Hello! Have you heard about card dumps? Even if you do, the article will still be useful to you!
- Dump type
- Overview of smart card hacking methods
- Types of technologies
- Destructive attacks
- Crash detection technologies (glitch attacks)
- Analysis of side channels of information leakage
- New methods of attacks and reading information from memory
- Counteraction measures
Dump type
So, now let's describe what we should have written on the track. We are interested in the second track, and what can we see on it?
It can contain up to 40 characters:
First comes the starting character - %
Then comes PAN - up to 19 digits, in our case it is the card number.
It includes the card issuer code (IIN: Issuer Identification Number) (up to 6 characters), which in turn consists of:
The main industrial identifier (MII: Major Industry Identifier) (up to 2 characters):
0: Reserved for future use by ISO/TC 68.00
: Not for issuing cards
1: Airlines.
2: Airlines and for future use.
3: Travel and entertainment.
4: Bank / Finance.
5: Bank / Finance.
59: Financial organizations that do not fall within the scope of ISO.
6: Banks and merchants.
7: Fuel industry.
8: Telecommunications and for future use.
89: Telecommunications and for watch agencies.
9: Reserved for national use.
This is followed by the emitter (II: Issuer Identifier), up to 5 digits, in some cases the INN length or its size is written if it goes beyond ISO. If MII is 9, then the first three digits are the country code(which is of no interest to us)
Then there is an individual account number (IAI: Individual Account Identification), up to 12 digits, assigned by the organization that issued the card
Then there is a single digit used to check the number and other information, calculated using the formula: (I'll post the formula later)
Mastercard's PAN consists of no more than 16 characters, while VISA has 13 or 16, including the verification digit.
Then there is a separator, one character — =
It is followed in some cases by the country code (if the PAN starts with 59). It is defined in ISO 3166: 724 for Spain, 840 for the USA, and so on.
Then, in most cases, the card's expiration date is displayed in the YYMM (yearmonth) format.
Then comes the three-character service code, which consists of:
Then comes the three-character service code, which consists of:
The first digit indicates where you can use the card:
0: Reserved for future use.
1: For international use.
2: For international use, with restrictions.
3: Reserved for future use.
4: Reserved for future use.
5: For internal use only, except for pre-agreed agreements.
6: Only for internal use, except for pre-agreed agreements, with restrictions.
7: Not for payment, except for pre-agreed agreements.
8: Reserved for future use.
9: For verification.
The second digit defines the conditions for using/authorizing the card (Authorization processing):
0: Transactions are performed according to standard rules.
1: Reserved for future use.
2: The transaction is performed by the emitter and must be online.
3: Reserved for future use.
4: The transaction is carried out by the emitter, must be online, except for pre-agreed agreements.
5: Reserved for future use.
6: Reserved for future use.
7: Reserved for future use.
8: Reserved for future use.
9: Reserved for future use.
The third digit defines the services and conditions of the PIN
0 requirement: No restrictions, you need a PIN.
1: No restrictions.
2: Goods and services (not cash).
3: ATM only and need PIN.
4: Only money.
5: Products and services (not cash) and need a PIN.
6: No restrictions, PIN on demand.
7: Goods and services (not cash) and PIN on demand.
8: Reserved for future use.
9: Reserved for future use.
Then comes the PVV (PIN Verification Value) hash, 5 characters, followed by characters reserved for use by the emitter. And at the end of everything there is a final character -?
Example of the second track (made up):; 4598530106131217=06081211834918387276?
Overview of smart card hacking methods
The smart card industry is booming. In 2002, almost 2 billion smart cards with a built-in microchip were sold worldwide, and these figures are expected to grow significantly in the coming years.
The reasons for this are simple — the scope of smart cards is constantly expanding: from a phone card to a PC user authentication token, from an "electronic wallet" for storing digital cash to a digital passport-identifier. The mass adoption of smart cards in everyday life is accompanied by the indispensable assurances of industry officials that chip cards are the most secure technology available today, which is difficult (read-almost impossible) to open. But you and I know that's not the case at all.
Whether someone likes it or not, opening smart cards is a very old and widespread phenomenon. According to experts, since about 1994, almost all types of smart card chips used in European, and then in American and Asian pay-TV systems have been successfully opened by crackers using reverse engineering methods. And the extracted secrets of the cards (scheme and key material) were then sold on the black market in the form of illegal clone cards for viewing closed TV channels for free.
Another area that is less covered in the press is the forgery of phone smart cards or electronic wallets. However, it is known that in this area, too, not everything is in order with countering hacking. The industry has to regularly update smart card processor protection technologies, and crackers respond by developing more sophisticated autopsy methods, and so on ad infinitum.
Types of technologies
The classification of smart card opening methods may differ slightly from one author to another, but most often the following categories of attacks are distinguished, which are usually used in different combinations with each other.
- Micro-probe technologies — using a microscope and a micro-probe needle, you can get access directly to the surface of the chip, where the attacker registers the passage of information (bitwise), manipulates processes and interferes with the operation of the integrated circuit.
- Software attacks-use the usual communication interface of the smart card processor and exploit security vulnerabilities identified in protocols, cryptographic algorithms, and other features of a specific scheme implementation. I note that the more mature the security technology is, the more often it is necessary to combine this method with other methods of attack.
- Analysis of side channels of information leakage - an attacker with a high time frequency removes analog characteristics of fluctuations in the power supply and interface connections, as well as any other electromagnetic radiation generated by processor circuit elements (transistors, triggers, etc.) during normal operation.
- Failure-inducing technologies-on the contrary, create abnormal operating conditions in order to cause errors in the processor and thus open up additional channels of access to protected information.
Destructive attacks
A typical smart card chip module has a thin plastic base measuring about one square centimeter with contact zones on both sides. One side of the module is visible on the smart card itself and contacts the reader. The silicon matrix is glued to the other side of the base (connecting with thin gold or aluminum wires). The side of the plate where the chip is located is coated with epoxy resin, and such a chip module is glued into the card.
Removing the chip from the card is easy. Previously, the craftsmen took out with a sharp knife or lancet, cutting off the plastic of the back of the card until the epoxy appears. Later, they began to quickly remove the chip, simply heating the plastic to a soft state. Next, the epoxy layer is removed by applying a few drops of concentrated nitric acid (more than 98%). Before the acid can dissolve too much of the epoxy layer and harden, the acid and resin are washed off with acetone. The procedure is repeated 5 to 10 times until the silicon matrix is fully visible. It is necessary to make such abuse of the chip carefully, so as not to damage the connecting wiring, then it will remain operational.
If the processor is completely new, you will have to create a card of its circuits. Now, this is usually done using an optical microscope and a digital camera, which make a large (several meters in size) mosaic of high-resolution images of the chip's surface.
Most chips have a protective surface layer (passivation) of silicon oxide or nitrate, which protects them from equipment radiation and ion diffusion. Nitric acid does not affect it, so specialists use a complex method of dry etching to remove it. But this is not the only way to access the surface.
Another method, especially when the scheme is generally known, is to use micro-probe needles, which use ultrasonic vibration to remove the protective layer directly under the contact point. In addition, laser cutting microscopes used in cell biology laboratories are used for local removal of the protective layer.
The described dissection technique, which I hope you haven't read, is used successfully by amateur mallards. It is amateurs, since the technologies described below are available only to well-equipped laboratories that study semiconductors. There are hundreds of such laboratories in the world (for example, in universities and industrial research centers). The most advanced mallards rent this equipment.
The study of chip-cutting techniques leads to a more general (and relatively less studied) problem — attacks that involve active modification of the chip under study, rather than just passive study of it. For example, there is every reason to believe that some successful pirate attacks on the pay-TV system were carried out using Focused Ion Beam workstations (FIB). Such a device can cut tracks in the metallized layer of the chip and form new tracks or insulating layers. In addition, FIB can implant ions to change the thickness of the silicon layer and even build end-to-end transitions to conducting structures in the underlying layers of the chip. Such devices cost several million dollars, but, as practice shows, not too rich attackers rent expensive equipment for some time from large semiconductor companies.
Attacks on smart cards provided with such tools become simpler and more powerful. A typical attack involves disconnecting almost all CPU processes from the bus, except for the EEPROM memory and the CPU component that generates read access. For example, a program counter can be left connected in such a way that memory regions become available for reading in order as clock pulses are applied.
Once this is done, the attacker only needs one micro-probe needle to read the entire contents of the EEPROM. As a result, the analysis process becomes easier than with passive research, when usually only the execution path is analyzed. It also helps to avoid the purely mechanical difficulties of working simultaneously with several micro-probe needles on tire lines that are only a few microns wide.
Crash detection technologies (glitch attacks)
In principle, computer engineers have long known that engineering-protected devices, such as smart cards, which are usually small and compact, can be subjected to certain levels of radiation exposure or heating, incorrect power supply voltage, or non-standard clock frequency in order to cause computational errors. It is also known that if a computing failure occurs, a computer device can provide information that is useful for recovering secret data. However, how serious this threat really is, for a long time, few people suspected.
At the end of September 1996, a team of authors from Bellcore (a research center of the American company Bell) reported that a serious potential weakness of a general nature was discovered in secure cryptographic devices, in particular, in smart cards for electronic payments (D. Boneh, R. A. DeMillo, R. J. Lipton: "On the Importance of Checking Cryptographic Protocols for Faults", www.demillo.com/PDF/smart.pdf). The authors called their autopsy method "Cryptanalysis in the Presence of Hardware Faults". Its essence is that by artificially causing an error in the operation of an electronic circuit using ionization or microwave irradiation, and then comparing the failed values at the output of the device with obviously correct values, it is theoretically possible to restore cryptographic information stored in a smart card. Research by scientists has shown that all devices that use cryptographic algorithms with public keys to encrypt information and authenticate users are exposed to the new threat. These can be smart cards used for storing data (for example, electronic money), SIM cards for cellular telephony, cards that generate electronic signatures or provide user authentication when accessing corporate networks remotely. However, the attack developed at Bellcore was used to open keys exclusively in public-key cryptos — RSA, the Rabin digital signature algorithm, the Fiat-Shamir identification scheme, and so on.
The main result of the publication of Bellcore's work was that a much larger number of researchers were attracted to a well-known problem in a narrow circle. And less than a month after the appearance of the Bonet-DeMillo article (in October 1996), it became known that a similar theoretical attack was being developed against symmetric cryptographic algorithms, that is, data closure ciphers with a shared secret key. The new method was developed by the famous tandem of Israeli cryptographers Eli Biham and Adi Shamir, called "Differential Distortion Analysis" (abbreviated DAI).
Using the example of the most common DES block cipher, these authors demonstrated that within the same "Bellcorp" model of hardware failure, it is possible to "pull" the full DES key from a secure smart card by analyzing less than 200 ciphertext blocks (a DES block is 8 bytes). Moreover, a number of other works by Biham - Shamir later appeared describing methods for extracting a key from a smart card in conditions when almost nothing is known about the cryptographic scheme implemented inside. The final version of the article describing this work can be downloaded from www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1997/CS/CS0910.revised.ps.
Analysis of side channels of information leakage
In the summer of 1998, news came about another method of opening smart cards, which was more than successfully implemented in practice. A very small, 4-person Cryptography Research consulting firm based in San Francisco has developed an extremely effective analytical tool for extracting secret keys from cryptographic devices. It's funny, but according to the head of the firm, Paul Kocher, the researchers "could not find a single card that could not be opened."
At the same time, Kocher is a biologist by training, and he was engaged in hacking as a hobby from childhood. It is possible that it was his biological education that helped him develop his own style of analyzing "black boxes", treating them as if they were living organisms and carefully examining all the available signs of their"vital activity".
Kocher and his colleagues, in fact, re-invented secret methods of special services and learned how to open the protection of smart cards by using mathematical statistics and algebraic error correction methods to analyze fluctuations (small fluctuations) in the chip's power consumption. This was done for about a year and a half from 1996 to 1998, when Cryptography Research specialists were investigating how to improve the strength of portable cryptographic tokens, including smart cards. Without making their research widely known, they introduced the smart card community to the types of attacks developed by the company, called " simple power analysis "(PAP) and "differential power analysis" (DAP). If you want to dig deeper in this direction, take a look at the link www.cryptography.com/resources/whitepapers/DPA.html.
It is quite obvious that such methods of analysis deserve the most serious attention, since attacks of this kind can be carried out quickly and using ready-made equipment at a cost of several hundred to several thousand dollars. The basic concepts of the new autopsy technique are formulated in the earlier and rather well-known work of Paul Kocher "Cryptanalysis based on a timer attack" (in 1995 - www.cryptography.com/resources/whitepapers/TimingAttacks.pdf). In this work, it was demonstrated that it is possible to open crypto devices simply by accurately measuring the time intervals required for data processing.
As for PAP attacks, the analyst directly monitors the dynamics of the system's energy consumption. The amount of power consumed varies depending on the instructions executed by the microprocessor, and a sensitive ammeter can be used to accurately track fluctuations in power consumption. This is how large blocks of instructions (DES loops, RSA operations, etc.) are detected, since these operations performed by the processor have significantly different fragments inside them. With a higher gain, you can also select individual instructions. While PAP attacks are mainly based on visual analysis in order to identify significant power fluctuations, the much more effective DAP method is based on statistical analysis and error correction technologies to highlight information that has correlations with secret keys.
New methods of attacks and reading information from memory
In June 2002, another method of opening smart cards and secure microcontrollers was published, called the "optical fault induction attack" ("optical fault induction attack"). www.cl.cam.ac.uk/~sps32/ches02-optofault. pdf). This class of attacks was discovered and studied at the University of Cambridge by graduate student Sergey Skorobogatov (by the way, a 1997 graduate of MEPhI) and his supervisor Ross Anderson.
The essence of the method is that focused illumination of a particular transistor in an electronic circuit stimulates its conductivity, which causes a short-term failure. These types of attacks are quite cheap and practical, they do not require complex and expensive laser equipment. For example, the Cambridge researchers themselves used a flashbulb bought in a used goods store for 20 pounds sterling as a powerful light source.
To illustrate the power of the new attack, a technique was developed that allows using a flash and a microscope to set any bit in the microcontroller's SRAM memory to the desired value (0 or 1). The method of "optical probing" can induce failures in the operation of cryptographic algorithms or protocols, as well as introduce distortions in the flow of control instructions of the processor. It is clear that these capabilities significantly expand the already known "failed" methods of opening cryptos and extracting secret information from smart cards.
The industry, as usual, tries in every possible way to belittle the significance of the new autopsy method, since it belongs to the class of destructive attacks accompanied by damage to the protective layer in the smart card chip. However, according to Anderson, attackers can manage with minimal physical intervention: silicon is transparent in the infrared range, so the attack can be carried out directly through the silicon substrate on the back of the chip, removing only the plastic. Using the same X-ray radiation, the card can be left untouched at all.
Counteraction measures
The arsenal of smart card protection tools is very diverse today. Destructive methods of opening can be resisted by capacitive sensors or optical sensors under a light-proof shell (which mallards have long learned to avoid). Or "special glue" - a coating for chips that is not only opaque and has conductivity, but also reliably resists attempts to destroy it, usually destroying the silicon layer under it. Such coatings belong to the US federal standard FIPS 140-1 and are widely used in the US military industry, but they cannot be called ubiquitous in everyday life.
A number of inexpensive and effective methods for countering "differential power analysis (DAP)" and "differential distortion analysis (DAI)" are known from the developments of Cryptography Research. In particular, special hardware and software methods have been developed that provide a significantly lower level of leaks of compromising information, introduction of noise into measurements, decorrelation (separation of interdependencies) of internal variables and secret parameters, as well as time-based decorrelation of cryptographic operations.
A significant number of new security methods have been proposed by the Louvain and Cambridge computer laboratories (www.dice.ucl.ac.be/crypto, www.cl.cam.ac.uk/Research/Security/tamper/). The essence of one of them, for example, is to replace traditional electronic circuits with a self-synchronizing "dual-rail" circuit, where logical 1s and 0s are not encoded, as usual, by high (H) and low (L) voltage pulses in a single conductor, but are represented by a pair of pulses (HL or LH) in a single conductor. two guides. In this case, the appearance of an "abnormal" pair of pulses of the form (HH) immediately becomes an alarm signal, which usually leads to a reboot of the processor.
It's one thing to read about all these methods on paper, but it's quite another to see how they actually work. According to experts, the opening picture is really impressive. And it encourages, of course, to search for new countermeasures with even greater zeal.
