14. .NET Smart Card
• First .NET virtual machine on the chip
• Native support in Windows 7 and server 2008
• Used in:
– Smart card based corporate badges (Microsoft
employees badge)
– Remote Access Control (USA DoD and UK MOD)
21. Card application development
.NET assembly
(1) Compiles program Converter
(3) Signed card binary
Plug-in
(2) Conversion
to card binary
(4) .NET remoting comm.
Comm.
Proxy
(5) APDU comm.
Vendor’s SDK
22. How secure is .NET card?
• Has EAL5+ certified Infenion chip
• EAL certification is widely used by smart card
industry (EAL3 to EAL7)
• .NET card OS is designed to achieve EAL4+
• EAL4+ audit:
– takes 6 to 9 months, costs high 10sk to low 100sk £
– includes independent penetration testing and source
code review in some case
• No published vulnerabilities so far
24. Smart Card Vuln. research
• No Chip OS binary is available
• Traditional tools (debuggers, disassemblers)
are useless
• No publicly available testing tools
• Secure chips have sensors, shields, encryption
• ON-card bytecode/IL code verifier
33. Manual testing vs. HiveMod
• Rev. engineering the SDK: ~2 months
• Hex editor for binary patching : Frustrating
• Modified card binary needs to be signed
• Destroying at least 10 cards: ~200 Euros
34. Real World Attack?
(2) Payment GSM (data)
Access control app
Employee
POS terminal
corporate
E-Purse app
cafeteria
(no GSM access)
(4) save to card
GSM (data)
(1) Attacker plants malware
in e-purse
(3) Access control data
exfiltration
Attacker’s
system
36. Vendor’s Response
• “An attacker needs administration key to be able to
upload his malicious application on the card, This Key is
normally securely stored in a HSM or a smart card
based controller”.
38. Vendor’s Response
• “The targeted application must use private
file-system storage for its data to be exposed.
Therefore, internal (Application Domain)
storage is immune to such attack”.
byte[] key={0xaf,0x09,0x45,0x12,....};
39. More Vulnerabilities...
• Unauthorized memory read in InitializeArray():
public static void InitializeArray(Array array,RuntimeFieldHandle fldHandle);
• Results: Partial memory dump
• Destroys the card (no reliable exploitation
yet)
41. Conclusions
• don’t worry!
• check the apps PKTs for tampering.
• Use a secure card management system
• Smart card apps can be patched/updated , but
not the card’s OS!
• Smart cards OS and apps and card
management software need pen tests too!
42. Closing words
• HiveMod Tool would be available to Smart
Card vendors and security researchers
(contact research@sensepost.com)
• I’d like to thank Dr. Kostas Markantonakis for
supervising my research