Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Smartcard Security - Suggested Hardware
From: "Matthew Zimmerman" <mzimmerman () gmail com>
Date: Tue, 16 Dec 2008 08:46:35 -0500

Maybe I'm not grasping the whole picture.  Seems to me that the
hardware you're using should either be the same hardware where you
think the problem is (e.g., that exact product) (hardware error) or
the hardware you're using doesn't really matter (software error).  It
could certainly be something in between, but I would go with hardware
that helps you exploit where you think the issue is in this device.

Matt Z

On Sun, Dec 14, 2008 at 10:46 AM, bin4ry <bin4ry () theknetgroup org> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi together,

at university i am working on a project which tries to identify
vulnerabilities in a smartcard system which consists of the actual
smartcard plus a (pseudo?)level-3 reader (reader has a pinpad plus a
display). This system will be used in major cities and we want to make
people aware of the fact that it is (probably) pretty unsecure.

At the moment we are in the pre-information gathering phase: We are
about to import knowledge about smartcards, used protocols, etc.

Since i want to dump the contents of that smartcard and maybe even
rewrite it to another, empty card i need a smartcard reader/writer.

Does anyone has ever done a pentest on that kind of system? Can somebody
suggest special hardware? I know that the chaos computer club (ccc;
local hacking group) has made its own reader/writer but this one isnt
available any more.

If you could hook me up with any info regarding this theme (books?), i
really much would appreciate it.

Kind regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBAgAGBQJJRSo5AAoJELgHfGPPLPuOHpkH/2sLyhqrlA4A8sJZvT0cH7GY
9ffcjiDwtjffdGjHpA+HGTTA5+NKSViIQP0dKpHVOAp3lJkjLPFwnMduYTzV3Rra
aDvKFdC6xX4NVPn46UUa1eZfc3fYZ2D4qgMOUrEnAmxCumxKjYd0D3XcA8/aQgNy
7BKT3FbHOifpE60iHiq2U21MtOIKaO8WXE07FYKcqv0pr6xFKpBF9cRd26n7qUsE
9uq7gr66pjxSdp1ZGnDpwmIXTEUufQ+5AyFlI6AS6PhgZ+H8c6JTDlqksp52CLJQ
rXYZCvjXzqTJ1LWa3ZfDZ4jZX3FhONm2N4Zbd/eHh1eG+hdKnykR44XD5yDjYX0=
=OKkh
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]