Comments on: Fedex Kinko’s smart cards hacked

By: nameless

nameless — Tue, 19 Apr 2011 21:14:54 +0000

Has anyone else considered that AFTER the PSC value has been entered, the card cannot then prevent the reading of the PSC (command $31). Connecting +5 to EARTH via an appropriate battery & resistor(s) would allow the value to be read using a standard card reader?

In the case of the Kinkos thing, this seems a much simpler solution…

By: Hawk

Hawk — Tue, 15 Jun 2010 05:13:49 +0000

Can the ARC30 allow you to record what is on the card and write it back? That way, you could just keep using the same card over and over without running out. No hacking the card.

Will this work?

By: Submit Your Bitch

Submit Your Bitch — Tue, 09 Feb 2010 21:54:08 +0000

good one..

By: Haze Him

Haze Him — Wed, 03 Feb 2010 22:20:11 +0000

good info :)

By: aaa

aaa — Wed, 03 Feb 2010 18:28:18 +0000

asdasd

By: Fat Loss 4 Idiots

Fat Loss 4 Idiots — Fri, 13 Nov 2009 16:23:11 +0000

I’ve really enjoyed reading your articles. You obviously know what you are talking about! Your site is so easy to navigate too, I’ve bookmarked it in my favourites :-D

By: ejonesss

ejonesss — Wed, 26 Nov 2008 05:40:10 +0000

at this point the attacker can take the card to the service counter and ask for the balance in cash

unfortunately look at image

http://hackadaycom.files.wordpress.com/2008/11/overview.jpg?w=450&h=338

the smart chip has been soldered to (a dead give away that the card has been tampered with).

you may want to try getting a proper connector maybe salvage the card reader slot from an old dish receiver or something.

By: piglet

piglet — Tue, 01 Aug 2006 22:35:45 +0000

Hi,
The torrent in comment 28 doesn’t seem to work. Can someone point me in the direction of a stream that DOES work since I’m gagging to see the guys in action. I also have a vested interest since I’m hoping to do a UK reprise on the hack with the Boots Advantage card. Similarly, it only has 6 connectors & has been going since 1997 so it MUST be quite old technology. Also, being a FREE card, cost is everything. I’ve got everything crossed that they have used an SLE4418 so not even a pin-code is needed ;-)

Many thanks in advance, Sean.

By: piglet

piglet — Mon, 31 Jul 2006 16:42:34 +0000

One last question (please don’t tell me to UAFSE). I’ve ordered a USB smart-card reader-writer. Is their freeware to allow me to simply alter the card?

By: piglet

piglet — Mon, 31 Jul 2006 01:03:18 +0000

In the UK, Boots Advantage Cards have only 6 connectors. The connector matrix is a rectangle so I’m guessing it’s the same ’6 lines used, only put 6 onto the thing’.

By: piglet

piglet — Mon, 31 Jul 2006 00:18:36 +0000

Going back to comment 26, in the UK, the chain of pharmacists use a smartcard with just 6 connectors. Is this the standard chip with different connectors. Can I read this with a standard reader?

By: frodus

frodus — Wed, 21 Jun 2006 20:11:05 +0000

A few years ago, there was a free reader from American Express, I got one, free of charge, no shipping. Need a smart card though…

By: frodus

frodus — Wed, 21 Jun 2006 20:10:50 +0000

A few years ago, there was a free reader from American Express, I got one, free of charge, no shipping. Need a smart card though…

By: maluc

maluc — Fri, 28 Apr 2006 21:53:25 +0000

well i found the code just now, and having tried many methods over these two months.. the one that worked like a charm was a logic analyzer .. if ur smart u can find one for $155US shipped, and worth every penny

u can also do as a friend is doing, and make your own logic analyzer using the parallel port.. but it can be a pain in the ass; microcontroller versions even worse +_+

the keckslist example is also a nice possibility, but you have to make sure to get a smartcard reader that has a ‘read security memory’ command for the sle4442 ..the ACR30 does not!

good luck,
maluc ^^

By: ryan kamfolt

ryan kamfolt — Thu, 27 Apr 2006 11:19:29 +0000

Sorry for some reason on my server you have to add the / to the end of the address so here is a working address:

http://www.keckslist.org/kinkos/