaction limit for card to zero.
Or can break the antenna with drilling or cutting. From the paper: “The net loss caused by this fraud is estimated to stand below €600,000, stolen over 7,000 transactions using 40 modified cards.” * Hence the average amount spent was €85.72. The average number of transactions per stolen card was 175. * I’m speculating here, but I think they value apprehending the network of fraudsters, and identifying the vulnerability above €85.72. My guess is the cards were often canceled in time, but the knowledge was more important than the money. Eventually the “25 year old woman” who was caught buying goods (large quatities of cigarette packs and lottery tickets to be sold on black market) was by correlating cellphones’ spacetime events with the PoS spacetime events.
Why wait for so many transactions? I can imagine many possible reasons: perhaps most of the time she did not bring her cellphone as per possible instructions of the engineer behind it?
Perhaps they identified her rather quickly (I assume by CCTV footage), but had to spy on her for a long time to reveal her connection with the rest of the network? Perhaps they let the fraud escalate to this amount so that it would be serious enough to put pressure on accomplices for testimony etc? Some important lessons here which are valuable to future organised crime networks here: * Make sure the lowest levels do not bring phones etc while they buy stuff * Severe the traces between lower levels and engineers with dead drops? * Use test cases to reimplement the whole EMV protocol (the countermeasures seem to orient around deviations from the standard).
Before I became a Christian I used to make false barcodes for stealing goods. I photographed a barcode on a cheap TV box and forged a sticker that resembled the sticker of a much higher model. Then I simply sticked the forged sticker over the original barcode on the high end model box and put it into my cart.
The most serious part was to serach for a cashier with some young blonde girl from an agency beyond it and voila – the hyper super 3D LCD TV was mine for the price of some low-end model. It was not a €6e5 business, but it definitely saved some bucks to me and my friends. Sometimes I miss those rogue days. So THAT’S why they weigh your shopping! Cos it’s a complete pain in the arse, and causes nearly every one of the dozens of errors you’ll see the employee minding the terminals constantly chasing after. Obviously if you were going to shove something up your jumper, you wouldn’t scan it to start with, so it didn’t make a lot of sense seeing them weigh stuff.
But that makes sense. I prefer to use a human cashier anyway. I enjoy talking to people. I don’t enjoy wrestling with a stupid half-broken paranoid machine that throws an alarm if I don’t pack my stuff promptly enough. As well as supporting human beings, hopefully avoiding the machines might encourage shops to actually get them working properly, if they’re going to phase out the human workers eventually. I used to, then we moved to a place full of anuses or anii.
Nowadays it is self serve all the way. I wish they paid cashiers to be friendly and helpful and baggers not to stare at my wife’s jugs while they smash my food, but apparently they are only paid to be hungover and surly (something I refer to as a ‘Meat Safety Cone’). I do find that once I am out of the city people tend to be back to normal and friendly again.
Glad you have some nice ones as I do like to know who I am doing business with and am a bit ‘onion on belt’ like that:) On a similar precursor to the barcode grift, I always enjoyed the ol price gun mark down. The only trick to that was the sticker color or store logo but they sadly left rolls of that stuff all over the place due to misfeeds and poor sweeping.
I think the first nod I ever saw of it was the famous scene in ‘My Blue Heaven’ where Steve Martin goes to town in the meat section lol. >Before I became (don’t seek glory and don’t advertise) morally conscientious. Well you got me trumped all I did was join INC and USA for a bit in the old BBS days.
Pre-Box Release of Ultima 6 bitches!!! (Sorry Lord British.
I do have physical copies of it now along with Ultima 7, Savage World as well as Martian Dreams. Even paid for Ultima 8 ugh.) Hung out on a bunch of p/h/v/a/c boards. Called in once or twice on a conference line for free and even pimped a RadShack dialer and did a crystal swap.”0 umm, I keep trying the 5 button but it doesn’t press can you please help me?” Have you any idea how much it cost to call long distance? Fortunately we had calling cards.
Funny thing, AND TO THIS DAY IS STILL WANNA KNOW! I had a series of DEAD card codes 16 in total. I studied this hand written list for about 5 minutes because something was weird.
There was some sort of transposition of numbers. I don’t know HOW but I found 4 LIVE UN-USED code but. F’ YEAH!Downloading and Y-Modem Upload Ultima:Underworld to some site in Syracuse.
>some young blonde girl >hyper super 3D LCD TV was mine for the price of some low-end model. Old fart in comments here. I still have my pcb cut to the width of a smart card slot with contact pads etched on it and a big wire with a parallel plug on it somewhere. Sky tv and Europorn being the youthful targets, Sky because it impressed people who visited and europorn because you couldn’t legally buy a cam access card because it was ruder than the UK allowed therefore was a extra laudable target to break. Sky went doubled up on encryption power in a arms race around card issue 0a and put a stop to it by bedroom tinkerers although the commercial carders kept on and were using SEMS to pick the key out for big money, and europorn went to secam encoding which our sky boxes weren’t capable of. Today sky italia is easy enough to do the same to, because last time I looked it was transmitted in secam which doesnt have the protection of NDS but really, I don’t watch enough mindrot tv to even care about breaking it now and CAM setups are a pain in mythtv which I use exclusively to pipe sat feeds round the house so the clear unencrypted channels on freesat are enough for me. I’ve often idly considered getting a card terminal and having a play, but I get paid for what I know now and have no financial motive to do so and put that at risk.
Always interesting to read a post attack autopsy though. Apparently, the main UK cable company (Virgin/NTL) kept on using old, broken encryption that could be emulated with one of these Funcards well beyond the point when everyone had switched to something better – changed over about 2010-ish, I think. By the time those criminals used them to break chip and pin, they were thoroughly obsolete.
Sky card emulation needed more horsepower than these were capable of and most of the big commercial card sellers wanted to lock down their firmware so that it would only run on their cards. (If I remember correctly, Sky’s newer cards used 512-bit RSA, and there were supposedly some neat countermeasures based on the fact that the genuine card took a different amount of time to execute the RSA operation than the emulator, which were in turn countered by working out exactly how many cycles the real hardware took for a particular pair of operands and emulating that too. Fascinating business.). How do I know if my dinner contains genetically-modified food?
I don’t, apparently it’s none of my business. The Market is more important than The Customer, apparently. Fortunately they sell Faraday-wallets. You still don’t get any say in boycotting RFID if you don’t like it though. I wonder if your bank would be pissed off if you cut a little notch through where the antenna loop is?
I’d guess that in a card that does NFC and has ordinary gold connectors, the same chip is needed for both, so you can’t just zap it or the card’s useless. Would cutting the antenna defeat RFID? RF’s a funny thing, with enough signal strength perhaps it’d still work. Can you skim anything useful from RF bank cards, if you pick up the signal? Might be a good idea for more organisations to offer bounties for bugs and hacks, to keep hackers honest. Probably cheaper and more reliable than doing in-house security testing, although of course do that too.
May as well keep the giant brains occupied doing their hacking for the banks, rather than against. Perhaps keep it discreet though. Most people still think obscurity is an important part of security, going back to “loose lips sink ships” and the like. They don’t realise people are gonna be working on cracking stuff regardless. If it were me, I might just sell a few of these cards to interested criminals.
Problem is, most shoplifters and card fraudsters don’t have the sort of money to pay much up front. You’d need some sort of gang with money. Sometimes higher-ups in the drug market get into a little fraud on the side, giving people dodgy cheques to pay into bank accounts, accomplice keeps a share of the cash, and the whole thing isn’t discovered til it’s too late. The problem with low-level working-class crime, is it all has to run on a bank balance around the 0 mark.
There’s a paucity of investors. Middle-class crime is much more profitable. Also harder to catch, and a much lower chance of punishment.
“where are the laxatives?” “HEY OTHER-TWAT CASHIER, CUSTOMER HERE IS CONSTIPATED AND IS LOOKING FOR THE LAXATIVES.” True Story. Don’t take it lightly there are shitty people about. Even clerks can be dumb mouth-breathers. Pro-life Tip: “Are you able to help and give me a STRAIGHT answer, kindly point me in the direction of hygiene products.” >“what a paranoic weirdo, why don’t you wear a tin foil hat” *shrug* When they are broke and financially raped who cares. You still got your integrity.
Especially if you gave your blood and life to get where you are. If the bank isn’t using with the merchant.
F’in bury these f’ers. “I ain’t paying shit. Cause I didn’t buy it.” 1.) I don’t have that RFID or Serial in my home or garbage. 2.) I hold you liable for punitive damages for f’in with everyone 3.) You don’t have the vid tape of me running my card. 4.) An army of lawyers won’t protect your greedy fleching organization because I did not receive a notification of spending on my cellphone or a VM on my house phone to dispute charges. And 5.) I don’t have the phone number/email/phy address or connected via social with the gypsy that just ran that game on YOUR asses.
Also, law will uphold REVERSE APR on interest rate/cost/balance that you want to charge me for. BONUS – My Lawyer gets double the cost * taxes so I do get my money back without splitting in a class action. The burden is on the banks. (Former employee of Freddie Mac and contractor of Bank Of Butterfield.).
Writes: 'So you when: 'Breaking the encryption alone would cost up to $5m. The process demanded the use of ultra-expensive electron-scanning microscopes, with the team probing wafer-thin chips no bigger than a thumbnail.
Each chip contained up to 50 layers, with each layer in turn carrying up to 1,000 transistors, every one of which had to be pulled apart and analysed.' This is a follow-up to the story with more details about what is alleged to have occurred.
Update: 03/14 12:28 GMT by: And, which alleges that the head of security at NDS funded the website that distributed the hack for their rival's smart cards. Its not a link.
Its a html citation url. It was butchered by slashcode (on slashdot) inserting a space character. To read it you ahve copy and paste it and manually delete the space character that slashdot usually adds to all html url citations.
This html citation will work I will paste it again here but when you copy it into your browser hunt for the random space sharacter that the buggy slashcode will insert into it.: 8 C: www.usenix.org/publications/library/proceedings/s m artcard99/full_papers/kommerling/kommerling_html/ I triple tested the google cache http url as I pasted it here one second ago. Its valid, you just need to be aware of slashdots bugs. Yet, the whole point is that a smart card is NOT a tamper resistant device. They might be worth their value as devices to store a public key in a `compact' form, but it has to be kept in mind that who has the device might have also the skills to recover its contents, either by breaking the algorithm or by tampering with the hardware.
What a smart card usually lacks is a reilable self-destruct system when tampering (active or passive) is suspected. There are some designs which provide a self-destruct of the data by inducing an overcurrent in the memory cells; yet, this problem might be solved by just cutting the wires which should destroy the chip.
A self-destructing smartcard? And what are the signs the card is being tampered with? What happens if you accidentally put the card through the laundry? (Lots of water, tumbling, chemicals, heat, and static electricity) I could see a dumb smart card getting confused. Self-destruct features could be rather interesting if true to corporate form: poorly planned and badly implemented. I'm already anticipating a 'joke' email going around with gads of stories of smartcards committing suicide at inopportune times. Not to mention slashdot stories about people who have managed to come up with a device capable of telling all smartcards within a 10 mile radius that they are being tampered with.
I'm not thinking of the cost of replacing the cards. I'm thinking of the end-user.
Does the 'smartcard' make it apparent that it has self destructed, or will the owner go to do something with it- be it take a trip to another country or buy dinner at a restaurant. Something where it is necessary to use the smartcard and discover that something has happened that caused the card to self-destruct leaving the person unable to make the trip as planned or pay for the dinner they have just consumed? And if the smartcard was being used solely for the purpose of establishing identity--such as a driver's license, are the police going to be understanding about 'Oh my god the dog must have bitten it!' And won't it just open up a whole new can of worms where people are getting by security becuase their cards have self destructed and no one wants to second-guess them and deny them access? I'm just wondering if it's all that smart to have self-destructing methods of identification or payment.
Unless the self destruction is made immediately apparent then it could be quite a flawed way of dealing with things. What is a smart card? A credit card-sized device that protects digital television signals from unauthorised viewing.When plugged into a set-top box, it determines which programmes subscribers have paid to see.
The cards contain tiny but sophisticated computers that decrypt television signals as they pass through the air and turn them into television pictures. Without a smart card, ITV Digital viewers can only watch free-to-air channels like the BBC, ITV and Channels 4 and 5.
Users of pirate cards have been gaining access to pay TV channels like sports and movies without paying. Where did the pirated cards come from?
Hackers posted on the internet details of the codes needed to create illegal smart cards that gave free access to pay TV services. Criminals used the information to make fake cards and then sold them through pubs, clubs and market stalls for £5-£20.
About 100,000 pirated ITV Digital cards are thought to be in circulation. What is Vivendi Universal? A former French water group that is now one of the biggest entertainment companies in the world. The chief executive, Jean-Marie Messier (right), has become one of the world's most powerful media moguls after buying a range of businesses including the Universal film studios and music labels, Canal Plus television in France, the Cegetel mobile phone company, directory businesses and internet firms. What is Canal Plus?
The European film and television distribution arm of Vivendi Universal. The division that makes the smart cards is called Canal Plus Technologies. It supplies cards and software to 12.5m set-top boxes worldwide. What is NDS Group?
Based in Staines, Middlesex, NDS specialises in building the smart cards and interactive software for pay TV systems that allows paid-for television programmes to be securely beamed to customers' homes. Rupert Murdoch's News Corporation is an 80% shareholder. NDS technology is used in almost 28m pay TV set-top boxes worldwide and supports 40% of all satellite receivers. Most of the group's research is carried out in Israel.
Basically this is a nice heavyweight fight. The smartcard does no decryption of video. The smartcard in the H card is a 4mhz processor It does nothing but verification of authentication tokens and then tells the reciever to display correctly hotpornnet or to not display it correctly. The smartcard is primarily used to store and decrypt the decoding key for the reciever. If the video was being decoded in the card, then the card emulator hack that is used on the sucessful sattelite tv pirates systems wouldnt work as most use 286 and 386 machines that boot from a floppy. I know guyz that have done this (SEM in light fast vaccuums). Read this VERY fascinating ggogle cache of the state of the art many years ago.: 8 C: www.usenix.org/publications/library/proceedings/s m artcard99/full_papers/kommerling/kommerling_html/ Its pretty darn good.
Now the world has progressed to kracking using varrying external clocks, SEM as routine, probe points, etc. Everything is crackable. The best researchers (with published findings) arent in isreal btw, they are in Britain. Please read that cached google paper, its really worth it. If the cache is dead try: e ed ings/smartcard99/full_papers/kommerling/kommerlin g _html/. Whenever anything remotely like hacking occurs, the hacked company dramatically overstates all financial figures as well as the level of expertise required to perform the hack -- makes it seem more malicious. Damages always have at least 6 zeros (preferably 9) and you need to have a team of 15 people working 24/7 for months/years.
When the truth is much closer to one person hacking away in a garage for a few weekends and finding a fundamental flaw. Well, with intellectual property it can often be argued that damages are negative, with the exposure being provided by a new technical option actually increasing the total number of people interested in spending money on a product. We conclude that The Bell Curve is driven by advocacy for Herrnstein and Murray's vision, not by serious empirical analysis.
America may or may not be on the way toward a custodial state. Policy interventions may or may not be effective. We know no more after studying The Bell Curve than we did before. Can one person have pulled of this crack, certainly. Did they work in a vacuum? Probably not, there is a cracking community and one would be a fool not to call the community knowledge in it.
The idea of a corp. Breaking a system that has had collectively hundreds of millions of dollars of R&D, and many many years invested into security for $5 million dollars (probably less) and 6 months is no less scary then a lone hacker, and to a security engineer probably more so. A lone cracker solves the problem almost randomly, and any particular cracker can not be relied upon to quickly crack a system. The idea that an org could fund this, and perhaps reliably crack the protection methods has far reaching consequences, and makes information warfare a realistic posibility. And let me make annother claim entirely supported by thousands of learned papers: Witches are real and evilly corrupt the souls of innocent people, (at the behest of satan). They can fly, and do vile infernal things to decent people.
I even have ample sworn testimony to prove it. I am not offering one new idea. Yet, I hope you don't believe that we should get out the stake and start burning witches. Because, Truth is not determined by citations either to a text (cough Google Bombing) or away from it (i.e. The well cited NASA Mooned America about the 'faking' of the moon landings). Generally in academic circles truth is determined in part by peer review, and by time.
The authors of the bell curve did not submit it for peer review, and was utterly destroyed, in peer reviewed jounals, in short order. Go read up on this book of yours. No source should be trusted without checking to see what others have thought of it. As a matter of fact, given that amount of money the simplest way to force the system is an exaustive search on the 3des keyspace (yes, 3des is the algorithm) This part makes me wonder if you're trolling. Well, if so, I bit.
Searching the 3DES keyspace is not currently feasible, and won't be for quite some time. 3DES has an effective keyspace of ~111 bits (it's 112, but the complement property of DES keys, plus a number of weak keys reduce it by 1 bit and change). That's a keyspace that is 70,368,744,177,664 times larger than the 64-bit keyspace that [distributed.net] has been working on for over three years, and 18,014,398,509,481,984 times larger than the one Deep Crack can search in a week. Actually, Deep Crack isn't really set up to attack 3DES (because it's infeasible and the EFF guys that build Deep Crack aren't stupid), but if it could, this means that finding a 3DES key would take, on average, 346,430,740,566,961 years. Of course, Deep Crack only cost $250K, and that was a couple of years ago, so more money and newer technology might be able to reduce that by a factor of 100 or so.
Hell, assume you can do 1000 times better, Then you'd only need 346 trillion years. 112-bit keys won't be safe forever, but they'll be safe for the next decade or two at the very least, barring the discovery of flaws in DES, which has successfully stood against all comers for nearly 30 years. Regarding power analysis, see my other post on [slashdot.org]. Timing analysis is similarly infeasible. Its inflated. A similar team of experts could do it with 2 or 3 guys in a month or two for under 20 thousand dollars.
Sure low iq moron engineers can squander 5 million doing the same thing genius level experts can do it for under 20K. But that does not mean it takes 5 million. Forget your breakdown. Read this to learn the methods used that are common knowledge methods: 8 C: www.usenix.org/publications/library/proceedings/s m artcard99/full_papers/kommerling/kommerling_html/ and those are not all the 2002 tricks, but good enough to beat most all crypto chips.
You can build a hardware device called Season2 interface, which allows you to plug it into the decoder, and then plug the smartcard into the Season2. This device has a serial port conector, so you can connect it to the computer, and then 'sniff' all the traffic between the card and the decoder. Here in Europe, Canal Satelite uses the SECA encryption, which is absolutely cracked. Applying some bugs of the existing smartcards you can create a 'masker key', which is a kind of 'root' account in the card.
When you have created this master key on the card, you are ready to add providers, channels, buy pay per view events and a lots of interesting things. Also there are lots of emulation software you can program into some pics (16f84, 16f876) and build a smartcard (piccard, piccard2), so you are able to watch all channels for free with these cards. Yes a season can be very helpful but you won't get the sufficient amout of information about the encryption algorithm just by sniffing the traffic between the smartcard and the decoder.
Here in Europe, Canal Satelite uses the SECA encryption, which is absolutely cracked. Applying some bugs of the existing smartcards you can create a 'masker key', which is a kind of 'root' account in the card.
When you have created this master key on the card, you are ready to add providers, channels, buy pay per view events and a lots of interesting things. Here in Sweden Canal Digital uses Conax and there are no public codes or files so that you can unscramble the picture. (There are pirate cards, but rumor says that they have been stolen from factory or are MOSCed (modified original cards) On the other hand the largest provider Viasat and their system is compleately cracked. By expoliting or MOSCing the providers card you can read out the management keys (keys used for decrypting operational keys wich are used for decrypting the picture) and of course add other keys and idents. You can also change the time period that determines how long you are allowed to watch a channel.
Right now there even are scripts that unlocks canal digital (conax) cards. You can find out more on [satcodes.com]. Is this the best they could come with to justify their losses? Jean-Marie Messier (J2M) is just a stupid fool with hypertrophied ego. The Universal music division made also a laugh of themselves by taking 5 years to release their music encryption scheme, which was cracked in 2 weeks, and had been overtaken by mp3s three years before.
They did not understand that they could make money with mp3s (by merchandise, concerts, and stuff) and keep spending billions developing stupid encryptions, crashing web sites and harrassing highschool students trading mp3 CDs. Canal+ France was once a great channel, with all major blockbusters maybe 10 months old, great prOn, soccer, and excellent humor and hosts. Nowadays they show less than half of the good movies of the year before, most of them being actually 18/24 months old (because they have to go through their lameass pay per view channels first), run old TV movies, have lost many of their young talents, audience has plumetted to 1% marketshare, prices went up (some say that in the 80s coke was free for everyone at their parties, now even the prices of the other kind of coke at the vending machines have gone up). And they blame it on Murdoch and the Israelies!
While all you say may be true and the reporting of how the hack has occured may be wildly exaggerated (electron microscopes, etc.), some facts remain: • The cracked cards will ruin Canal+'s business (or have already done so). • Murdochs media empire certainly gains a very strong strategic advantage by a ruined competition. • Thus, Murdochs media empire does have a strong incentive. Even if it didn't take place as they claim, this would certainly be a working strategy: crack your competitions technology, release it anonymously on the net in an easy-to-use form and let the script-kiddies do the rest. I guess we'll be seeing more of that tech/cyberwar in the future.
Is this the best they could come with to justify their losses? Jean-Marie Messier (J2M) is just a stupid fool with hypertrophied ego. I wouldn't know, I don't know him, but this comment is about his person, not the issue at hand. Not only off-topic, but a flame/troll also. Nowadays they show less than half of the good movies of the year before, most of them being actually 18/24 months old (because they have to go through their lameass pay per view channels first), But mostly because of the law that prohibits public broadcasting of movies, within one year of them beeing show in theaters.
(some say that in the 80s coke was free for everyone at their parties, now even the prices of the other kind of coke at the vending machines have gone up). There is nothing in your comment that is on-topic, all of it is off-topic, quite a bit is trolling material.
And some personal comments about someone beeing 'a stupid fool'. Are you running some kind of a smear-campaign? And they blame it on Murdoch and the Israelies! Nobody is blaming 'the Israelis' as a whole. Af course there are morally-challenged Israelis as there are of any other nationality. But it's not a comment about all Israelis. Israel has got very good cryptographers and I think that is the reason the article mentions the alleged location of the crack.
-- Have a nice day. I think the interesting part is this just shows with enough big dollar corporate investment, even sophisticated security schemes can be cracked. If cracking security helps your competition out of business, well, that could be worth several billion dollars. Investing $100 million would be money well spent. In my community, the hacker community, a goal is to IMPROVE security by revealing it's flaws. But these guys broke security to make billions off of someone else's huge investment.
That's very different. Of course, like Enron, corporate executives should pay the price for much of the resulting destruction. It'd say that a good '20 years to life' sentence would be appropriate for all of those in this management chain. And if the worker-bees knew what they were up to, same thing: jail. True - but I'm not so sure their goal was to 'make billions off someone else's huge investment'. If what Vivendi is claiming is true, the aim was (a) to undermine a rival technology (if Vivendi's smartcard was totally cracked then no other TV operaters would buy it), and (b) to cause pay-per-view rivals that used Vivendi's technology to lose money through widespread cracking - losing subscriber payments and having to spend more on counter-measures. It must be remembered that the smoking gun could be this: NDS is 80% owned by News International.
News International owns BSkyB pay-per-view sat network, which competes against Canal+ and, more directly, ITV Digital in the UK. • In my community, the hacker community, a goal is to IMPROVE security by revealing it's flaws. But these guys broke security to make billions off of someone else's huge investment. That's very different [and they should be jailed for 20 years to life] Whoa there just a second. Before we all start cheering 'You go, geek!'
, let's analyse what you've just said. It's OK for you to crack encryption and to disclose it - responsibly, I'm sure you'll claim, but you'll have to pick your own definition for what that actually means - because your intention is to help the creators improve it. It's 20 years to life for an NDS employee to perform substantially similar actions, simply because their intention is different.
You probably reckon that if you ever screw up a disclosure (information wants to be free, right?), and information gets into the wild that helps commercial pirates to sell cracked cards, then it's a no-foul simply because you're one of the good guys. In that case the damages to rights owners is just an unfortunate accident, it wasn't your fault, it was that 1337_h4x0r guy you'd known for three whole weeks on IRC, who promised he was a white hat and that you could trust him with the disclosure, and so on. I can understand your stance, but I'd suggest that in practical terms that any disclosures you make will be judged (prosecuted, rather) on the consequences, and that you'll have to rely on your good intentions purely as a last ditch defence, and not as a cloak of invulnerability. I'd be very careful about wishing for long sentences for black hats, because I suspect that a jury might be rather less inclined to believe a plea of 'I never meant to hurt anyone' from someone that the prosecution has just described as an evil computer hacker with a track record of hiding behind anonymous pseudonyms ('standards') to cover up his nefarious acts. In other words: don't be too sure that something as fragile as the truth will protect you.
Lawyers get paid a lot of money to lie very convincingly on behalf of their clients. How convincing could you be if you ever have to prove your innocence? I think the interesting part is this just shows with enough big dollar corporate investment, even sophisticated security schemes can be cracked. Do you have any reliable information on the actual investment required for the crack other Vivendi's statement? The nature of the security business is that the crackers don't break systems the way their designers expect - they bypass mechanisms instead of attacking them directly, they cheat, they are creative.
The numbers cited by Vivendi represent the resources required for a group of well-funded but imagination-impaired engineers to break the system. I find it hard to believe that whoever did this (whether or not it was really NDS) actually spent that much money.
I think the interesting part is this just shows with enough big dollar corporate investment, even sophisticated security schemes can be cracked. Yes, they can, but it should also be pointed out that this one wasn't very sophisticated in the ways that count. I design smart card security systems for a living, and these guys broke a cardinal rule: 'Never assumer that the cards are invulnerable -- because they aren't!'
In fact, no security device is invulnerable. Like a good safe, a security device provides an obstacle that can be overcome with time and effort (although the bar is much higher for the best smart cards than for the best safes). So, any well-designed system should have mechanisms in place to ensure that the break of one card does not compromise the whole system, and to ensure that the cost of breaking one card (around $300K for the best cards, not $5M, and less for older cards). Designers of physical security systems utilize the same principle, although in a different way. Safes are surrounded by alarms, cameras and guards whereas cards are (must be) placed in the hands of potential attackers.
The point is, a good design takes into account the strengths and the limitations of the technology and plans accordingly. I'm so sick of this. I mean, I can understand why they do it but I'm still sick of it.
All the way to the bone. There was a time when companies could ask for money and then have something delivered to it's customers. Soon, this practise became standard all over the world and lots of people payed for things like TV and Radio.
All non-physical in it's form, but yet valued highly enough for the consumers to spend their cash on it. Then, came Computers and later the Internet.
Suddenly, everything that could be put into a digital form and transported over the Internet was free for the taking. Consumers didnt have to pay for content anymore, all the non-physical things they previously payed for didnt cost a dime anymore. Of course, all companies scrambled to try to get old laws and rules to apply to the new world but it was pointless.
Everything in a digital form was free, and there was nothing to be done about that. Long story short; if it's in a digital form (tv,radio,mp3,movies) it's free, and if it's physical (food,cinema,concerts,cars) it costs. That's how the future's going to be, you cant expect people to pay and then not get to keep it or lay their hands on it anymore - 'cos it's free. We are greedy by nature, and here I see yet another company kicking wildly on it's way down when it's marketing idea of selling nothing to people is starting to rumble, because it got too greedy. Better place all that money on trying to embrace the new digital world than locking it out.
Koihime Musou Crack Hongfire Forums. Babylon is burning. There was a time when companies could ask for money and then have something delivered to it's customers. Soon, this practise became standard all over the world and lots of people payed for things like TV and Radio. All non-physical in it's form, but yet valued highly enough for the consumers to spend their cash on it. Except for the consumers who chose not to pay, and instead pirated the signals. People have been cracking PayTV mechanisms and distributing hardware 'free TV' solutions for decades.
The Internet did not 'cause' the consumer to start buying hack hardware for the pay services, it just accelerates the process and makes it easier for consumers to find the piracy hardware and purchase it without having to deal with their local mafia franchisee. What people fail to look at is the income being generated by these companies. Most people 'hacking' DirecTV are still subscribing to it! The cheapest package they'll sell someone is $21.99 per month (going up to $24.99 per month next month!) - and hackers need to pay for this so their unique encrypted key won't get 'blacklisted', effectively locking them out of using an 'emulator' to get all the channels. As I keep saying about these intellectual property issues; you as an individual or business always have the right to *attempt* to protect your IP from piracy/duplication. If, however, you fail to do so - I think that should be considered your loss, and not something worthy of tying up the legal system. The Guardian is a UK newspaper not owned by News Corp.
And with no great love of them. So keep this in mind when reading this that there will be a 'Lets take the piss out of NewsCorp' slant to this, since Newspapers gently dissing each other is par for the course (certainly in the UK, and I don't see it being different elsewhere). Having said that, I actually Read the Guardian site almost every day, It's my favorite UK newspaper (because it has a gentle socialist bias), but I take everything I read, everywhere, with a pinch of salt. I always try to remember the source since it always alters the presentation of 'facts' and often which 'facts' get presented in the first place. A properly designed system will have the following two features. A) Leaking the card owners details does not compromise the system for other users.
B) Plugging the card into a reader does not immediately compromise the owners security. Authentication is used with the remote client [and the reader acts as a relay or proxy].
Trying to prevent people from tearing it apart and looking at the guts is just stupid and counter-productive. The more important side channels are timing and power, not preventing people with electron microscopes. For example, with a bogus reader even if a) and b) hold true, it could be that a timing attack reveal clues about the secret keys used. Canal+ has a very long history of crackers kicking the living daylights out of their encryption/scrambling schemes.
When the channel was launched in the early '80s, it took less than two months for the electronic schematics of a 'pirate' descrambler to be posted in a popular electronics magazine. Who quickly pulled the issue from the shelves when sued by Canal+. It's been downhill ever since. A lot of web sites in Belgium, Switzerland and the UK (hint: border countries) actually advertise pirate descramblers or electronics schematics. I seriously doubt the company attacked by Canal+ had to spend millions and millions of $$$ to crack the scrambling -- the figure (as well as Canal+ losses) were probably grossly over-inflated by greedy lawyers and C+ legal department.
One final note: Canal+ has a nasty reputation in France and in the rest of Europe for cracking down hard on pirates & crackers. Jean-Marie Messier (CEO of Vivendi/Universal/Canal +), who is a complete megalomaniac, is probably to prove he has got a bigger. Hairy cojones than News Corps's CEO.
Just my 0.02 Euros. One might try drilling in through the side, then either probe the device in operation or disable the tamper-sensing circuitry. Because the iButton has lid switches to detect the can being opened, and its processor is mounted upside-down on the circuitboard (with a mesh in the top metal layer of the chip), this is unlikely to be a trivial exercise. It might well involve building custom jigs and tools. In short, it's a tempting target for the next bright graduate student who wants to win their spurs as a hardware hacker.
The 'no-tamper technology' in the iButton is in the form of lid switches which may be defeatable by drilling in from the side, unlike e.g. The IBM 4758 cryptoprocessor which has a tamper-sensing mesh encasing it. Java-Powered Cryptographic iButton iButton Applications iButton Partners Videos News Releases Data Sheets/App Notes Sales and Tech Support Home iButton® Overview Types of iButton Thermochron Java(TM)-powered Memory iButton Accessories Blue Dot Receptor Digital Jewelry Mounting Hardware TINI Java-powered Ring Weather Station iButton Quick Reference Software Developer's Tools FAQs There are two fundamental problems with Internet transactions -especially those that involve sensitive information: authentication and secure transmission. More simply, nobody really knows who you are. Just by eavesdropping, someone can gain information about you and steal your identity. Enter the cryptographic iButton, a very personal computer in a 16mm, stainless steel case.
It provides for secure end-to-end Internet transactions-including granting conditional access to Web pages, signing documents, encrypting sensitive files, securing email and conducting financial transactions safely-even if the client computer, software and communication links are not trustworthy. When PC software and hardware are hacked, information remains safe in the physically secure iButton chip. Samsung 2g Tool Crack Free Download there. Making Life More Convenient and Secure A physically secure co-processor to a terminal, PC, workstation, or server, the crypto iButton opens up a whole new world of convenience.
It connects to the 250 million existing computers with a $15 Blue Dot receptor. By simply pressing your Blue Dot with your iButton, you can: Be granted access privileges to sensitive information on a conditionally accessed Web page using PKI challenge/response authentication. Sign documents so the recipient can be certain of their origin. For example, you can write and sign an expense report. Or you can author a newspaper story, sign it at your vacation home and email it to the publisher. Encrypt and decrypt messages, securing email for the intended eyes only. Conduct hassle-free monetary transactions-print your own electronic postage stamps or print, write, and sign your own electronic checks (coming soon to the network economy).
A Portable, Wearable Computer This mobile computer can become even more secure. You can keep the crypto iButton with you wherever you go by wearing it as a closely guarded accessory-a watch, a key chain, a wallet, a ring-something you've spent your entire life practicing how not to lose. Here are a few reasons why you might want to wear the crypto iButton on the accessory that best fits your lifestyle: It's a safe place to keep the private keys you need to conduct transactions.
It overcomes the deficiencies of secret passwords. You eliminate keystrokes with a quick, intentional press of the Blue Dot. You keep your computer at hand versus lugging yours everywhere you roam. You become part of the network economy.
This steel-bound credential stands up to the hard knocks of everyday wear, including sessions in the swimming pool or clothes washer. An array of digital jewelry has already been established for the convenience of wearing your iButton credential at the iButton store. The Crypto iButton's Extraordinary Security You don't have to take our word for how secure this crypto iButton really is.
The National Institute of Standards (NIST) and the Communications Security Establishment (CSE) have validated a version of the crypto iButton for protection of sensitive, unclassified information. FIPS 140-1 validation assures government agencies that the products provide a trusted, physically secure module to properly protect secure information. As a starting point for the iButton's extraordinary security, the stainless steel case of the device provides clear visual evidence of tampering. The monolithic chip includes up to 134K of SRAM that is specially designed so that it will rapidly erase its contents as a tamper response to an intrusion. Rapid erasing of the SRAM memory is known as zeroization.
Any attempts to uncover the private keys within the SRAM are thwarted because attackers have to both penetrate the iButton's barriers and read its contents in less than the time it takes to erase its private keys. Specific intrusions that result in zeroization include: Opening the case Removing the chip's metallurgically bonded substrate barricade Micro-probing the chip Subjecting the chip to temperature extremes In addition, if excessive voltage is encountered, the sole I/O pin is designed to fuse and render the chip inoperable. You don't have to take our word for how secure this crypto iButton really is. The National Institute of Standards (NIST) and the Communications Security Establishment (CSE) have validated a version of the crypto iButton for protection of sensitive, unclassified information.
FIPS 140-1 validation assures government agencies that the products provide a trusted, physically secure module to properly protect secure information. FIPS 140-1 classification doesn't necessarily imply tamper resistance.
It sets out 4 levels, with level 4 being the highest. At time of printing of my source doc (Ross Anderson's 'Security Engineering', published 2001) there was only one level 4 device (IBM 4758 - the crypto unit used in e.g.
ATM machines). The iButton falls officially into class 3 in FIPS 140-1, but in fact exceeds level three by some way. (Level 3 only requires potting of the components which doesn't rule out any scraping, sandblasting, drilling, EM leakage or memory remanance attacks etc.). FIPS 140-2 (which supercedes 140-1) is available online [nist.gov]. The iButton falls into an area commonly known as level 3.5 and attacking it would be difficult, but not to the level of difficulty of a 4758 or similar device. I would be particularly curious of how the iButton intends to detect ' Micro-probing the chip' in order to trigger zeroisation.
If this is purely based on the mesh layer in the chip then a sophisticated attacker using the 'drill through the side' approach may be able to bypass this since the tamper resistant layer doesn't completely enclose the chip. Not easy by any means, and certainly orders of magnitude better than a smart card, but it doesn't warrant the 'You CANT do this to an iButton' position! In fact, the IBM 4758, (or rather the CCA software supplied with it) can be cracked under certain privileged access conditions as demonstrated by [slashdot.org] in Anderson's group in Cambridge. Using Focused Ion Beam technology, it is a simple matter to carve away pieces of the container and leave behind the parts that operate the switches.
When that is done, the switches can be disconnected. A FIB mill is able to mill cuts smaller than a micron. I know as I use one at work in R&D in a chip plant. We take apart chips all the time to get critical dimension measurements and diagnose failures under several layers of the chip. One new chip had a design flaw where a VIA was where it was not supposed to be. This shorted the chip so it couldn't be probbed to check the health of the rest of the chip.
The engineering data was saved by using a FIB to etch a circle around the VIA disconnecting that one connection. This saved much R&D time as we didn't need to get a new reticle fixing only one problem. The next reticle had the shorted VIA fix as well as many other changes based on the probed data of the chip. Disconnecting the tamper switch circuit that would erease a chip would be a trivial task. Dear Lumpy, I agree with you that the form factor of an iButton gives it the potential to be more secure than a smart card, even if both use basically the same technology for the chip itself. In fact I would even say that the this is an ideal application for the form factor of the iButton.
I will warn you though, that having iButtons placed in satellite TV decoders might be the worst thing that could ever happen to a good product. As has been pointed out many times here, the problem with these encrypted TV schemes is that they seem to depend on all the cards having the same key. Please correct me if I am wrong.
In a well designed smart card system all the cards have card unique keys, which means that if you go through the time and expense of cracking one card then you have one card cracked. This makes it so nobody even wants to crack a card because there is a limited amount of harm that you can do with one cracked card. Since encrypted TV requires all the cards to have the same keys, cracking one card means that the entire system is cracked. You can pump out as many cards as you like. This means that there is actually incentive to crack the card, since you can do exactly what the culprits here did.
What is the point of all this? You can bet that if an iButton were used instead of a smart card that eventually a single iButton would be cracked. Even if it takes millions of dollars to crack a single one, it would be done. Then the iButton would be in the same boat as smart cards are in here on /. And in other circles, which is that everybody thinks they aren't secure because of the encrypted TV problem.
What they don't realize is that the encrypted TV problem in inherently insecure using current protcols. It wouldn't be the fault of the iButton any more than the current situation is the fault of the smart card industry. It is simply that the problem is hard. Maybe they could make a 'Super iButton' that could be larger, have its own internal power source and a nifty mesh like the IBM 4758.
They would become more expensive and you'd have to toss them when the battery runs out, but that might work better. Let me know what you think.
This is the whole point. WHY does there have to be a smartcard for a sattelite reciever in the first place? They can make all this work on the mainboard tying the reciever to the owner/viewer.
And it creates awesome abilities to completely thwart or slow down hugely the pirate tv viewers. Most home sattelite pirates will gladly plug in a hacked H card, they will not take the time to try and remove epoxy from a mainboard, modify a circuit, solder in parts, etc. It is silly to have any kind of plug-in authentication system on such devices.
WHY does there have to be a smartcard for a sattelite reciever in the first place? I agree, a smart card seems like it is only there because it is easy to replace. This would enable the companies to mail out new cards periodically and have cutomers install them with very little hassle. If you want the entire device to last longer than say, five years you would need to either have something more secure than a smart card or be able to replace the card at will. But there are disadavantages to using a smart card in this system. I believe that the iButton is probably not much better and nearly as hackable.
You probably disagree, but you didn't address that point. If there is large corporation that would like to hack the iButton simple to destroy a competitor's product as was the case here then I can't imagine it holding. Again, you are free to correct me, and I admit that you know a lot more about iButtons than I do.
User swillden and I have been discussing whether there is any good solution to this problem. I won't post all our thoughts here. One component of a more secure system would be a crypto unit that actively monitors its own state. It would be interesting to know how much this would cost. The IBM 4758 costs about $2,000, so it is not an option, but you wouldn't need all that functionality. Also, economies of scale would kick in so you could make a simplified device for not that much money. The real question is how much money are the satellite TV companies REALLY losing (as opposed to perceived loss) and how much would a more secure system be worth to them?
Actually for sattelite TV I wouldn't reccomend an iButton for sattelite tv reciever. I would reccomend a custom processor and a fpga replacement of the 'card' is no longer necessary as they can easily send firware updates over the sattelite link. Plus, having the box call home with an encrypted rolling key and protocol nightly to just report checksums and other information would cut the supposed losses due to piracy at least in half. They keep throwing high-technology at the problem where making it inconvienent to anyone but an electronics engineer would make a significant dent.
You could also embed on each machine an ibutton cousin. The serial number chip that looks like a surface mount transistor. As another checksum.
Granted someone with a 16f84 pic can emulate anything like that easily, but that would again require someone to either do alot of modification work themselves or buy a hacked box for a ton of money and then worry that the thing might die (no warrenty) or it might rat on them by calling home when the software was updated last night by the sattelite company. I personally believe that cince they are not changing how their system operates, they are really not noticing any profit loss from piracy. (same as cable tv). The Guardian's got two more pieces on this today, with more details about the collusion between NDS and 'crackers', including the very seedy past of the NDS security chief Ray Adams. The guts of it are the connections of NDS with a sat-piracy website called The House of Ill Compute (THoIC), which fell apart in spectacular fashion in the middle of last year when some of the site's members confronted the spy in their midst in a pub with evidence he was recording everything and passing it to NDS, and getting paid for it. Some UK /.ers may recall it. Here:, 7541,6670 40,00.html and here 4 1,6669 67,00.html.
The question is was the smart card a 0.40 euro or a 10 euro one. There are smartcards that: Contain selfdestruct chemicals that immediately destroy chips core when opened (and they are pretty effective). Perform logical operations on complementary values at the same time (first order differential power analysis wont work). Have several polished layers of transistors( so you cant see the connection layout without carefully removing layers).
Have encrypted internal bus(so you cant read single bits from the bus, becouse they depend on each other). Are designed to resist power failures (can't make that jump to crypto routine to become nop by dropping power or clock) Generally are designed by paranoid and smart people.
Cracking such cards is not possible in a garage according to public research. However, any smartcard can be hacked with enough determination and the correct solution is to make sure that hacking of one card only compromises that one card and not the entire system.
However I don't think that limiting compromise is possible in broadcasting environment. Contain selfdestruct chemicals that immediately destroy chips core when opened (and they are pretty effective). Can you point out any specific chips? I'm not familiar with any that have this feature.
Perform logical operations on complementary values at the same time (first order differential power analysis wont work). Note that Kocher has described ways of defeating the complementary operations approach. It's based on the fact that because the set of transistors performing the complementary operations are not exactly the same as those performing the 'correct' operations, it's possible to distinguish between them. But, yes, there are a variety of ways to defeat DPA and symmetric cryptography modern cards is not vulnerable to DPA (PK operations are still quite vulnerable, AFAIK). Have several polished layers of transistors( so you cant see the connection layout without carefully removing layers).
And the layering is also structured to try to place more sensitive data near the center of the stack. Have encrypted internal bus(so you cant read single bits from the bus, becouse they depend on each other).
The Dallas chips did this, but they were broken. Are there others? Are designed to resist power failures (can't make that jump to crypto routine to become nop by dropping power or clock). Yep, and you should also mention that they monitor other environmental factors like temperature levels, because attacks have been devised that exploit freezing chips or overheating them. Generally are designed by paranoid and smart people.
And this is the best point in your post. Smart card chips are designed by smart, paranoid people who also try to break them and study the attacks that do succeed so they can build countermeasures to those attacks in the next round. Security is a constant cat and mouse game, with better and better attacks leading to better and better defenses. In the smart card world, the defenses have already progressed far beyond the stage where attacks you can perform in your garage are likely to be successful. Then again, there are plenty of smart card systems being designed and fielded by clueless idiots, so we'll be sure to see plenty more 'Smart cards hacked!' Stories on /. However, any smartcard can be hacked with enough determination and the correct solution is to make sure that hacking of one card only compromises that one card and not the entire system.
I've employed many paragraphs to make the same point. But I've never been accused of being overly concise;-) However I don't think that limiting compromise is possible in broadcasting environment. Same signal to all consumers ->same decoding keys for every consumer ->all decoding cards are identical in critical ways.
Yeah, seems like an intractable problem. I spent a few months cracking ARM 60 CPUs and seeing if I could find the key kept in the memory by observing the power consumption. Using a fast storage scope I could simply hook onto sequences in the program (branches are easily visible) and find the operations on the key. The power measurements told me how many bits in the key were on or off when driving the ALU read bus. As the algorithm was working with bytes it was very easy to find most of the bits of information. From a 32bit (4 billion combinations) key I could get down to about 2000 possibilities.
From there its easy to just try them all out. Synchronous processors were very simple to crack. Asynchronous processors didn't have easily visible features like the clock to find the key instructions. They also have temporal shifts so different runs have the instructions executing at different times dependant on the data.
From an asynchronous Amulet2e I could only get two or three bits of information (down to 1 billion possibilities). In other posts (they may have been in the other /.
Story posted earlier) I read comments that in effect said that people were hypocritical if they supported posting DeCSS code and not the code that decrypts Canal+'s system. If in fact the reason people are drawing a distinction between the 2 because one scheme was cracked by an individual person and the other by a global corporation with millions of $ to pump into R&D, then I agree, that distinction is hypocritical. However, there is a principled distinction that can be drawn between the 2 based on intent. The lawsuit alleges that Murdoch's company released the information with the intent that others would use the information to steal proprietary information (the video streams) from Murdoch's competitors. That is MUCH different than cracking a scheme for the sake of the knowledge itself or merely to see if it can be done. The former case is analogous to the following: Employee has combination to Boss' safe where all company assets are kept.
Employee and Boss have an antagonistic relationship. Employee publishes an ad in 'Robbers Daily News' with the address of the business and safe combination knowing (or hoping with a high probability that his hope will come true) that Robber reading the RDN will use the combination and steal the assets. Robber actually does use and steal.
Employee is part of a conspiracy to steal the company's assets and is guilty of the theft as much as Robber. Don't say that my scenario is not accurate - I assure you as a lawyer that under this hypothetical situation, Employee is a conspirator. Also, don't say that trying to look at the subjective intent of the actors kcreates an unworkable situation because WE DO IT EVERY DAY. In courts all across this and other countries around the world, we use the intent of the actor to determine the guilt of people for crimes (or to determine levels of guilt) or liability for civil offenses.
Example: Man runs Woman over with car. Did Man intend to kill woman? If yes == murder. If no == somehting else.
Did Man drive recklessly such that his actions constituted a depraved indifference to human life. If yes == murder or homocide. If no == something else. Was Man driving carelessly? If yes == involuntary manslaughter or negligent homocide. If no == something else.
Was Man driving according to all posted rules and carefully? If yes == accident, no intent (or substitute for intent like recklessness), therefore NOT GUILTY. Although it is more work looking at subjective intent, it usually provides a more thorough examination of the situation and an individualized solution.
Simple, bright line rules just do not work well in complex situations. Case in point: the DMCA. Although I agree it is easy to draw a line between legitimate and illegitimate uses in this instance, I usually stop short of labeling a technological endeavor itself as having no legitimate purposes. For example, if a startup company wanted to manufacture a compatible smartcard to compete in sales of that hardware, they would find that most likely the current manufacturer has some sort of legal protection for its design. If that protection is a patent, the patent would actually have to teach you how to make the smartcard (or at least the patented features of the smartcard).
If however, the current manufacturer is relying on keeping its design a trade secret, then efforts to crack the smartcard could be a legitimate reverse engineering effort to allow entry into the smartcard market. Nintendo lost a case like that a few years ago when it claimed that video game manufacturers had to license its hardware interface design for game cartridges. The court held that competing game manufacturers could reverse engineer the hardware for the purpose of being able to enter the marketplace for Nintendo game cartridges.
That is the weakness with trade secrets - once someone discovers the secret (legitimately, of course) your protection is gone. Smartcards for the general market have to be robust enough and low power enough that they are smallish CPUs. The fast ones are 8Mhz and have some crypto functions built in.
In raw CPU terms they are about the same level as a fast Z80. In a cable TV system, the smart cards generate a seed that is feed to crypto unit. Most system gave up on the smart cards that just say 'they get channles 2-20,45,Pr0n.'
Since they were cracked within days but you never know when a 20 year old cable system is still in use. The Foxtel system in Australia for example uses a signal down the wire that goes to the smart card which then generates a pseudo random sequence. Each of thouse numbers is like an index that tells it where the line is swaped.
Their encryption is they take each scanline, break it and send the second part first. Someone in Norway(?) had written a program that would look for the split in real time and put it back together. I guess Murdoch might have something to worry about if the rumor is true and someone else is willing to pay for a crack. Modern credit card systems do the ATM pin hiding trick in the smart card. If you have access to the networks used by a large department store, it would take about a year to crack most repeat customer's pin numbers. Since most pin numbers are only 4 digits, you only need to be able to feed the chip a few wrong tries per 'swipe' and if they come in a few times a week, you could try 500 pin codes in a year. If you do that with 20 different cards a week, you will have someones full account details and their pin number in a year.
Since its automated, there is no use to limit yourself to 20. This works for both Visa and that cool new clear card from that company no one will accept.
So in a smartcard based credit card system, All you accounts are belong to us. I was thinking, if these satellite companies implement their smart cards using [sun.com] (which are themselves dynamically reprogramable by nature), couldn't they deal better with these issues??? When something like this happens (i.e.: the code is broken), all the satellite operator has to do is send new code to the setup box which will write it on the card, then the code in the card is used to decode the incoming broadcast. It's like assigning the card a new set of keys in a public-private cryptographic key.
HOWEVER, I think this will never be solved until satellite operators can do two-way communications with the setup boxes themselves. Who knows, maybe in the future satellite operators will require users to connect to the Internet at least once a month to update the software of the smart cards, thus giving them enough time for the new codes to be deployed far and wide. Heck, I'd actually have new codes daily!!! For those into techno-religious wars, I used Java Cards as an example, as opposed to other types of smart cards, because Java gives a unified API and object-based execution environment for ALL cards regardless of their origin, which is exactly what's needed to help this situation out. Though it's harder these days - few chips have 1000s of transistors anymore, more like millions.
I remember people reverse engineering the original VGA chips looking for hidden registers), low tech pattern matching (hire a bunch of students over the summer and have them go over photo-micrographs). However things are made easier if you can figure out the cells in the library they built the thing from - then you just pattern match gates. ROMs are also probably pretty easy to decode (unless you compiled them thru your synthesis tool). Smart cards are probably much harder - I bet they're built to be hard to crack (lots of nasty stuff over the top of things so you have to peel them apart to find the metal/poly layers In this case I doubt anyone knows what happened (unless someone inside NDS squealed) - I suspect much of this is just so much guess work.
There are many reasons why ITV Digital isn't doing so well, but it's not all their fault. Firstly, they have a financial disadvantage: not only are they a much smaller company than Sky, but they mustpay huge license fees to the government for the priveledge of existing. Sky, being based off shore, pays no such fees, as they are effectively outside regulation. Secondly, they exist upon the terrestrial network. They'd like to boost transmitter power so that people like you don't have such problems (I know what you're experiencing, we have encountered the same). But guess what - the government won't let them, because it degrades the analog signal slightly, they can only boost the signal when more people have switched. And people won't switch while they are outside the transmitter range: it's a classic chicken and egg situation.
They are tied down at every angle by regulation - for instance the government requires that they transmit regional TV. Regional TV is in my opinion a waste of time, most people I know don't give a rats ass that Mrs. Nobody got her cat stuck up her tree, or that it's the Xth anniversary of the Albert Docks. However, they must not only transmit regionally, but also subregionally. The total number of separate transmission streams comes to 33! That's 33 separate industrial MPEG decoders, and at a cool quarter million each, that is a significant investment.
Sky of course just give the UK the finger. Murdoch used the classic Microsoft trick of subsidising its way into the market as well - by starting the box wars he raised the inital investment by billions. He can afford to lose that much: dominance of the media is more important to him than actual cold, hard profit. It's similar to the MS X-BOX situation. Mismanagement from the top doesn't help either - their enormous bids for football were way out. So you see, all these factors have meant that Sky have walked over ITV Digital, and it's NOT a good thing.
Bear in mind that, despite ITV having to pay for the networks creation and development (the UK had the first digital TV infrastructure in the world remember), it's also an open platform. Sky TV is of course, utterly closed, and by pulling this sort of stuff, Murdoch is pissing all over the British people. That's why I hate him, even though eventually we got tired of repeated transmission faults and switched.