Name These Parts: Verifone Payment Module Tear Down

[Jerzmacow] got his hands on this Verifone Vx570 handheld payment terminal at a flea market. It’s got a thermal printer, a magnetic card reader, and then there’s the big LCD screen and buttons. In other words, lots of parts for his hacking amusement. But first, he decided to take a look at the parts that went into the design. He carefully disassembled the device, documenting what he found along the way. He mentions that there’s a switch pressing against the underside of the LCD which disables the hardware when disassembled. So it sounds like he won’t be able to get it to work again (there’s a Lithium battery inside which we’d guess powers some type of hardware kill switch circuit).

He posted an HD video of the tear down which we’ve embedded after the break. We find some of the design to be quite peculiar. Normally we have [Dave Jones] to walk us through design choices in his EEVblog hardware reviews. Since [Jerzmacow] wasn’t able to provide that level of insight, we’d love to hear what you think each piece of hardware is for. Leave your comments, along with time-stamps from the video. Specifically, what’s up with that strange board shown at 1:51?

39 thoughts on “Name These Parts: Verifone Payment Module Tear Down

  1. I’ve seen a similiar board to that shown at 1:51 – it’s a high security board, that sits between the motherboard and the back of the case. It is multi layer, and tracks all over the place. The chip on the back is probably a battery-backed (read:internal lithium battery not on the PCB) SRAM that contains the encryption codes etc. Removing the board WILL erase chip contents. Drilling trough the board to access motherboard is not an option either. I wonder, some years ago, it came out that you could do a password attack by sleeping a computer, freezing the ram with freeze spray, remove RAM and move to attack computer and read out password from RAM, still keeping data because it’s cold – it would be interesting to see if this could be done on the security chip.

    1. These devices also have thermal monitoring, which will dump the secure keys (the same thing triping when you release the tamper switch behind the LCD). There is also clock frequency monitoring if you were thinking of doing some kind of a glitch attack.

      1. I did a few CCTV installs a couple of years back and it was common for shops to have cameras over the checkout pointing directly down. The staff would make sure any cash handed over was in full view of the camera, but of course the PIN machine was as well.

        The cameras captured almost every PIN number entered because no-one thinks to cover the top.

        There was an interesting attack against the machines themselves demonstrated a couple of years ago where an attacker uses a modified card. The card never gives up the PIN, it just tells the machine if what was entered was correct. There is a cryptographic exchange to ensure the card was not modified to always say “yes, the PIN is correct”, but they forgot to cover people signing instead of using the PIN.

        By law they have to allow it because some people can’t use a PIN. The modified card always says “yes, signature is OK” and the machines just accepted that and processed the payment. I don’t know if they have fixed it, presumably they have but there are millions of old terminals out there.

  2. Its a breakout board and the chip is (atleast it should be) a VeriFone encryption chip. at 1:10-1:20 there is a Multi-Sim card board and as you know some Sim cards use frequencies that certain handheld radios can pick up. if the information wasn’t encrypted it wouldn’t be hard to pick up and read with a serial line enabled radio and vola, you have the card number, Name, and PIN number of whomever just scanned their card, and posibly more!

  3. The kill switch under the display will not prevent the terminal from working. It just blows the debit pin encryption which differs from processing bank to bank(in other words if you activated the terminal it would have to be reencrypted by the bank anyways). Credit cards can still be ran just not debit with pin on the built in pinpad. Most terminals have an external pinpad for debit anyways, so It more then likely does not have an internal encryption loaded to begin with. Been a long time since I worked in the credit card industry in fact I was doing QA on the verifone in this article right before leaving.

    1. Disassembling a vx570 will also erase moist or all of the programs stored on it because of two(not one) rubber carbon button on the inside board pressed by the plastic case halves.
      when its reassembled and powered up it will stay at the boot screen flashing “DEFAULT CERTIFICATE” and “TAMPER ERROR” alternating.

    1. Did you even read the abstract? They developed attacks against two chip-and-pin smartcard readers from the U.K. that allows them to gobble up PINs and account numbers. The devices in question were the Ingenico i3300 and the Dione Xtreme.

      How does defeating the tamper-proofing of two non-magnetic-strip pin entry devices with the intention of retaining functionality relate to this article?

      Did you jack off all over your ability to use google?

      1. I think he was just referring to the information in the paper that explains the board with tons of winding traces. It turns out that they are used to detect if the board has been drilled through.

          1. Eirinn, it would appear replies aren’t stacking (we will see if mine does), but I believe he was replying to a comment that I read earlier that appears to have been removed. I didn’t write it, but it linked to a PDF pertinent to the article. I don’t think it required removal, but apparently someone with removal powers did.

    2. +1
      I ate this paper, and licked my fingers. It outlines a wide variety of redundant security mechanisms POS payment devices have.

      Though it would be odd if the VeriFone had no such security measures, I tip my hat to Jerzmacow for his boldnes and his documentation work.

  4. These Verifone units are used in a staggering amount of American and European(Russian too) POS placements from small to large retail chains..The bids behind all them are shady too..

    They all use a custom asymetric stream encryption on LAN, and then RSA+something on WAN(custom protocol also used on bank of america ATM networksO). Attacks require modified firmware that pads traffic with decryptable data because of how routing works with the in-store gateway.

  5. Yah this is correct the Device should still work. In canada this will erase two different encryption keys. PIN keys (TDES encrypted) and MAC keys (again TDES Encrypted) Just making the terminal useless for processing debit cards.

  6. @ lsellens you may have just explained why my food stamps card would not work at 1 of the registers at local walmart.

    an employee cracked open the terminal and disabled the pin decryption.

    food stamps cards are bin based.

    i think maybe the terminals need to be sealed such that you have to destroy the unit to get it apart. (defective units are thrown in dumpster and replaced with new ones rather than repaired)

    you can still get it apart but you have to cut it apart sliced style

  7. I’m sure there are easier ways to do crime than hacking a broken chip’n’PIN terminal, but all that stuff aside – they still got some useful components, a little thermal printer, some keypads, an LCD screen, a battery.

    Never mind what it *was*, what can it be next? :-)

  8. A routine in the firmware sets up a dword based on a 32bit buffer that comes off the flash file system This buffer data is the key used with the gateway communications which uses a custom(?) cipher as I mentioned in my last comment. More info on the setup can be found in the vendors docs.

    Verifone units are everywhere. But they all go to processing centers over VPN, and have adequate security on in store LAN as well implementing a proprietary stream cipher between nodes and the gateway, and hashing transactions(potential exploitable memory corruption on hashing routines though). You’d have to get a unit while the network is down and flash custom firmware to do effective attacks or develop remote exploits.

    FYI: successful attacks have been carried out at least 2 times on such units since the late 90s, in the wild. Both implemented patched firmware resulting from heavy code analysis and development by teams of hackers.

    Lowed home improvement transactions were done using the padding method I described, they rooted the gateway server to get their data. All these systems typically have a single exposed gateway in house.

    1. In some configurations the key is on the server, in PKI configurations all you need to do without a tech visiting is generate another one through CLI with a process packaged with the server.

      Malware could easily take over a whole network without a single key though through inline hooking one of the gateway services and manipulating data before it hits VPN ciphers.

      Real attackers wont even bother with the terminals, it’s too much work when you can get the same result on the x86 gateway..

      There is probably remote code execution on these if anyone is interested in hacking them without cutting the casing and tapping traces..

  9. This is not entirely correct. The unit can be used to process credit only transactions without an encryption key. We send these out by the hundreds. If the software has been erased it is possible to download it in the wild. This would require privileged information on the merchant that was to use the unit. If you have this information all you need is the right IP based on the bank that issued the original terminal. The encryption key is only required for a terminal that is expected to use its pinpad. When downloading the application the server does not check to see if it has been injected. If it has not been injected with the key and the download is done, the terminal needs to be blown out before the key can be injected. Further there are only a set number of keys used in the injection process. Which key is used is based on the customer, or the organization that the merchant is getting the terminal through. If anyone is interested I might be able to see how to unbrick the thing so you can play with it. There could be some cool applications used on this thing. I forget the specs off hand but I might be able to find them.

    1. I’ve seen them with both PKI and some discreet encryption used in firmware..vulnerable both through firmware and process manipulation on the gateway.

      The only real security in place is physical and whatever security system the containing building has.

      These have been backdoored multiple times in the wild since the late 90s, and that’s just FBI documented cases..

      I can pretty much guarantee code execution on session handling by the firmware too that can be leveraged for anything since crypto data is stored in same privilege as the code on them..

  10. This Maxim IC may be similar to the Verifone SRAM, at least in features, if Per is right. It makes sense — isolate the security keys and stuff on a separate board with crazy traces that make it reasonably impossible to probe the circuitry without breaking a security trace and causing the uC to dump the contents.

    The Maxim part has all the stuff Per described: thermal protection, oscillator monitoring, onboard battery, redundant security logic, and even an onboard tamper log with timestamps (so it must have a RTC too…)

  11. I’m in need of replacing my screen first tried to use it screen was blank it had a back light but no text also can i run it three computer and use a Ethernet instead of phone line

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.