Smart Card Emulator

Here’s a quick prototype from [Travis Goodspeed]. It’s a smart card built around an MSP430 microcontroller. We’ve used the MSP430 in the past because of its low power demands. He says this business card currently supports 1.8V to 3.3V, but a future design will have 5V as well. Technologies like Java Card exist for running applets on smart cards, but a familiar microcontroller like the MSP430 could certainly make development much faster. Knowing [Travis], there’s a reader somewhere about to go through some serious fuzzing.

48 thoughts on “Smart Card Emulator

  1. these are legal, but they can have serious implications if you use them to pirate satellite tv. I know it’s just an ISO-7816 interface and not an unlooper, but if you write any pirat3 war3z for an interface like this, prepare to be served with a lawsuit if you don’t post anonymously. the satellite companies have been suing for decades and if you naively post any DIY involving sat, even if it doesn’t actually amount to pirating, you will get hit severely. most people who do this already know, but I’m saying this just in case a normal hardware modder puts 1 and 1 together and experiments.

  2. jimxugle: He didn’t ask if it was right or wrong, simply if it was possible. But he has not provided enough information to determine that anyway.

    Also, mike, sued for pirating satellite? lol, maybe if you are stupid enough to sell hacked hardware or programming services.

  3. I thought all of those Dish/Direct TV cases were overturned and everyone who had settled previously in ’03(?) got their money back in another class action suit.

    It was a pretty ridiculous precedent to set anyways. Just like the RIAA seeking profits from iPods because they can be used to play pirated music.

  4. Definitely like the idea of this project. Lots of smart card readers to be data fuzzed. Given the way its designed, couldn’t this also potentially capture smart card passwords as well. The general idea, is that you “program” this smart card with the complete memory contents of the smart card you wish to capture the password for, since you only need the password for writing any memory cells on the original smart card, but not for reading said memory cells.

    Once the emulator has a complete copy of the memory cells, but not the password, since you don’t know it yet, the emulator is then programmed to take the very first password guess supplied to it as correct, and store the password it receives to its internal memory, to be read out later. From that point, you could then apply the password to your actual smart card and do what you wish with it, within certain limits.

  5. As far as I can tell, you can’t control all of the ATR or various protocol parameters on a java card. So, if you need that level of control, a fully-programmable microcontroller is the way to go,

  6. therian:

    The laundry at my university also used smart cards. I managed to get around it by putting one card in the machine for it to read £X from, and then swapping it for another which it wrote £X-1 to! So actually you could make money (but only money you could spend on laundry).

    They eventually fixed it, and if you pulled the card out it would say “Fraud detected! Your bursar has been notified!”. Complete bollocks, but quite funny.

  7. A open hw plataform/sw framework capable of emulating ISO-7816-3 plus ISO-7816 memory cards (sle-4442, sle-5542, ….) will be great to hack, play around, test, debug a lot of interesting plataforms.

  8. Mike, you are correct:
    Be careful everyone, A friend of mine got convicted of satellite piracy just for purchasing the equipment to do it, he had no intention of it but since he had the means, he was found guilty, find a third party or order the stuff under an alias.

  9. I guess the point I’m trying to make is that the sat co’s zealously defend their I.P. You could probably get a slap on the wrist for using this thing to reprogram the laundromat and wash you dirty gym socks for free, but even if you publish a minute technical detail of the sat systems, say on your own DIY hack blog, next to the blog about a tic-tac-toe AVR circuit, they more than likely would sue you under DMCA (if you were an easy target hosted in the US and had an otherwise legit “Joes hardware blog” site with your name and everything). Even if you aren’t found liable, I”m sure being sued is a nightmare that no one wants to experience.

    1. Hey who taught this one to read. Darn it. A little education and all of a sudden they are smart enout to be here but still dumb enough to use words lile “cracker” which is more of an….nevermind. Carry on. My main man.

  10. @wwhat – so I’m supposed to just keep my mouth shut and let someone make a mistake (if they didn’t understand the legality first) and get burned ? It’s intimidation if I try to help someone avoid getting sued ?

    If you want to challenge the law (the penalties are usually civil but the DMCA *is law*) then do the opposite of what I just said. To expedite the process, post your first and last name along with your hack. If you want to hack sat but not get caught, use overseas websites, and if you want to stay legal, don’t hack sat.

    As Olmek said on Legends of the hidden temple: the choices are yours and yours alone.

  11. There is nothing illegal about making a home-brew smartcard as Travis did.

    There is nothing illegal about making a smartcard reader or one that can electrically glitch a smartcard inserted into it.

    What is illegal and still is today is using ANY kind of technology to circumvent payment for reception of signals that are otherwise impossible to get without paying!

    Whoever got sued by Dtv/Dish bought unloopers including the software explicitly for “unlooping” Dtv/Dish cards and thus had no argument except to settle.

  12. Reply to mike: Yes, sometimes you should let people use their own mind, and exercise their freedom, you aren’t hired to warn people about all dangers in the world anyway.

    Having said that I hope you understand I’m not attacking you per se, I was just pointing out some thoughts , pointing out that there are more sides to most things.

    It’s good to know a risk, but it’s the MO of many companies (and in fact religions and political groups) currently to go for intimidation and threats, suing grannies just so the news reports it so people get scared, and helping them ‘spread the word’ is something you (meaning everybody) should just think about a bit, if you want to be part of that ‘system of intimidation’, is my point.

  13. Andrew why ?!?!? even if close eyes on speed and size(which make it imposable to run it even on high end chips), java have no hardware support, simple rs232 is pain in java

  14. @wwhat, I see your point. I am not trying to dissuade anyone from experimenting by sounding intimidating. What bothers me most about the dmca applied to sat is that even if you dont post a 1.2.3 guide to steal the signal, the dmca protects against publishing any tech. info on protection technology. So I dont want to see some 19 yr old kid do this hack, and publish on a site a guide like “I send 0x3F and it returned 0x9C”, and have a sat co ruin his future via a lawsuit he cannot defend himself against. what i just described Rather, I want to see him do it, but I want him to be aware that he needs to do so more carefully than if he posts the same info about the smartcard at the laudromat. In short, if getting into some hot water at the laundromat is like a garter snake, I’m trying to say the sat co’s are the black mamba. That could be interpreted as intimidation, but it is also supported via fact as we have seen all the lawsuits in the news, justified or not. No it’s not my job to warn people, but it’s my choice to be compassionate and pass on knowledge that could help someone.

    Hope this clarifies. Happy hacking everybody.

  15. Yea I heard of guys getting lawsuit letters from Dave for just buying a smart card programmer.

    Also my best fried did 39 months for Sat piracy back in the C-Band VC2 days. He died a couple of years ago, but had worked on something similar to this smart card emulator a few years ago.


  16. lol.. this site has gone down hill, but not from the staff, more like from you trolls. Mike was pointing out a VERY real and clear issue. The rest of you just say “be quiet” and “can I get free laundry?” In my not so humble opinion, mike and the others that pitched in along his lines are doing a great thing, they’re not discouraging hacking, they’re just saying “be smart” with it and dont do anything that you’re gonna regret after some legal trouble. You may have saved someone from going to jail mike.

  17. If ya gotta take a chance an hack where you get whacked for hackin. Then use Tor and do you’re buying and downloading.
    It’s slower but pretty damned safe.
    I’m sure most of you here are aware of Tor but if not take a look at it.
    I run a tor server for the po folk in Iran who need a way to communicate with the free world. Well at least for now. Looks we’re done for.
    I have my supplies for survival over two years.
    And I’ve got some other good stuff.
    Use ur imagination.

  18. Hey I just wanted to let you know, I actually like the written material on your website. But I am using Flock on a machine running version 8.x of Crashbang Ubuntu and the UI aren’t quite proper. Not a important deal, I can still essentially read the articles and search for info, but just wanted to inform you about that. The navigation bar is kind of challenging to apply with the config I’m running. Keep up the good work!

  19. Question; If I can prove a legit motive for doing this does it get me off the hook legally? I have several hundred doctors who purchased a $150k medical device whose manufacturer went out of business – now they own the equipment and software but cannot access service mode and want me to access it for them. The difference here is that I can prove I’m doing it to legally help a device owner who cannot use the built in s/w that they puchased w/device. Thoughts?

    1. Just to reiterate what others said: despite all the scaremongering, owning this technology itself is NOT illegal and never will be (as long as democratic countries will exist anyway). The tipping point is a demonstrable intent of using it to pirate pay TV and other illicit activities (and if there’s any indication of that, the corporate ba$stards and their horde of lawyers will smell blood and go after you indeed). If you’re lacking that (using it to hack into a $150k medical device definitely doesn’t sound like SAT TV to me), then you’re fine. And personally if a legal letter came to me in such circumstances I’d probably file a report with the police for racketeering.

  20. I participated in the community for years, I purchased some equipment and made my own equipment. I ALWAYS subscribed, the entire time. Most developers did subscribe, as theft was discouraged. I did it for fun, never made any money from it. I never received a letter, never was charged, never snitched on anyone and was never sued, because I DID NOT STEAL! I wrote some 3m codes, some dynamic code for ZKT jumps to prevent hashing. My subscribed card was kept to myself, never posted the .bin image on the internet, that was for the FREE TV mongers of the world. I did share my 3m code in HEX format for learning. The is no such thing as FREE TV, unless you receive over the air TV. I guess it depends on how you look at things. Simply purchasing equipment is no crime, just be smart in how you use it!!!

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.