Slashdot Mirror
Cracking the Smartcards
hanuman writes: "So you know you're a true hacker when: 'Breaking the encryption alone would cost up to $5m. The process demanded the use of ultra-expensive electron-scanning microscopes, with the team probing wafer-thin chips no bigger than a thumbnail. Each chip contained up to 50 layers, with each layer in turn carrying up to 1,000 transistors, every one of which had to be pulled apart and analysed.'." This is a follow-up to the Vivendi vs. News Corp. story with more details about what is alleged to have occurred. Update: 03/14 12:28 GMT by M : And yet another story, which alleges that the head of security at NDS funded the website that distributed the hack for their rival's smart cards.
Try searching for it, a lot more information than you would expect _is_ available on the net. Start building your own little "smart-cubes"
it's in my head
I thought there were two kinda standard chips and that ripping ROMs was, with a card reader, reasonably easy to do.
Can someone find a link which explains the technical reason they had to bigtime reverse engineer everything?
Conversion Rate Optimisation French / English consultant
Putting so much money and effort in cracking a
protection mechanism, don't their lawyers know about
DMCA. I guess this law was aimed only at individuals
or small corporations.
There was just an article about Hong Kong using smartcards as ID, this is quite sad.
What about special Smart Card? like a dual chip smart card which requires a special reader/writer?
I know that's probably gonna raise the cost but at least it beats fake IDs.
kawai
What is a smart card?
A credit card-sized device that protects digital television signals from
unauthorised viewing.When plugged into a set-top box, it determines which
programmes subscribers have paid to see.
The cards contain tiny but sophisticated computers that decrypt television
signals as they pass through the air and turn them into television pictures.
Without a smart card, ITV Digital viewers can only watch free-to-air channels
like the BBC, ITV and Channels 4 and 5.
Users of pirate cards have been gaining access to pay TV channels like sports
and movies without paying.
Where did the pirated cards come from?
Hackers posted on the internet details of the codes needed to create illegal
smart cards that gave free access to pay TV services. Criminals used the
information to make fake cards and then sold them through pubs, clubs and market
stalls for £5-£20. About 100,000 pirated ITV Digital cards are thought to be in
circulation.
What is Vivendi Universal?
A former French water group that is now one of the biggest entertainment
companies in the world. The chief executive, Jean-Marie Messier (right), has
become one of the world's most powerful media moguls after buying a range of
businesses including the Universal film studios and music labels, Canal Plus
television in France, the Cegetel mobile phone company, directory businesses and
internet firms.
What is Canal Plus?
The European film and television distribution arm of Vivendi Universal. The
division that makes the smart cards is called Canal Plus Technologies. It
supplies cards and software to 12.5m set-top boxes worldwide.
What is NDS Group?
Based in Staines, Middlesex, NDS specialises in building the smart cards and
interactive software for pay TV systems that allows paid-for television
programmes to be securely beamed to customers' homes.
Rupert Murdoch's News Corporation is an 80% shareholder. NDS technology is used
in almost 28m pay TV set-top boxes worldwide and supports 40% of all satellite
receivers. Most of the group's research is carried out in Israel.
Basically this is a nice heavyweight fight.
I really hate Dan Patrick.
I know guyz that have done this (SEM in light fast vaccuums)... and won.
:
8 C: www.usenix.org/publications/library/proceedings/sm artcard99/full_papers/kommerling/kommerling_html/
:
e ed ings/smartcard99/full_papers/kommerling/kommerling _html/
Read this VERY fascinating ggogle cache of the state of the art many years ago...
http://www.google.com/search?q=cache:wybhqqCka2
Its pretty darn good.
Now the world has progressed to kracking using varrying external clocks, SEM as routine, probe points, etc.
Everything is crackable.
The best researchers (with published findings) arent in isreal btw, they are in Britain.
please read that cached google paper, its really worth it.
if the cache is dead try
http://www.usenix.org/publications/library/proc
Whenever anything remotely like hacking occurs, the hacked company dramatically overstates all financial figures as well as the level of expertise required to perform the hack -- makes it seem more malicious. Damages always have at least 6 zeros (preferably 9) and you need to have a team of 15 people working 24/7 for months/years. When the truth is much closer to one person hacking away in a garage for a few weekends and finding a fundamental flaw. And damages? Well, with intellectual property it can often be argued that damages are negative, with the exposure being provided by a new technical option actually increasing the total number of people interested in spending money on a product.
I'm sorry to have to say that the article you
referred to contains a gross inaccuracy: the
exstimate of the cost of `cracking a smart card'
is way overinflated. Smart card technology is,
by its own very nature, not safe: any smart
card is vulnerable to power/timing attacks
and, even if expensive equipement helps, you
don't need that much in order to recover the
keys. As a matter of fact, given that amount of
money the simplest way to force the system is
an exaustive search on the 3des keyspace (yes,
3des is the algorithm). I would advise people to
read a bit more about Differential Power Analysis
before going to court... I would suggest anybody
interested
to try to find the proceedings of any
{Euro|Asia}crypt or of CHES (Cryptographic
Hardware and Embedded systems).
Regards,
lg
this article is about the signal decryption codes for TV, it has nothing to do with internet security
Here is summary from extensive article on how a researcher kracked many types of crypto chips and crypto cards :
8 C: www.usenix.org/publications/library/proceedings/sm artcard99/full_papers/kommerling/kommerling_html/
We have presented a basis for understanding the mechanisms that make microcontrollers particularly easy to penetrate. With the restricted program counter, the randomized clock signal, and the tamper-resistant low-frequency sensor, we have shown some selected examples of low-cost countermeasures that we consider to be quite effective against a range of attacks.
There are of course numerous other more obvious countermeasures against some of the commonly used attack techniques which we cannot cover in detail in this overview. Examples are current regulators and noisy loads against current analysis attacks and loosely coupled PLLs and edge barriers against clock glitch attacks. A combination of these together with e-field sensors and randomized clocks or perhaps even multithreading hardware in new processor designs will hopefully make high-speed non-invasive attacks considerably less likely to succeed. Other countermeasures in fielded processors such as light and depassivation sensors have turned out to be of little use as they can be easily bypassed.
We currently see no really effective short-term protection against carefully planned invasive tampering involving focused ion-beam tools. Zeroization mechanisms for erasing secrets when tampering is detected require a continuous power supply that the credit-card form factor does not allow. The attacker can thus safely disable the zeroization mechanism before powering up the processor. Zeroization remains a highly effective tampering protection for larger security modules that can afford to store secrets in battery-backed SRAM (e.g., DS1954 or IBM 4758), but this is not yet feasible for the smartcard package.
====
as I posted a moment ago, this semi older paper (Design Principles for
Tamper-Resistant Smartcard
Processors) is cached on google and is vtial to read before trying to properly understand post-2000 cypher-punk papers
http://www.google.com/search?q=cache:wybhqqCka2
its a big covert hobby and SEM rentals are cheap
Does anyone know the breakdown for the $5m figure? Where did most of the cost of cracking the cards come from (e.g. manpower, the equipment they had to buy, etc..)?
slashdot!=valid HTML
Our encryption system is based around having private keys stored encrypted across multiple smart cards (I have a big bundle of the things on my desk at the mo.). The cards are dished out to a collection of people & you need so many of these to recreate a key. The key is loaded into RAM on a hardware encryption unit which runs away happily doing its thing. If a unit looses power then you have to get a collection of people to shove their smart cards into the unit to recreate the key in RAM. This isn't fun at 2 in the morning...
Never really looked into the vulnerability of the smartcards before. I suppose the fact that the key is split across multiple cards gives us some protection though. This methodology wouldn't work for set-top-boxes though.
Has anybody looked into stripping information from a smart card? - how easy is this to do?
There is no space in the html citation... its the old slashcode bug... but you know that already... you need to delete spaces in such links on slashdot pages.
Other web sites using slash code might not have this defect but probably share it.
Just zap the space if you wnat to follow the link.
All that we have to go on is what is alleged to have occurred. It's too bad that such amazing feats, relevant as they are to all of our continuing efforts to secure our products and systems, cannot be directly described in more detail. Tell me again the ethical justification behind making code-breaking a legal issue?
And why do only businesses see this protection?
I noticed that the article emphasized the tax evasion angle. Wasn't that the same way they took down Capone?
Find out about my new childrens book: SS Death Camp Criminal Batallion Go To Monte Carlo For The Massacre
Very easy if you are smart enough. Not much money needed for SEM rental.
:
8 C: www.usenix.org/publications/library/proceedings/sm artcard99/full_papers/kommerling/kommerling_html/
refer to
http://www.google.com/search?q=cache:wybhqqCka2
PS its easy to krack your RAM resident key and you know it. Very easy to attach bus analyzer to a doctored memory SIMM or doctored L2 or L3 cache and snatch-probe the computers memory. I doubt you solder-locked all the memory in. And yes i know people that have done this and its a cinch.
Its inflated. A similar team of experts could do it with 2 or 3 guys in a month or two for under 20 thousand dollars...
:
8 C: www.usenix.org/publications/library/proceedings/sm artcard99/full_papers/kommerling/kommerling_html/
Sure low iq moron engineers can squander 5 million doing the same thing genius level experts can do it for under 20K.
But that does not mean it takes 5 million.
Forget your breakdown.
Read this to learn the methods used that are common knowledge methods
http://www.google.com/search?q=cache:wybhqqCka2
and those are not all the 2002 tricks, but good enough to beat most all crypto chips.
ROMs are also probably pretty easy to decode (unless you compiled them thru your synthesis tool).
Smart cards are probably much harder - I bet they're built to be hard to crack (lots of nasty stuff over the top of things so you have to peel them apart to find the metal/poly layers
In this case I doubt anyone knows what happened (unless someone inside NDS squealed) - I suspect much of this is just so much guess work
Thanks for the info - I'll look into this as a fun side project...
PS its easy to krack your RAM resident key and you know it. Very easy to attach bus analyzer to a doctored memory SIMM or doctored L2 or L3 cache and snatch-probe the computers memory. I doubt you solder-locked all the memory in. And yes i know people that have done this and its a cinch.
It would be easy if the key were in the memory of a normal machine, but this is a separate SCSI device, tamper proofed with a collection of EPROM trashing switches & the PCB itself is encased in epoxy resin (with a huge fan to keep the block cool). Total cost of each unit is £20k so for that kind of cash it better not be that easy!
You can build a hardware device called Season2 interface, which allows you to plug it into the decoder, and then plug the smartcard into the Season2. This device has a serial port conector, so you can connect it to the computer, and then "sniff" all the traffic between the card and the decoder.
Here in Europe, Canal Satelite uses the SECA encryption, which is absolutely cracked. Applying some bugs of the existing smartcards you can create a "masker key", which is a kind of "root" account in the card. When you have created this master key on the card, you are ready to add providers, channels, buy pay per view events and a lots of interesting things.
Also there are lots of emulation software you can program into some pics (16f84, 16f876) and build a smartcard (piccard, piccard2), so you are able to watch all channels for free with these cards.
DVD Ripping, Divx, VCD, SVCD under Linux
is this the best they could come with to justify
their losses ? Jean-Marie Messier (J2M) is just
a stupid fool with hypertrophied ego.
The Universal music division made also a laugh
of themselves by taking 5 years to release
their music encryption scheme, which was cracked
in 2 weeks, and had been overtaken by mp3s three
years before. They did not understand that they
could make money with mp3s (by merchandise,
concerts, and stuff) and keep spending billions
developing stupid encryptions, crashing web sites
and harrassing highschool students trading mp3
CDs.
Canal+ France was once a great channel, with all
major blockbusters maybe 10 months old,
great prOn, soccer, and excellent humor and hosts.
Nowadays they show less than half of the
good movies of the year before, most of them
being actually 18/24 months old (because they
have to go through their lameass pay per view channels first), run old TV movies, have
lost many of their young talents, audience
has plumetted to 1 % marketshare, prices
went up (some say that in the 80s coke was free
for everyone at their parties, now even
the prices of the other kind of coke at the
vending machines have gone up).
And they blame it on Murdoch and the Israelies !
Google passes Turing test : see my journal
You know when you're a true cracker: when you have a spare $5M to throw at stuff when good old social engineering doesn't work anymore. 8-)
Yesterday was the time to do it right. Are we having a REVOLUTION yet?
I think the interesting part is this just shows with enough big dollar corporate investment, even sophisticated security schemes can be cracked.
If cracking security helps your competition out of business, well, that could be worth several billion dollars. Investing $100 million would be money well spent.
In my community, the hacker community, a goal is to IMPROVE security by revealing it's flaws. But these guys broke security to make billions off of someone else's huge investment. That's very different.
Of course, like Enron, corporate executives should pay the price for much of the resulting destruction. It'd say that a good "20 years to life" sentence would be appropriate for all of those in this management chain. And if the worker-bees knew what they were up to, same thing: jail.
Then how come I know pairs of people that have cracked some of the best UNCRACKABLE crypto chips the month the chips shipped. Chips designed by huge corporations of people that concurred that their own engineers could practically NEVER crask these crypto chips.
I suppose when I say High IQ you seem to actually believe corporations with 400 engineers just happen to have one or two by luck.
YOU ARE WRONG!
If you read the "Bell Curve" you will see that people wiht very high IQs never socialize, for whatever reason, with average intelligence people.
The Bell Curve says if people were clusterred randomly, 6 close frineds would have a mix of college grads versus non college grads.... but as you may know... a gifted college grad tends to heve a high porportion of other college grads as his close freinds in life.
IQ is not like hair styles
IQ is not like height
IQ is all that is takes to crack the "uncrackable" and the best and brightest shun large corporations. Just as the best software engineers shun coprporate life and are consultants or run small startups.
YOu have a fallacy to think that you would find even one talented crypto expert in 400 engineers.
I am well aware that 400 engineers do not work together cohesively, I meant that they existed in the same payroll as a unified resource if directed to act as one resource to a single goal.
I'm so sick of this.
I mean, I can understand why they do it but I'm still sick of it. All the way to the bone.
There was a time when companies could ask for money and then have something delivered to it's customers. Soon, this practise became standard all over the world and lots of people payed for things like TV and Radio. All non-physical in it's form, but yet valued highly enough for the consumers to spend their cash on it.
Then, came Computers and later the Internet. Suddenly, everything that could be put into a digital form and transported over the Internet was free for the taking. Consumers didnt have to pay for content anymore, all the non-physical things they previously payed for didnt cost a dime anymore. Of course, all companies scrambled to try to get old laws and rules to apply to the new world but it was pointless. Everything in a digital form was free, and there was nothing to be done about that.
Long story short;
if it's in a digital form (tv,radio,mp3,movies) it's free, and if it's physical (food,cinema,concerts,cars) it costs. that's how the future's going to be, you cant expect people to pay and then not get to keep it or lay their hands on it anymore - 'cos it's free. we are greedy by nature, and here I see yet another company kicking wildly on it's way down when it's marketing idea of selling nothing to people is starting to rumble, because it got too greedy. better place all that money on trying to embrace the new digital world than locking it out.
babylon is burning.
Anataka suki desu. Itsumo. Itsumademo.
Very well, you coverred the bases of the first level.
Its not impossible, but quite a big pain to get probes in there now. Good job so far, but it would be safer if the code and key were never in ANY ram chips but instead harbored in one monolithic crypto chip off the rack.... a conventional modern crypto chip.
You are a failure, failure.
-- 'The' Lord and Master Bitman On High, Master Of All
http://slashdot.org/comments.pl?sid=29435&cid=3
has reference to a much better paper from 2 years later and was posted 40 minutes ago and if you browsed at level-0 you would have spotted it.
The fact that its still at 0 is because moderation does not work very well which is why your post is at 2 karma and you let mine languish at 0.
I have ITV digital and it sucks. Badly! We have an external antennae, and a bunny antenae and the signal on both can't pick up all the channels we've subscribed to. Customer service insists it's corrosion or some such crap that is degrading our signal. The best signal is received when I hang the bunny antenae out of the window of our third floor apartment.
So I'm not feeling too sympathetic for their plight.
Its never going to be impossible - just want it to be very hard/tricky. There has to be a limit somewhere, our greatest weakness is probably the people with the cards.
Cheers for the chat...
Why would you like to spend 5M on cracking smartcards?
It would be much cheaper to threaten smartcard's owner, and make him use it the way you want.
The simplest ways to crack network:
A. Use hammer to mount DoS attack.
B. Capture network's admin, and torture him until he gives out all passwords.
MSDOS: 20+ years without remote hole in the default install
tsss, wth, my friend rewrote the card in 1998, and since then, i'm watching c+ for free, no problem at all, what is al this hus about? use the google inside you, check some bullitin boards about satelite communication, about decoder electronics... someimes you people can be slow, but hell, this time a turtle could run past you...
electron microscopy?
transistor-by-transistor analysis?
suddenly all those l33t h@x0rs who swagger around boasting of cracking into radio shack workstations look like a bunch of punks.
The Guardian is a UK newspaper not owned by News Corp. and with no great love of them..
So keep this in mind when reading this that there will be a 'Lets take the piss out of NewsCorp' slant to this, since Newspapers gently dissing each other is par for the course (certainly in the UK, and I don't see it being different elsewhere).
Having said that, I actually Read the Guardian site almost every day, It's my favorite UK newspaper (because it has a gentle socialist bias), but I take everything I read, everywhere, with a pinch of salt. I always try to remember the source since it always alters the presentation of 'facts' and often which 'facts' get presented in the first place..
"Oops, I always forget the purpose of competition is to divide people into winners and losers." - Hobbes
A properly designed system will have the following two features.
a) Leaking the card owners details does not compromise the system for other users.
b) Plugging the card into a reader does not immediately compromise the owners security. e.g. authentication is used with the remote client [and the reader acts as a relay or proxy].
Trying to prevent people from tearing it apart and looking at the guts is just stupid and counter-productive. The more important side channels are timing and power, not preventing people with electron microscopes...
For example, with a bogus reader even if a) and b) hold true, it could be that a timing attack reveal clues about the secret keys used.
Tom
Someday, I'll have a real sig.
L
O
L
Canal+ has a very long history of crackers kicking the living daylights out of their encryption/scrambling schemes.
When the channel was launched in the early '80s, it took less than two months for the electronic schematics of a "pirate" descrambler to be posted in a popular electronics magazine... who quickly pulled the issue from the shelves when sued by Canal+. It's been downhill ever since.
A lot of web sites in Belgium, Switzerland and the UK (hint: border countries) actually advertise pirate descramblers or electronics schematics.
I seriously doubt the company attacked by Canal+ had to spend millions and millions of $$$ to crack the scrambling -- the figure (as well as Canal+ losses) were probably grossly over-inflated by greedy lawyers and C+ legal department.
One final note: Canal+ has a nasty reputation in France and in the rest of Europe for cracking down hard on pirates & crackers. Jean-Marie Messier (CEO of Vivendi/Universal/Canal +), who is a complete megalomaniac, is probably to prove he has got a bigger... Uh... large... Ahem... hairy cojones than News Corps's CEO.
Just my 0.02 Euros.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
If you can't guess it, brute force it. If you can't brute force it, hand the best team you have a blank check and say, "Enjoy."
One of the interesting things I saw recently at the NSA career website was a mention that many of their engineers get their own, individual, custom hardware. If they have the budget and facilities for that, you better believe that they have what NDS has and more.
You can never go home again... but I guess you can shop there.
You CANT do this to an iButton. as soon as you crack open the shell to expose the silicon a super rapid zeroization process starts inside.
They cant put this no-tamper technology on a smartcard, there is barely room and durability for what is there now.
Do not look at laser with remaining good eye.
A relevant paper (by Markus Kuhn, same guy who did the research about evesdropping on CRTs using the ambient light generated) here.
- The cracked cards will ruin Canal+'s business (or have already done so).
- Murdochs media empire certainly gains a very strong strategic advantage by a ruined competition.
- Thus, Murdochs media empire does have a strong incentive.
Even if it didn't take place as they claim, this would certainly be a working strategy: crack your competitions technology, release it anonymously on the net in an easy-to-use form and let the script-kiddies do the rest. I guess we'll be seeing more of that tech/cyberwar in the future.Idempotent operation: Like MS software, wether you run it once or often, that doesn't make it any better.
The Guardian's got two more pieces on this today, with more details about the collusion between NDS and "crackers", including the very seedy past of the NDS security chief Ray Adams. /.ers may recall it.
, 7541,6670 40,00.html
4 1,6669 67,00.html
The guts of it are the connections of NDS with a sat-piracy website called The House of Ill Compute (THoIC), which fell apart in spectacular fashion in the middle of last year when some of the site's members confronted the spy in their midst in a pub with evidence he was recording everything and passing it to NDS, and getting paid for it. Some UK
Here:
http://media.guardian.co.uk/news/story/0
and here
http://media.guardian.co.uk/news/story/0,75
From what I've read, they cut down the keyspace by (for instance) forcing the algorithm to execute wrongly and thus revealing substantial information about the keys.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
Act now and get a microsoft user kit!
comes with the following....
1. The I love bill gates kit with microsoft pens
2. 1 free T shirt that proclaims to the world that you love to take it in the arse by Billy.
3. voucher to buy several shoes without laces to eliminate that difficult tying of the shoes.
4. a commemarative Steve Ballmer doll that screams " Giv it up for me!"
5. set of books, computers for dummies.
All this can be your for $89.95 and the special activation code. you must pay again every year and if you change your shoes or shirt call to get a different activation code.
In order to make it easier for windows users.. you only have to pound the keypad on your phone to order as we know it's beyond a Windows users ability to type a ling sequence of numbers..
Reactionary stuff
An entire website, of course
And finally a sample of the peer review that was avoided. A small quote:
Can one person have pulled of this crack, certainly . Did they work in a vacuum? Probably not, there is a cracking community and one would be a fool not to call the community knowledge in it. The idea of a corp. breaking a system that has had collectively hundreds of millions of dollars of R&D, and many many years invested into security for $5 million dollars (probably less) and 6 months is no less scary then a lone hacker, and to a security engineer probably more so. A lone cracker solves the problem almost randomly, and any particular cracker can not be relied upon to quickly crack a system. The idea that an org could fund this, and perhaps reliably crack the protection methods has far reaching consequences, and makes information warfare a realistic posibility.
I'd do something interesting, but my server can't handle a slashdotting.
It would help if the link to the paper worked or provided a ref to the author's name / paper's name.
The question is was the smart card a 0.40 euro or a 10 euro one. There are smartcards that:
Contain selfdestruct chemicals that immediately destroy chips core when opened (and they are pretty effective).
Perform logical operations on complementary values at the same time (first order differential power analysis wont work).
Have several polished layers of transistors( so you cant see the connection layout without carefully removing layers).
Have encrypted internal bus(so you cant read single bits from the bus, becouse they depend on each other).
Are designed to resist power failures (can't make that jump to crypto routine to become nop by dropping power or clock)
Generally are designed by paranoid and smart people. Cracking such cards is not possible in a garage according to public research. However, any smartcard can be hacked with enough determination and the correct solution is to make sure that hacking of one card only compromises that one card and not the entire system. However I don't think that limiting compromise is possible in broadcasting environment.
Your post to that paper link is redundant 5 times over!!!
:
1 61 644
:
1 61 668
:
1 61 694
1 61 699
1 61 746
:
8 C: www.usenix.org/publications/library/proceedings/sm artcard99/full_papers/kommerling/kommerling_html/
Do you even read anything at level 0 on slashdot? That paper was mentioned 5 times in 5 posts already.
You posted at 6:25 but a top level post at 4:43AM mentioned this EXACT paper probably word for word with bigger graphics and html in the post
http://slashdot.org/comments.pl?sid=29435&cid=3
and again at 04:57AM I mentioned it in message
http://slashdot.org/comments.pl?sid=29435&cid=3
Then I mentioned it a third time at 5:14AM also over an hour ago
http://slashdot.org/comments.pl?sid=29435&cid=3
and a fourth time I mentioned the exact same paper in the link
http://slashdot.org/comments.pl?sid=29435&cid=3
but just in case someone like you ignored those four other references to this research paper I posted a fifth time in the link at 05:51AM:
http://slashdot.org/comments.pl?sid=29435&cid=3
Thats FIVE goddamned times I referred to that paper you cited right now
http://www.cl.cam.ac.uk/~mgk25/sc99-tamper.pdf
but I posted a google cache to prevent a slashdot.
FIVE TIMES!!!!
How many more times do I need to point out the paper! ???!?!?
here it is again a SIXTH time for you.
http://www.google.com/search?q=cache:wybhqqCka2
There... happy?
I can't argue with your conclusions, I simply don't know enough about the encryption technology.
However, if they used the equipment that was stated it would have been expensive to crack the encryption.
If they used brute force to crack the triple DES encryption they would have needed significant amounts of compute power. This too is expensive.
In either case it looks as though it would have been out of the realm of the average cracker.
Is this the best they could come with to justify their losses ? Jean-Marie Messier (J2M) is just a stupid fool with hypertrophied ego.
I wouldn't know, I don't know him, but this comment is about his person, not the issue at hand. I.e. not only off-topic, but a flame/troll also.
Nowadays they show less than half of the good movies of the year before, most of them being actually 18/24 months old (because they have to go through their lameass pay per view channels first),
But mostly because of the law that prohibits public broadcasting of movies, within one year of them beeing show in theaters.
(some say that in the 80s coke was free for everyone at their parties, now even the prices of the other kind of coke at the vending machines have gone up).
There is nothing in your comment that is on-topic, all of it is off-topic, quite a bit is trolling material. and some personal comments about someone beeing "a stupid fool". Are you running some kind of a smear-campaign ?
And they blame it on Murdoch and the Israelies !
Nobody is blaming "the Israelis" as a whole. Af course there are morally-challenged Israelis as there are of any other nationality. But it's not a comment about all Israelis.
Israel has got very good cryptographers and I think that is the reason the article mentions the alleged location of the crack.
-- Have a nice day,
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
There are a couple of factories making Smartcards. And a view years ago the frequency and/or voltage trick was discovered. The companies responded by making the Smartcards resistant against this kind of an atack.
Just because a hack once worked doesn't mean it will always work.
If seriously want to hack a Smartcard (a modern one) It really does involve the kind of hardware mentioned.
One thing that shouldn't be fortgotten though is that the equipment sometines can be rented and also many large Universities have the equipment.
I'm going to take a wild guess here that you think of yourself as falling in the group of "people with high IQs", don't you? I'll bet you also think that IQ is an adequate proxy for intelligence. And I'll bet that while you read that old potboiler Messrs Murray and Herrnstein cobbled together, you've never read "The Mismeasure of Man". As for your excitable claims about chipcracking -- put up or shut up.
NDS makes the smart cards which are by millions in the US. A device to do this costs under 200.00USD. Any idiot can get free tv.
Its not a link. Its a html citation url. It was butchered by slashcode (on slashdot) inserting a space character.
:
8 C: www.usenix.org/publications/library/proceedings/sm artcard99/full_papers/kommerling/kommerling_html/
To read it you ahve copy and paste it and manually delete the space character that slashdot usually adds to all html url citations.
this html citation will work
I will paste it again here but when you copy it into your browser hunt for the random space sharacter that the buggy slashcode will insert into it.
http://www.google.com/search?q=cache:wybhqqCka2
I triple tested the google cache http url as I pasted it here one second ago. Its valid, you just need to be aware of slashdots bugs.
for example THIS time slashdot added the space to "sm artcard99" instead of the original "smartcard99"
The bug in slashdot goes back many years before they were given millions fo dollars of stock in VA LINUX (LNUX) they just never got around to fixing it yet because the source is GPL.
There are a lot of research papers on attacking smartcards but manufacturers have counter mesures against this. Either hardware (smartcard chips have a lot of security features) or software (to prevent DPA).
If all smartcards were broken 4 years ago there wouldn't be so much people working on cracking others nowadays. But not all smartcards are created equals against hackers...
It's long been "common knowledge" (eg, possible fallacy that everyone holds to be true) that Canal+'s encryption was broken because European hackers wanted free access to the porn that's encrypted using it.
Sky's encryption however didn't shelter any porn and was therefore not worth the effort.
Amusingly enough, AFAIK, one of the major victims of this (ITV Digital in the UK) took on the encryption AFTER it had been publicly cracked.
If they did need to examine the circuitry on at the transitor level the it sure makes sense and they sure cost enough.
Cure cancer.. and stuff! www.team45.info
I think the interesting part is this just shows with enough big dollar corporate investment, even sophisticated security schemes can be cracked.
Do you have any reliable information on the actual investment required for the crack other Vivendi's statement? The nature of the security business is that the crackers don't break systems the way their designers expect - they bypass mechanisms instead of attacking them directly, they cheat, they are creative.
The numbers cited by Vivendi represent the resources required for a group of well-funded but imagination-impaired engineers to break the system. I find it hard to believe that whoever did this (whether or not it was really NDS) actually spent that much money.
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
There are many reasons why ITV Digital isn't doing so well, but it's not all their fault. Firstly, they have a financial disadvantage: not only are they a much smaller company than Sky, but they mustpay huge license fees to the government for the priveledge of existing. Sky, being based off shore, pays no such fees, as they are effectively outside regulation.
... to sky :(
Secondly, they exist upon the terrestrial network. They'd like to boost transmitter power so that people like you don't have such problems (I know what you're experiencing, we have encountered the same). But guess what - the government won't let them, because it degrades the analog signal slightly, they can only boost the signal when more people have switched. And people won't switch while they are outside the transmitter range: it's a classic chicken and egg situation.
They are tied down at every angle by regulation - for instance the government requires that they transmit regional TV. Regional TV is in my opinion a waste of time, most people I know don't give a rats ass that Mrs. Nobody got her cat stuck up her tree, or that it's the Xth anniversary of the Albert Docks. However, they must not only transmit regionally, but also subregionally. The total number of separate transmission streams comes to 33! That's 33 separate industrial MPEG decoders, and at a cool quarter million each, that is a significant investment. Sky of course just give the UK the finger.
Murdoch used the classic Microsoft trick of subsidising its way into the market as well - by starting the box wars he raised the inital investment by billions. He can afford to lose that much: dominance of the media is more important to him than actual cold, hard profit. It's similar to the MS X-BOX situation.
Mismanagement from the top doesn't help either - their enormous bids for football were way out. So you see, all these factors have meant that Sky have walked over ITV Digital, and it's NOT a good thing. Bear in mind that, despite ITV having to pay for the networks creation and development (the UK had the first digital TV infrastructure in the world remember), it's also an open platform. Sky TV is of course, utterly closed, and by pulling this sort of stuff, Murdoch is pissing all over the British people. That's why I hate him, even though eventually we got tired of repeated transmission faults and switched
*Sigh* - I'm really going off-topic with this one, but whilst their may be "thousands" of citations, doubtless there are many conflicting studies. This is not a very accurate field of science.
IQ is NOT an accurate measure of intelligence. How can it be, if we can't even define intelligence?! And how can a single number and a few tests give even a rough indication of the power of something as complex and different as a human brain?
Secondly, may I say that CORRELATION != CAUSATION! Just because the black people studied had a lower average IQ, does not mean that because a person is black they are more likely to have a lower IQ. Have you considered social background at all? Thought not. Same with the information about females. Please don't jump to conclusions; that's the realm of the closed minded.
I seems to me that anybody who claims to be intelligent must have opened their mind just a little. I've read the book, and the books which appear to contradict it, and I'm generally ambiguous on the whole subject myself. Though I do believe that The Bell Curve is obviously flawed; we simply do not know enough to measure intelligence accurately. However, it is an interested account of what we have measured, no matter how rough and ambiguous the findings are.
However, I'm getting away from the point. You seem to take this book's word as gospel. It's science - i.e. it's wrong. Science only models the Universe - it is not the Universe itself. All models break eventually, some sooner than others. Why do you insist on closing your mind to the possibility that this book may be, frankly, a load of crap?
Honestly, I think you're either a troll (in which case, you've got yourself some bait :) - or you're just an idiot who thinks he's clever.
But not of shutting up, hm?
Had you read my reply with due care, you will have picked up on the clear implication that I have read "The Bell Curve". You would also have picked up on the clear implication that I thought it was crap. And not very well argued crap, at that.
FWIW, I know that cards can be cracked and that it doesn't take huge teams to do it. I just don't believe your claims to privileged insight.
I spent a few months cracking ARM 60 CPUs and seeing if I could find the key kept in the memory by observing the power consumption. Using a fast storage scope I could simply hook onto sequences in the program (branches are easily visible) and find the operations on the key. The power measurements told me how many bits in the key were on or off when driving the ALU read bus. As the algorithm was working with bytes it was very easy to find most of the bits of information. From a 32bit (4 billion combinations) key I could get down to about 2000 possibilities. From there its easy to just try them all out. Synchronous processors were very simple to crack. Asynchronous processors didn't have easily visible features like the clock to find the key instructions. They also have temporal shifts so different runs have the instructions executing at different times dependant on the data. From an asynchronous Amulet2e I could only get two or three bits of information (down to 1 billion possibilities).
Mouse powered Chips, Open source Processors and Lego
When scanning electron microscopes are outlawed, only outlaws will have scanning electron microscopes.
Looks like it's time to confiscate all the SEMs out there.
Karma: Excellent Birds (mostly as a result of listening to Laurie Anderson)
And you carry this in your wallet? Sounds dangerous. The chemical I know of that can reliably and quickly destroy silicon is hydroflouric acid. Not stuff you want in your pocket.
Best Slashdot Co
The lawsuit alleges that Murdoch's company released the information with the intent that others would use the information to steal proprietary information (the video streams) from Murdoch's competitors. That is MUCH different than cracking a scheme for the sake of the knowledge itself or merely to see if it can be done.
The former case is analogous to the following: Employee has combination to Boss' safe where all company assets are kept. Employee and Boss have an antagonistic relationship. Employee publishes an ad in "Robbers Daily News" with the address of the business and safe combination knowing (or hoping with a high probability that his hope will come true) that Robber reading the RDN will use the combination and steal the assets. Robber actually does use and steal. Employee is part of a conspiracy to steal the company's assets and is guilty of the theft as much as Robber. Don't say that my scenario is not accurate - I assure you as a lawyer that under this hypothetical situation, Employee is a conspirator.
Also, don't say that trying to look at the subjective intent of the actors kcreates an unworkable situation because WE DO IT EVERY DAY. In courts all across this and other countries around the world, we use the intent of the actor to determine the guilt of people for crimes (or to determine levels of guilt) or liability for civil offenses. Example: Man runs Woman over with car. Did Man intend to kill woman? If yes == murder. If no == somehting else. Did Man drive recklessly such that his actions constituted a depraved indifference to human life. If yes == murder or homocide. If no == something else. Was Man driving carelessly? If yes == involuntary manslaughter or negligent homocide. If no == something else. Was Man driving according to all posted rules and carefully? If yes == accident, no intent (or substitute for intent like recklessness), therefore NOT GUILTY.
Although it is more work looking at subjective intent, it usually provides a more thorough examination of the situation and an individualized solution. Simple, bright line rules just do not work well in complex situations. Case in point: the DMCA.
Laws affecting technology will always be bad until enough techies become lawyers.
Perhaps someone could fill me in as to why the suit was filed in a California court. From what I read in the article, the alleged hacking occurred in Israel, and the damaged business are in Europe. I do not see how California law could have jurisdiction in this matter.
AUGAUUUGCGCACAUAUCUCAGCGAAUGAAAGGGAUUAA
Smartcards for the general market have to be robust enough and low power enough that they are smallish CPUs. The fast ones are 8Mhz and have some crypto functions built in. In raw CPU terms they are about the same level as a fast Z80.
In a cable TV system, the smart cards generate a seed that is feed to crypto unit. Most system gave up on the smart cards that just say "they get channles 2-20,45,Pr0n..." since they were cracked within days but you never know when a 20 year old cable system is still in use. The Foxtel system in Australia for example uses a signal down the wire that goes to the smart card which then generates a pseudo random sequence. Each of thouse numbers is like an index that tells it where the line is swaped. Their encryption is they take each scanline, break it and send the second part first. Someone in Norway(?) had written a program that would look for the split in real time and put it back together. I guess Murdoch might have something to worry about if the rumor is true and someone else is willing to pay for a crack.
Modern credit card systems do the ATM pin hiding trick in the smart card. If you have access to the networks used by a large department store, it would take about a year to crack most repeat customer's pin numbers. Since most pin numbers are only 4 digits, you only need to be able to feed the chip a few wrong tries per "swipe" and if they come in a few times a week, you could try 500 pin codes in a year. If you do that with 20 different cards a week, you will have someones full account details and their pin number in a year. Since its automated, there is no use to limit yourself to 20. This works for both Visa and that cool new clear card from that company no one will accept.
So in a smartcard based credit card system, All you accounts are belong to us.
How is the bell curve crap?
It is nothing more than a compilation and organization of thousands of scientific reasearch papers and statistics.
It offers not one new idea.
It is opinionless.
It is also science.
And the two authors are experts, well one died, but both were experts.
And now they are hero-martyrs because of vicious ignorant attacks by people like you that think Blacks have the same average IQs as Asians or Whites but refuse to look at millions of test scores (Army, SAT, etc).
Read a book, maybe one on Science and statistics.
Buy the Bell Curve and really read it, instead of pretending to read it.
Fallacy.
most people that crack SEM merely rent time on them.
Renting is affordable and way cheaper than buying one!!!
The figure is a lie and I bet they did not buy one but merely rented time on one like every other cypher punk in the world.
US NRO, NSA employees have their own that us taxpayers foot the bill for though.
Oh do me a fucking lemon. It is *much* more than a "a compilation and organization of thousands of scientific reasearch papers and statistics". It is a) a means for the authors to make money and garner publicity, b) a political polemic, c) an attempt at history (and a poor attempt at that), as well as being a compilation. It is certainly not science. It is not a scientific paper that appeared in a peer-reviewed journal. It is not a scientific monograph, and it's not opinionless. I'll agree that it offers not one new idea -- it offers just the same ideas that were in vogue when the US army ran its selection tests back in the first half of the C20 -- ideas that were wrong then and wrong now. People like me don't think that blacks have the same average IQs as other ethnic groups -- we don't care whether they do or not. We think that IQ is a very poor measure of intelligence. We think that the idea of an "accurate" ranking of people by "real" intelligence is an inherently flawed enterprise, with all-too-obvious uses as propaganda. We understand the distinction between correlation and causation, between a proxy measure and the real world, inter- and intra-group variation, the lure of the normative statement, and the historical record of race-based classification schemes.
As for the martyrs shtick...so far as I know, neither of the authors died as a result of their beliefs. However, US soldiers did suffer different risks of death depending on which unit they joined in C20 wars -- and guess how that was decided partly? IQ tests... including written tests carried out on illiterates.
Try debating IQ with someone who doesn't know the subject next time, as opposed to someone who studied it at degree level at a decent university.
Whee!!! and let me make annother claim entirely supported by thousands of learned papers:
Witches are real and evilly corrupt the souls of innocent people, (at the behest of satan). They can fly, and do vile infernal things to decent people.
I even have ample sworn testimony to prove it. I am not offering one new idea.
Yet, I hope you don't believe that we should get out the stake and start burning witches. Because, Truth is not determined by citations either to a text (cough Google Bombing) or away from it (i.e. the well cited NASA Mooned America about the "faking" of the moon landings). Generally in academic circles truth is determined in part by peer review, and by time. The authors of the bell curve did not submit it for peer review, and was utterly destroyed, in peer reviewed jounals, in short order.
Go read up on this book of yours. No source should be trusted without checking to see what others have thought of it.
I'd do something interesting, but my server can't handle a slashdotting.
It is a brave person who will identify himself/herself on slashdot as a lawyer.
Is how to decrypt cable with a tv-tuner card... That would make me happy. Thank you.
I was thinking, if these satellite companies implement their smart cards using Java Cards (which are themselves dynamically reprogramable by nature), couldn't they deal better with these issues???
When something like this happens (i.e.: the code is broken), all the satellite operator has to do is send new code to the setup box which will write it on the card, then the code in the card is used to decode the incoming broadcast.
It's like assigning the card a new set of keys in a public-private cryptographic key.
HOWEVER, I think this will never be solved until satellite operators can do two-way communications with the setup boxes themselves. Who knows, maybe in the future satellite operators will require users to connect to the Internet at least once a month to update the software of the smart cards, thus giving them enough time for the new codes to be deployed far and wide. Heck, I'd actually have new codes daily!!!
For those into techno-religious wars, I used Java Cards as an example, as opposed to other types of smart cards, because Java gives a unified API and object-based execution environment for ALL cards regardless of their origin, which is exactly what's needed to help this situation out.
Using Focused Ion Beam technology, it is a simple matter to carve away pieces of the container and leave behind the parts that operate the switches. When that is done, the switches can be disconnected. A FIB mill is able to mill cuts smaller than a micron. I know as I use one at work in R&D in a chip plant. We take apart chips all the time to get critical dimension measurements and diagnose failures under several layers of the chip. One new chip had a design flaw where a VIA was where it was not supposed to be. This shorted the chip so it couldn't be probbed to check the health of the rest of the chip. The engineering data was saved by using a FIB to etch a circle around the VIA disconnecting that one connection. This saved much R&D time as we didn't need to get a new reticle fixing only one problem. The next reticle had the shorted VIA fix as well as many other changes based on the probed data of the chip. Disconnecting the tamper switch circuit that would erease a chip would be a trivial task.
The truth shall set you free!
François Carayol, chairman and chief executive of Canal Plus Technologies, said: "When it emerged that the most secure part of our smart card system had been invaded we immediately launched an investigation into why and how it happened.
Well, duh! Isn't it common secutity practice that users are untrusted? Is it really wise to put "the most secure part" in the hands of the users, who would like nothing more than to get your service for free? This is like handing a burglar a padlock and telling him "this padlock is unbreakable", and then complaining when you see him taking a sledgehammer to it. This is a basic tenet of strong security that is commonly ignored.
"A terrorist is someone who has a bomb but doesn't have an air force." -William Blum
Since you mention that guy's paper. Go to
http://www.adsr.de and click on "About us".
On that page there will be another guy,
whose email address ends with ndsuk.com.
Incidentally, you've written about a man who
started out as a smartcard hacker and who then
went to work for NDS UK.
The bottom line: If you are any good in the
smartcard business, you either work for NDS or
they know your behind better than your mother.
This is true at least for all systems in use in
the developed countries.
Don't be bitter, A. Coward. If you had used a real account to post your wonderful link, people would have seen it and moderated accordingly.
The Internet did not 'cause' the consumer to start buying hack hardware for the pay services, it just accelerates the process and makes it easier for consumers to find the piracy hardware and purchase it without having to deal with their local mafia franchisee.
I do not deploy Linux. Ever.
is the difference between murder and manslaughter. the thing is, in both cases someone is dead!
Moderation isn't supposed to work for ACs. (always posting at 0, while real people post at 1 or even 2) Harsh, ain't it? If it's so important, get a user name. If you can't be bothered, don't whine.
You could play roulette all day and never miss with that kind of luck!
Lasers Controlled Games!
Dear News Corp. I am an eccentric billionaire. I am going to find and give away magic codes for your pay channels so everyone can watch them free! How do you like it?
Vivendi are suing for illegal unfair competition, I believe. The complaint is Murdoch has helped to make pirate cards for Vivendi's channels dead easy to get. I dare say pirate Sky TV cards would be two a penny if someone spent five million quid on cracking them and leaking the results.
Here in the UK, I don't like Vivendi's ITV Digital but now I dislike Sky even more.
worth is avoiding the putz who posts his new manuscript for a new exciting movie!!!
Or get the whole pdf (652kB) from usenix -- it's easier to add that to my library than the html. Thanks for a great link!
HIV Crosses Species Barrier... into Muppets
Excellent points. But there's another, perhaps even more important distinction between deCSS and the smartcard cracking: the former has legitimate applications (e.g. watching videos under Linux), while the latter doesn't.
To use your safe combination example, it's the difference between publishing only the company address (could be used by robbers, but also by customers with a legitimate need to write to or visit the company) and publishing the safe combination as well (useful only to robbers).
all bank cards have them, as do all universities (as a stand alone card for purchasing stuff in the Uni). A friend of mine (doing MESO...dutch acronym for chip design) helped devellop the card for the uni. A couple of years later another friend of mine (alos doing MESO) used the same tools used to design/create the chip to reverse engineer it.
He found out that because of the way data was handled it was impossible to anonymously raise the amount of money stored on it. He could, but it could always be traced to his card.
So while the $5m might be correct, that's only the case if one doesn't have access to the tools for the job.
What people fail to look at is the income being generated by these companies. Most people "hacking" DirecTV are still subscribing to it! The cheapest package they'll sell someone is $21.99 per month (going up to $24.99 per month next month!) - and hackers need to pay for this so their unique encrypted key won't get "blacklisted", effectively locking them out of using an "emulator" to get all the channels.
As I keep saying about these intellectual property issues; you as an individual or business always have the right to *attempt* to protect your IP from piracy/duplication. If, however, you fail to do so - I think that should be considered your loss, and not something worthy of tying up the legal system.
yeah I have acess to a STEM and all it takes is a conversation with the right people at a university; I bet for $250K you could set up your own.
Given that GSM auth and the next generation of credit cards are all smart based, I would expect one or two 'illicit' SEMs and STEMs to become available. And to reverse engineer an algorithm, you only need to crack the chip once
Sounds like someone is ignorant as to how microchips are made.
The only way to have physical layers of transistors is to either stack chip die or use thin film transistors. Neither of which would be used for smart card chips. Stacking is out of the question as smart card die are already thinned by backside wafer grinding. Thin film transistors are poor performers (compared to normal bulk silicon transistors) and they add unecessary costs to production.
There can be 50 layers chip if you count all of the different steps required to make a chip, but there is no way there are 50 layers of transistors.
I thought that it was quite legal and acceptable to reverse engineer a product and publish the specifications, provided you do not infringe on any other laws e.g. copyright to do so.
I gots ta ding a ding dang my dang a long ling long
Then I figured that after they have that much information, they could just read the new code as you send it, thus it would be instantly hacked. Not even that hard on most systems because they have to continually send the new code over and over until all the cards had gotten it (some may be off or disconnected at the time). So, given the old keys and code, there is no secure way to get the new keys and code to the card.
Karma Clown
The US DOD rent theirs too.
McDonald Douglas Semiconductors used to be in St Louis and they never made a production chip but the rumors were they unmade chips.
Thanks for the funniest quote I have seen in weeks!
You made my day!
Ha. Thanks again.
"McDonald Douglas Semiconductors used to be in St Louis and they never made a production chip but the rumors were they UNMADE chips. "
heheh
Yup, the DMCA was designed to prevcent EXACTLY this kind of abuse. But I don't see the Fox network being pullled off the air do I?
Instead its being used against YOU so you can't make a backup.
Bwahahaha. If you have enough money, you can go offshore, reverse engineer all you want, destroy the competition and laugh at the law.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
So how is key distribution handled?
Much like brain cells.
Nintendo lost a case like that a few years ago when it claimed that video game manufacturers had to license its hardware interface design for game cartridges. The court held that competing game manufacturers could reverse engineer the hardware for the purpose of being able to enter the marketplace for Nintendo game cartridges. That is the weakness with trade secrets - once someone discovers the secret (legitimately, of course) your protection is gone.
Laws affecting technology will always be bad until enough techies become lawyers.