Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Lesson: Physical tamering against -- Paper based ( Ntc, NCELL like... ) Scratched off Card.
From: Bipin Gautam <bipin.gautam () gmail com>
Date: Tue, 15 Mar 2011 20:50:21 +0530

Disclaimer: With balance-transfer option around this hack can be
misused to ROB... real CASH in thousands(as balance-transfered for
cash), nevertheless this demonstration is just meant as information AS
lock-picking information (googleing?) is to doing actual burglary!

With liberty comes responsibility....... and while Information is
Innocent and its upto the perceivers how they use/misuse......

Demonstration from Tv (Fast forward to, 12.45minutes.... to jump to
the news. Video is mislead, trick undisclosed) :

Original Discussion

Solution : https://groups.google.com/group/nepsecure/msg/ed67aaa042799576
Screenshot: https://nepsecure.googlegroups.com/attach/ed67aaa042799576/Nepal+Telecom+Scratched+Card+Hack.JPG

If i remember older NTC recharge cards came as plastic card, which
could have already migrated from this loophole.

While... my cause was not to contribute to global warming, or rely on
a do-not-talk;do-not-know dodo..... defense..... and printing PIN Code
over paper is still a greener choice, NTC, NCELL etc... could also use
a small plastic slip instead (rectangular, opaque) to print the PIN
code over it and slip it in in-between the paper to minimize plastic

Alternatively, the edges of the Hard-paper recharge cards can be
PRODUCED strong "razor thin" on the edges, and gradually thicker on
the centre (like a pyramid top to hold PIN) with a safe margin. I
think, its better to use just fine tearaway paper no plastic
lamination on the top... (with few breakable bands... like alu-plus (o
& x criss-cross game) to conceal the number in inbetween.

Affected: (though the papers are < .4 -.5 mm)
It is difficult to tamper and re-master the water-marked scratch-off
coting (With telecom name printed on it).

Simple -- NTC 500-1000 Rs recharge card (because: good hardcover over
pink plastic lamination)
Medium : Other NTC recharge chards of any value, still thick paper...
blade can easily slip through to slice it carefully.
Though, NCELL recharge cards have thinner papers (guess ~1/3 mm?) the
paper are strong, fibrous... so doable.


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Lesson: Physical tamering against -- Paper based ( Ntc, NCELL like... ) Scratched off Card. Bipin Gautam (Mar 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]