Smart card emulator

goodcard10

Here’s a quick prototype from [Travis Goodspeed]. It’s a smart card built around an MSP430 microcontroller. We’ve used the MSP430 in the past because of its low power demands. He says this business card currently supports 1.8V to 3.3V, but a future design will have 5V as well. Technologies like Java Card exist for running applets on smart cards, but a familiar microcontroller like the MSP430 could certainly make development much faster. Knowing [Travis], there’s a reader somewhere about to go through some serious fuzzing.

Comments

  1. mike says:

    these are legal, but they can have serious implications if you use them to pirate satellite tv. I know it’s just an ISO-7816 interface and not an unlooper, but if you write any pirat3 war3z for an interface like this, prepare to be served with a lawsuit if you don’t post anonymously. the satellite companies have been suing for decades and if you naively post any DIY involving sat, even if it doesn’t actually amount to pirating, you will get hit severely. most people who do this already know, but I’m saying this just in case a normal hardware modder puts 1 and 1 together and experiments.

  2. Andrew says:

    Valid point, mike. I’d have to say that normal hardware modders are pretty good at putting 1 and 1 together.

  3. therian says:

    can this bypass my laundry in basement? those cards are similar

  4. JimXugle says:

    Generally speaking, if you’d use this to get something physical for free that you’d usually have to pay for, you’re probably in the wrong.

  5. jproach says:

    jimxugle: He didn’t ask if it was right or wrong, simply if it was possible. But he has not provided enough information to determine that anyway.

    Also, mike, sued for pirating satellite? lol, maybe if you are stupid enough to sell hacked hardware or programming services.

  6. MikeD123 says:

    I thought all of those Dish/Direct TV cases were overturned and everyone who had settled previously in ’03(?) got their money back in another class action suit.

    It was a pretty ridiculous precedent to set anyways. Just like the RIAA seeking profits from iPods because they can be used to play pirated music.

  7. CaitSith2 says:

    Definitely like the idea of this project. Lots of smart card readers to be data fuzzed. Given the way its designed, couldn’t this also potentially capture smart card passwords as well. The general idea, is that you “program” this smart card with the complete memory contents of the smart card you wish to capture the password for, since you only need the password for writing any memory cells on the original smart card, but not for reading said memory cells.

    Once the emulator has a complete copy of the memory cells, but not the password, since you don’t know it yet, the emulator is then programmed to take the very first password guess supplied to it as correct, and store the password it receives to its internal memory, to be read out later. From that point, you could then apply the password to your actual smart card and do what you wish with it, within certain limits.

  8. Karl says:

    As far as I can tell, you can’t control all of the ATR or various protocol parameters on a java card. So, if you need that level of control, a fully-programmable microcontroller is the way to go,

  9. Tim says:

    therian:

    The laundry at my university also used smart cards. I managed to get around it by putting one card in the machine for it to read £X from, and then swapping it for another which it wrote £X-1 to! So actually you could make money (but only money you could spend on laundry).

    They eventually fixed it, and if you pulled the card out it would say “Fraud detected! Your bursar has been notified!”. Complete bollocks, but quite funny.

  10. santino says:

    A open hw plataform/sw framework capable of emulating ISO-7816-3 plus ISO-7816 memory cards (sle-4442, sle-5542, ….) will be great to hack, play around, test, debug a lot of interesting plataforms.

  11. aztraph says:

    Mike, you are correct:
    Be careful everyone, A friend of mine got convicted of satellite piracy just for purchasing the equipment to do it, he had no intention of it but since he had the means, he was found guilty, find a third party or order the stuff under an alias.

  12. mike says:

    I guess the point I’m trying to make is that the sat co’s zealously defend their I.P. You could probably get a slap on the wrist for using this thing to reprogram the laundromat and wash you dirty gym socks for free, but even if you publish a minute technical detail of the sat systems, say on your own DIY hack blog, next to the blog about a tic-tac-toe AVR circuit, they more than likely would sue you under DMCA (if you were an easy target hosted in the US and had an otherwise legit “Joes hardware blog” site with your name and everything). Even if you aren’t found liable, I”m sure being sued is a nightmare that no one wants to experience.

  13. fartface says:

    so publish that info anon on one of the China sat tv hacking sites.

    Cripes, why do all you “crackers” have this affinity with cred?

  14. Wwhat says:

    You know you are part of the process of intimidation now mike, did you stop to think about that? And should you not get paid?

  15. Great project, thanks

  16. mike says:

    @wwhat – so I’m supposed to just keep my mouth shut and let someone make a mistake (if they didn’t understand the legality first) and get burned ? It’s intimidation if I try to help someone avoid getting sued ?

    If you want to challenge the law (the penalties are usually civil but the DMCA *is law*) then do the opposite of what I just said. To expedite the process, post your first and last name along with your hack. If you want to hack sat but not get caught, use overseas websites, and if you want to stay legal, don’t hack sat.

    As Olmek said on Legends of the hidden temple: the choices are yours and yours alone.

  17. dan says:

    The wisdom of Olmec is as fresh today as it was 1000 years ago

  18. chris says:

    There is nothing illegal about making a home-brew smartcard as Travis did.

    There is nothing illegal about making a smartcard reader or one that can electrically glitch a smartcard inserted into it.

    What is illegal and still is today is using ANY kind of technology to circumvent payment for reception of signals that are otherwise impossible to get without paying!

    Whoever got sued by Dtv/Dish bought unloopers including the software explicitly for “unlooping” Dtv/Dish cards and thus had no argument except to settle.

  19. Rob Pickard says:

    The Citi program at the University of Michigan had done some interesting work with their Leon smart card simulator and monkey-in-the-middle hardware.

    http://www.citi.umich.edu/projects/smartcard/leon.html

    There are also some good resources for starting smart card hacking.

    http://www.citi.umich.edu/projects/smartcard/

  20. Wwhat says:

    Reply to mike: Yes, sometimes you should let people use their own mind, and exercise their freedom, you aren’t hired to warn people about all dangers in the world anyway.

    Having said that I hope you understand I’m not attacking you per se, I was just pointing out some thoughts , pointing out that there are more sides to most things.

    It’s good to know a risk, but it’s the MO of many companies (and in fact religions and political groups) currently to go for intimidation and threats, suing grannies just so the news reports it so people get scared, and helping them ‘spread the word’ is something you (meaning everybody) should just think about a bit, if you want to be part of that ‘system of intimidation’, is my point.

  21. Andrew says:

    Very cool hack. I know that a company named Sentilla has Java running on the MSP430. It would be really cool if you were running Java on the smart card.

  22. therian says:

    Andrew why ?!?!? even if close eyes on speed and size(which make it imposable to run it even on high end chips), java have no hardware support, simple rs232 is pain in java

  23. mike says:

    @wwhat, I see your point. I am not trying to dissuade anyone from experimenting by sounding intimidating. What bothers me most about the dmca applied to sat is that even if you dont post a 1.2.3 guide to steal the signal, the dmca protects against publishing any tech. info on protection technology. So I dont want to see some 19 yr old kid do this hack, and publish on a site a guide like “I send 0x3F and it returned 0x9C”, and have a sat co ruin his future via a lawsuit he cannot defend himself against. what i just described Rather, I want to see him do it, but I want him to be aware that he needs to do so more carefully than if he posts the same info about the smartcard at the laudromat. In short, if getting into some hot water at the laundromat is like a garter snake, I’m trying to say the sat co’s are the black mamba. That could be interpreted as intimidation, but it is also supported via fact as we have seen all the lawsuits in the news, justified or not. No it’s not my job to warn people, but it’s my choice to be compassionate and pass on knowledge that could help someone.

    Hope this clarifies. Happy hacking everybody.

  24. nolikemike says:

    mike be quiet

  25. the Wizard says:

    Yea I heard of guys getting lawsuit letters from Dave for just buying a smart card programmer.

    Also my best fried did 39 months for Sat piracy back in the C-Band VC2 days. He died a couple of years ago, but had worked on something similar to this smart card emulator a few years ago.

    Cheers

  26. likemike says:

    yeah mike, dvb cards are better ;)

  27. tom says:

    @mike: The most exciting thing you can say to a nerd is that he must not talk/post about something or else “they” will come after him.

  28. hack says:

    As far as I can tell, you can’t control all of the ATR or various protocol parameters on a java card. So

  29. hack says:

    Thank you nice documents

  30. The Citi program at the University of Michigan had done some interesting work with their Leon smart card simulator and monkey-in-the-middle hardware

  31. www.1tk.org says:

    can this bypass my laundry in basement? those cards are similar ??

  32. spindizy says:

    lol.. this site has gone down hill, but not from the staff, more like from you trolls. Mike was pointing out a VERY real and clear issue. The rest of you just say “be quiet” and “can I get free laundry?” In my not so humble opinion, mike and the others that pitched in along his lines are doing a great thing, they’re not discouraging hacking, they’re just saying “be smart” with it and dont do anything that you’re gonna regret after some legal trouble. You may have saved someone from going to jail mike.

  33. pradip says:

    nice…

  34. Tort King says:

    LOL, NO ONE could hack my site. I do all the security myself. beatthecourt.com

  35. enache says:

    hi,
    Mutoh Spitfire have a plotter, which uses SLE4442 for each color, I read one of the cards and can not change in the first 32 bits. I can help someone ….
    thanks

  36. Anony says:

    Technology is awesome.
    I need to learn microcontrollers.
    (and google “java cards”)

  37. Pete says:

    If ya gotta take a chance an hack where you get whacked for hackin. Then use Tor and do you’re buying and downloading.
    It’s slower but pretty damned safe.
    I’m sure most of you here are aware of Tor but if not take a look at it.
    I run a tor server for the po folk in Iran who need a way to communicate with the free world. Well at least for now. Looks we’re done for.
    I have my supplies for survival over two years.
    And I’ve got some other good stuff.
    Use ur imagination.

  38. Hey I just wanted to let you know, I actually like the written material on your website. But I am using Flock on a machine running version 8.x of Crashbang Ubuntu and the UI aren’t quite proper. Not a important deal, I can still essentially read the articles and search for info, but just wanted to inform you about that. The navigation bar is kind of challenging to apply with the config I’m running. Keep up the good work!

  39. Jaden Flores says:

    i have a satellite TV and cable TV at home, both of them are good;`”

  40. There are, however, some companies that offer these watches at much lower prices.
    A genuine luxury watch will be discussed intensively on the internet when you do
    a Google search. They are expensive and are sometimes are
    known to exceed the price of cars as well.

  41. Sean says:

    Are the holes for a 14-pin adaptor for linking to a PC?

  42. immu says:

    broo i need informatiion about how to by pass smart card protected softwares for example i am trying to by pass mobile flashing and unlocking software tools help somebody

  43. Peter says:

    Do you think, will be it possible to connect this interface to CCcam (or other similar sharing software) ?

  44. John says:

    Question; If I can prove a legit motive for doing this does it get me off the hook legally? I have several hundred doctors who purchased a $150k medical device whose manufacturer went out of business – now they own the equipment and software but cannot access service mode and want me to access it for them. The difference here is that I can prove I’m doing it to legally help a device owner who cannot use the built in s/w that they puchased w/device. Thoughts?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 96,687 other followers