Hi,
The quickest way to code for this device is to use mplab and write your code
in assembler - these devices use a pretty nice risc instruction set and it
is very easy to access the built in io of the device.
If assembler is a bit too low level for you, have a look around the
microchip site for a c compiler, however I'm not sure if the device used in
the goldcards (16F84) is supported by their compilers. There are plenty of
3rd party options, not all are free though - there are some excellent guides
in the 'select a language' section here:
http://www.voti.nl/swp/ <http://www.voti.nl/swp/>
First step is to get a copy of the datasheet for the 16F84 and the assembler
instruction set references, all available on the microchip site. There's a
wealth of reference designs and code examples there that should get you
started in next to no time.
Also a schematic for the goldcard is going to be invaluable to you as you
need to know which of the pics ports are connected to the smartcard
interface before you start, you'll certainly find this if you google around
- concentrate on satellite hacking sites.
Cheers, Pat.
-----Original Message-----
From: khaalel [mailto:khaalel@gmail.com]
Sent: 24 November 2005 10:24
To: Scott, Patrick
Subject: Re: [Full-disclosure] SmartCards programming...
Thanks for the informatiion.
To program a goldcard, which soft and which languages you advise me to
use???
khaalel
On 11/24/05, Scott, Patrick < Patrick.Smith@centrica.co.uk
<mailto:Patrick.Smith@centrica.co.uk> > wrote:
Hi,
From memory the goldcard uses a microchip pic device (16F84 I think) there
is also a small serial eeprom on board. You can pick up a full ide for the
controller from www.microchip.com <http://www.microchip.com> but be a bit
prepared to have to code down the assembler level if you want total control.
You can use this ide to compile the .hex file you require.
IMHO the goldcard is probably not the most ideal choice for this type of
project, the controller used on the card is lacking in some of the nice
hardware features of other cards, as already mentioned, if you look around
you can find other card types with hardware RSA and a full iso card io
implementation, with the goldcard you're pretty much looking at coding these
from scratch.
From a security point of view the goldcard is less than ideal, the pic can
be programmed with a fuse to prevent code being read out - see the
datasheets on the above site, but I'm sure I've seen exploits for this
around the net. Also the onboard eeprom on the goldcards is a potential
weakness. In order to program the eeprom you will need to use a loader -
essentially a bit of code that runs on the cards processor and writes data
received by the card to the eeprom. In order to read the data back all the
attacker need do is reload a loader to the card and read the eeprom contents
back out, so if you're using the eeprom to hold keys etc, be a bit careful.
Goldcards have been the friend of the satelitte tv hacking crowd for a long
time, have a google around for the old seca hacks (start with secanix) for
some examples of source code used to emulate official paytv smart cards
which should give you some good pointers on how to implement a card io layer
and access the eeprom etc.
Cheers, Pat.
-----Original Message-----
From: khaalel [mailto: khaalel@gmail.com <mailto:khaalel@gmail.com> ]
Sent: 23 November 2005 15:17
To: adityad2005@users.sourceforge.net
<mailto:adityad2005@users.sourceforge.net>
Cc: full-disclosure@lists.grok.org.uk
<mailto:full-disclosure@lists.grok.org.uk>
Subject: Re: [Full-disclosure] SmartCards programming...
HI (again),
I found nothing about the language to use with Infinity USB, it asks me to
provide it a .hex file... but what that? and how I can compile a code and
convert it into a .hex file???
Can I use the <http://209.68.36.204/downloads/BasicCardKit.zip> BasicCard
Kit Setup to program something and compile it... then use the Infinity USB
writer to place the compiled file into my GoldCard?
khaalel <http://209.68.36.204/downloads/BasicCardKit.zip>
On 11/23/05, khaalel < <mailto:khaalel@gmail.com> khaalel@gmail.com> wrote:
Thank you for all your informations...this morning, I assisted to a
conference given by AXALTO (I found a contact that accepted to help me) and
I learned a lot of things...
I bought 2 Goldcards (one of my teacher advised me to buy a such card to do
what I want... but I think a physical attack can allow someone to copy the
content of the card or the stored key when the authentication is doing but
to begin its perhaps the more simple card I can find ...)
If you have more infromations, please give me them... for the moment I read
the manual of the Infinity USB and there is no information about the
language I can use to program the cards, Iwill search again with Google and
perphaps on the usenet...
khaalel
On 11/23/05, Aditya Deshmukh <
<mailto:aditya.deshmukh@online.gateway.strangled.net>
aditya.deshmukh@online.gateway.strangled.net > wrote:
Sorry for the top post
If you are going to do something like this then RSA cards are the best
specially securid
It can be implemented almost out of the box and it has great lib support
also.
________________________________
From: full-disclosure-bounces@lists.grok.org.uk
<mailto:full-disclosure-bounces@lists.grok.org.uk>
[mailto: <mailto:full-disclosure-bounces@lists.grok.org.uk>
full-disclosure-bounces@lists.grok.org.uk ] On Behalf Of khaalel
Sent: Wednesday, November 23, 2005 2:12 PM
To: full-disclosure@lists.grok.org.uk
<mailto:full-disclosure@lists.grok.org.uk>
Subject: [Full-disclosure] SmartCards programming...
Hello,
I have to achieve a technical project for my french high school...
And the subject is about cryptography and smart cards...
The goal is to write the programs and all the associated stuff... in
order to create a DRM-like system: when an user enter his card, a software
check his key (or certificate or...) and if the authentication succeed, the
wanted file (document, video, audio...) is open by the software...
Yesterday I bought a programmer/writer : the Infinity USB but I
wanna know if someone could give me some interresting links about smart card
programming (java, basic, .....). I already know some things about
cryptography but I am a newbie in smart card programming. Wich language I
have to learn? Which type of smart cards I have to buy? Which algorithms I
can use (DES, RSA, Elliptic Curves, AES...)??
thanks...
khaalel
________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq ( www.mailtraq.com
<http://www.mailtraq.com> )
_____________________________________________________________________
The information contained in or attached to this email is intended only for
the use of the individual or entity to which it is addressed. If you are not
the intended recipient, or a person responsible for delivering it to the
intended recipient, you are not authorised to and must not disclose, copy,
distribute, or retain this message or any part of it. It may contain
information which is confidential and/or covered by legal professional or
other privilege (or other rules or laws with similar effect in jurisdictions
outside England and Wales).
The views expressed in this email are not necessarily the views of Centrica
plc, and the company, its directors, officers or employees make no
representation or accept any liability for its accuracy or completeness
unless expressly stated to the contrary.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
<http://lists.grok.org.uk/full-disclosure-charter.html>
Hosted and sponsored by Secunia - http://secunia.com/ <http://secunia.com/>
_____________________________________________________________________
The information contained in or attached to this email is intended only for the
use of the individual or entity to which it is addressed. If you are not the
intended recipient, or a person responsible for delivering it to the intended
recipient, you are not authorised to and must not disclose, copy, distribute,
or retain this message or any part of it. It may contain information which is
confidential and/or covered by legal professional or other privilege (or other
rules or laws with similar effect in jurisdictions outside England and Wales).
The views expressed in this email are not necessarily the views of Centrica
plc, and the company, its directors, officers or employees make no
representation or accept any liability for its accuracy or completeness unless
expressly stated to the contrary._______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
