Slashdot Mirror
Cracking the Smartcards
hanuman writes: "So you know you're a true hacker when: 'Breaking the encryption alone would cost up to $5m. The process demanded the use of ultra-expensive electron-scanning microscopes, with the team probing wafer-thin chips no bigger than a thumbnail. Each chip contained up to 50 layers, with each layer in turn carrying up to 1,000 transistors, every one of which had to be pulled apart and analysed.'." This is a follow-up to the Vivendi vs. News Corp. story with more details about what is alleged to have occurred. Update: 03/14 12:28 GMT by M : And yet another story, which alleges that the head of security at NDS funded the website that distributed the hack for their rival's smart cards.
What is a smart card?
A credit card-sized device that protects digital television signals from
unauthorised viewing.When plugged into a set-top box, it determines which
programmes subscribers have paid to see.
The cards contain tiny but sophisticated computers that decrypt television
signals as they pass through the air and turn them into television pictures.
Without a smart card, ITV Digital viewers can only watch free-to-air channels
like the BBC, ITV and Channels 4 and 5.
Users of pirate cards have been gaining access to pay TV channels like sports
and movies without paying.
Where did the pirated cards come from?
Hackers posted on the internet details of the codes needed to create illegal
smart cards that gave free access to pay TV services. Criminals used the
information to make fake cards and then sold them through pubs, clubs and market
stalls for £5-£20. About 100,000 pirated ITV Digital cards are thought to be in
circulation.
What is Vivendi Universal?
A former French water group that is now one of the biggest entertainment
companies in the world. The chief executive, Jean-Marie Messier (right), has
become one of the world's most powerful media moguls after buying a range of
businesses including the Universal film studios and music labels, Canal Plus
television in France, the Cegetel mobile phone company, directory businesses and
internet firms.
What is Canal Plus?
The European film and television distribution arm of Vivendi Universal. The
division that makes the smart cards is called Canal Plus Technologies. It
supplies cards and software to 12.5m set-top boxes worldwide.
What is NDS Group?
Based in Staines, Middlesex, NDS specialises in building the smart cards and
interactive software for pay TV systems that allows paid-for television
programmes to be securely beamed to customers' homes.
Rupert Murdoch's News Corporation is an 80% shareholder. NDS technology is used
in almost 28m pay TV set-top boxes worldwide and supports 40% of all satellite
receivers. Most of the group's research is carried out in Israel.
Basically this is a nice heavyweight fight.
I really hate Dan Patrick.
I know guyz that have done this (SEM in light fast vaccuums)... and won.
:
8 C: www.usenix.org/publications/library/proceedings/sm artcard99/full_papers/kommerling/kommerling_html/
:
e ed ings/smartcard99/full_papers/kommerling/kommerling _html/
Read this VERY fascinating ggogle cache of the state of the art many years ago...
http://www.google.com/search?q=cache:wybhqqCka2
Its pretty darn good.
Now the world has progressed to kracking using varrying external clocks, SEM as routine, probe points, etc.
Everything is crackable.
The best researchers (with published findings) arent in isreal btw, they are in Britain.
please read that cached google paper, its really worth it.
if the cache is dead try
http://www.usenix.org/publications/library/proc
Whenever anything remotely like hacking occurs, the hacked company dramatically overstates all financial figures as well as the level of expertise required to perform the hack -- makes it seem more malicious. Damages always have at least 6 zeros (preferably 9) and you need to have a team of 15 people working 24/7 for months/years. When the truth is much closer to one person hacking away in a garage for a few weekends and finding a fundamental flaw. And damages? Well, with intellectual property it can often be argued that damages are negative, with the exposure being provided by a new technical option actually increasing the total number of people interested in spending money on a product.
I'm sorry to have to say that the article you
referred to contains a gross inaccuracy: the
exstimate of the cost of `cracking a smart card'
is way overinflated. Smart card technology is,
by its own very nature, not safe: any smart
card is vulnerable to power/timing attacks
and, even if expensive equipement helps, you
don't need that much in order to recover the
keys. As a matter of fact, given that amount of
money the simplest way to force the system is
an exaustive search on the 3des keyspace (yes,
3des is the algorithm). I would advise people to
read a bit more about Differential Power Analysis
before going to court... I would suggest anybody
interested
to try to find the proceedings of any
{Euro|Asia}crypt or of CHES (Cryptographic
Hardware and Embedded systems).
Regards,
lg
> .. smartcards can be hacked with a lot less money involved
> Try searching for it
http://citeseer.nj.nec.com/anderson97low.html is a good start. "Low Cost Attacks on Tamper Resistant Devices" (1997), Ross Anderson, Markus Kuhn.
rant
You can build a hardware device called Season2 interface, which allows you to plug it into the decoder, and then plug the smartcard into the Season2. This device has a serial port conector, so you can connect it to the computer, and then "sniff" all the traffic between the card and the decoder.
Here in Europe, Canal Satelite uses the SECA encryption, which is absolutely cracked. Applying some bugs of the existing smartcards you can create a "masker key", which is a kind of "root" account in the card. When you have created this master key on the card, you are ready to add providers, channels, buy pay per view events and a lots of interesting things.
Also there are lots of emulation software you can program into some pics (16f84, 16f876) and build a smartcard (piccard, piccard2), so you are able to watch all channels for free with these cards.
DVD Ripping, Divx, VCD, SVCD under Linux
is this the best they could come with to justify
their losses ? Jean-Marie Messier (J2M) is just
a stupid fool with hypertrophied ego.
The Universal music division made also a laugh
of themselves by taking 5 years to release
their music encryption scheme, which was cracked
in 2 weeks, and had been overtaken by mp3s three
years before. They did not understand that they
could make money with mp3s (by merchandise,
concerts, and stuff) and keep spending billions
developing stupid encryptions, crashing web sites
and harrassing highschool students trading mp3
CDs.
Canal+ France was once a great channel, with all
major blockbusters maybe 10 months old,
great prOn, soccer, and excellent humor and hosts.
Nowadays they show less than half of the
good movies of the year before, most of them
being actually 18/24 months old (because they
have to go through their lameass pay per view channels first), run old TV movies, have
lost many of their young talents, audience
has plumetted to 1 % marketshare, prices
went up (some say that in the 80s coke was free
for everyone at their parties, now even
the prices of the other kind of coke at the
vending machines have gone up).
And they blame it on Murdoch and the Israelies !
Google passes Turing test : see my journal
You know when you're a true cracker: when you have a spare $5M to throw at stuff when good old social engineering doesn't work anymore. 8-)
Yesterday was the time to do it right. Are we having a REVOLUTION yet?
I think the interesting part is this just shows with enough big dollar corporate investment, even sophisticated security schemes can be cracked.
If cracking security helps your competition out of business, well, that could be worth several billion dollars. Investing $100 million would be money well spent.
In my community, the hacker community, a goal is to IMPROVE security by revealing it's flaws. But these guys broke security to make billions off of someone else's huge investment. That's very different.
Of course, like Enron, corporate executives should pay the price for much of the resulting destruction. It'd say that a good "20 years to life" sentence would be appropriate for all of those in this management chain. And if the worker-bees knew what they were up to, same thing: jail.
I'm so sick of this.
I mean, I can understand why they do it but I'm still sick of it. All the way to the bone.
There was a time when companies could ask for money and then have something delivered to it's customers. Soon, this practise became standard all over the world and lots of people payed for things like TV and Radio. All non-physical in it's form, but yet valued highly enough for the consumers to spend their cash on it.
Then, came Computers and later the Internet. Suddenly, everything that could be put into a digital form and transported over the Internet was free for the taking. Consumers didnt have to pay for content anymore, all the non-physical things they previously payed for didnt cost a dime anymore. Of course, all companies scrambled to try to get old laws and rules to apply to the new world but it was pointless. Everything in a digital form was free, and there was nothing to be done about that.
Long story short;
if it's in a digital form (tv,radio,mp3,movies) it's free, and if it's physical (food,cinema,concerts,cars) it costs. that's how the future's going to be, you cant expect people to pay and then not get to keep it or lay their hands on it anymore - 'cos it's free. we are greedy by nature, and here I see yet another company kicking wildly on it's way down when it's marketing idea of selling nothing to people is starting to rumble, because it got too greedy. better place all that money on trying to embrace the new digital world than locking it out.
babylon is burning.
Anataka suki desu. Itsumo. Itsumademo.
http://slashdot.org/comments.pl?sid=29435&cid=3
has reference to a much better paper from 2 years later and was posted 40 minutes ago and if you browsed at level-0 you would have spotted it.
The fact that its still at 0 is because moderation does not work very well which is why your post is at 2 karma and you let mine languish at 0.
The Guardian is a UK newspaper not owned by News Corp. and with no great love of them..
So keep this in mind when reading this that there will be a 'Lets take the piss out of NewsCorp' slant to this, since Newspapers gently dissing each other is par for the course (certainly in the UK, and I don't see it being different elsewhere).
Having said that, I actually Read the Guardian site almost every day, It's my favorite UK newspaper (because it has a gentle socialist bias), but I take everything I read, everywhere, with a pinch of salt. I always try to remember the source since it always alters the presentation of 'facts' and often which 'facts' get presented in the first place..
"Oops, I always forget the purpose of competition is to divide people into winners and losers." - Hobbes
Canal+ has a very long history of crackers kicking the living daylights out of their encryption/scrambling schemes.
When the channel was launched in the early '80s, it took less than two months for the electronic schematics of a "pirate" descrambler to be posted in a popular electronics magazine... who quickly pulled the issue from the shelves when sued by Canal+. It's been downhill ever since.
A lot of web sites in Belgium, Switzerland and the UK (hint: border countries) actually advertise pirate descramblers or electronics schematics.
I seriously doubt the company attacked by Canal+ had to spend millions and millions of $$$ to crack the scrambling -- the figure (as well as Canal+ losses) were probably grossly over-inflated by greedy lawyers and C+ legal department.
One final note: Canal+ has a nasty reputation in France and in the rest of Europe for cracking down hard on pirates & crackers. Jean-Marie Messier (CEO of Vivendi/Universal/Canal +), who is a complete megalomaniac, is probably to prove he has got a bigger... Uh... large... Ahem... hairy cojones than News Corps's CEO.
Just my 0.02 Euros.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
If you can't guess it, brute force it. If you can't brute force it, hand the best team you have a blank check and say, "Enjoy."
One of the interesting things I saw recently at the NSA career website was a mention that many of their engineers get their own, individual, custom hardware. If they have the budget and facilities for that, you better believe that they have what NDS has and more.
You can never go home again... but I guess you can shop there.
You CANT do this to an iButton. as soon as you crack open the shell to expose the silicon a super rapid zeroization process starts inside.
They cant put this no-tamper technology on a smartcard, there is barely room and durability for what is there now.
Do not look at laser with remaining good eye.
A relevant paper (by Markus Kuhn, same guy who did the research about evesdropping on CRTs using the ambient light generated) here.
- The cracked cards will ruin Canal+'s business (or have already done so).
- Murdochs media empire certainly gains a very strong strategic advantage by a ruined competition.
- Thus, Murdochs media empire does have a strong incentive.
Even if it didn't take place as they claim, this would certainly be a working strategy: crack your competitions technology, release it anonymously on the net in an easy-to-use form and let the script-kiddies do the rest. I guess we'll be seeing more of that tech/cyberwar in the future.Idempotent operation: Like MS software, wether you run it once or often, that doesn't make it any better.
The Guardian's got two more pieces on this today, with more details about the collusion between NDS and "crackers", including the very seedy past of the NDS security chief Ray Adams. /.ers may recall it.
, 7541,6670 40,00.html
4 1,6669 67,00.html
The guts of it are the connections of NDS with a sat-piracy website called The House of Ill Compute (THoIC), which fell apart in spectacular fashion in the middle of last year when some of the site's members confronted the spy in their midst in a pub with evidence he was recording everything and passing it to NDS, and getting paid for it. Some UK
Here:
http://media.guardian.co.uk/news/story/0
and here
http://media.guardian.co.uk/news/story/0,75
From what I've read, they cut down the keyspace by (for instance) forcing the algorithm to execute wrongly and thus revealing substantial information about the keys.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
The question is was the smart card a 0.40 euro or a 10 euro one. There are smartcards that:
Contain selfdestruct chemicals that immediately destroy chips core when opened (and they are pretty effective).
Perform logical operations on complementary values at the same time (first order differential power analysis wont work).
Have several polished layers of transistors( so you cant see the connection layout without carefully removing layers).
Have encrypted internal bus(so you cant read single bits from the bus, becouse they depend on each other).
Are designed to resist power failures (can't make that jump to crypto routine to become nop by dropping power or clock)
Generally are designed by paranoid and smart people. Cracking such cards is not possible in a garage according to public research. However, any smartcard can be hacked with enough determination and the correct solution is to make sure that hacking of one card only compromises that one card and not the entire system. However I don't think that limiting compromise is possible in broadcasting environment.
It's long been "common knowledge" (eg, possible fallacy that everyone holds to be true) that Canal+'s encryption was broken because European hackers wanted free access to the porn that's encrypted using it.
Sky's encryption however didn't shelter any porn and was therefore not worth the effort.
Amusingly enough, AFAIK, one of the major victims of this (ITV Digital in the UK) took on the encryption AFTER it had been publicly cracked.
I think the interesting part is this just shows with enough big dollar corporate investment, even sophisticated security schemes can be cracked.
Do you have any reliable information on the actual investment required for the crack other Vivendi's statement? The nature of the security business is that the crackers don't break systems the way their designers expect - they bypass mechanisms instead of attacking them directly, they cheat, they are creative.
The numbers cited by Vivendi represent the resources required for a group of well-funded but imagination-impaired engineers to break the system. I find it hard to believe that whoever did this (whether or not it was really NDS) actually spent that much money.
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
I spent a few months cracking ARM 60 CPUs and seeing if I could find the key kept in the memory by observing the power consumption. Using a fast storage scope I could simply hook onto sequences in the program (branches are easily visible) and find the operations on the key. The power measurements told me how many bits in the key were on or off when driving the ALU read bus. As the algorithm was working with bytes it was very easy to find most of the bits of information. From a 32bit (4 billion combinations) key I could get down to about 2000 possibilities. From there its easy to just try them all out. Synchronous processors were very simple to crack. Asynchronous processors didn't have easily visible features like the clock to find the key instructions. They also have temporal shifts so different runs have the instructions executing at different times dependant on the data. From an asynchronous Amulet2e I could only get two or three bits of information (down to 1 billion possibilities).
Mouse powered Chips, Open source Processors and Lego
When scanning electron microscopes are outlawed, only outlaws will have scanning electron microscopes.
Looks like it's time to confiscate all the SEMs out there.
Karma: Excellent Birds (mostly as a result of listening to Laurie Anderson)
The lawsuit alleges that Murdoch's company released the information with the intent that others would use the information to steal proprietary information (the video streams) from Murdoch's competitors. That is MUCH different than cracking a scheme for the sake of the knowledge itself or merely to see if it can be done.
The former case is analogous to the following: Employee has combination to Boss' safe where all company assets are kept. Employee and Boss have an antagonistic relationship. Employee publishes an ad in "Robbers Daily News" with the address of the business and safe combination knowing (or hoping with a high probability that his hope will come true) that Robber reading the RDN will use the combination and steal the assets. Robber actually does use and steal. Employee is part of a conspiracy to steal the company's assets and is guilty of the theft as much as Robber. Don't say that my scenario is not accurate - I assure you as a lawyer that under this hypothetical situation, Employee is a conspirator.
Also, don't say that trying to look at the subjective intent of the actors kcreates an unworkable situation because WE DO IT EVERY DAY. In courts all across this and other countries around the world, we use the intent of the actor to determine the guilt of people for crimes (or to determine levels of guilt) or liability for civil offenses. Example: Man runs Woman over with car. Did Man intend to kill woman? If yes == murder. If no == somehting else. Did Man drive recklessly such that his actions constituted a depraved indifference to human life. If yes == murder or homocide. If no == something else. Was Man driving carelessly? If yes == involuntary manslaughter or negligent homocide. If no == something else. Was Man driving according to all posted rules and carefully? If yes == accident, no intent (or substitute for intent like recklessness), therefore NOT GUILTY.
Although it is more work looking at subjective intent, it usually provides a more thorough examination of the situation and an individualized solution. Simple, bright line rules just do not work well in complex situations. Case in point: the DMCA.
Laws affecting technology will always be bad until enough techies become lawyers.
Smartcards for the general market have to be robust enough and low power enough that they are smallish CPUs. The fast ones are 8Mhz and have some crypto functions built in. In raw CPU terms they are about the same level as a fast Z80.
In a cable TV system, the smart cards generate a seed that is feed to crypto unit. Most system gave up on the smart cards that just say "they get channles 2-20,45,Pr0n..." since they were cracked within days but you never know when a 20 year old cable system is still in use. The Foxtel system in Australia for example uses a signal down the wire that goes to the smart card which then generates a pseudo random sequence. Each of thouse numbers is like an index that tells it where the line is swaped. Their encryption is they take each scanline, break it and send the second part first. Someone in Norway(?) had written a program that would look for the split in real time and put it back together. I guess Murdoch might have something to worry about if the rumor is true and someone else is willing to pay for a crack.
Modern credit card systems do the ATM pin hiding trick in the smart card. If you have access to the networks used by a large department store, it would take about a year to crack most repeat customer's pin numbers. Since most pin numbers are only 4 digits, you only need to be able to feed the chip a few wrong tries per "swipe" and if they come in a few times a week, you could try 500 pin codes in a year. If you do that with 20 different cards a week, you will have someones full account details and their pin number in a year. Since its automated, there is no use to limit yourself to 20. This works for both Visa and that cool new clear card from that company no one will accept.
So in a smartcard based credit card system, All you accounts are belong to us.
Using Focused Ion Beam technology, it is a simple matter to carve away pieces of the container and leave behind the parts that operate the switches. When that is done, the switches can be disconnected. A FIB mill is able to mill cuts smaller than a micron. I know as I use one at work in R&D in a chip plant. We take apart chips all the time to get critical dimension measurements and diagnose failures under several layers of the chip. One new chip had a design flaw where a VIA was where it was not supposed to be. This shorted the chip so it couldn't be probbed to check the health of the rest of the chip. The engineering data was saved by using a FIB to etch a circle around the VIA disconnecting that one connection. This saved much R&D time as we didn't need to get a new reticle fixing only one problem. The next reticle had the shorted VIA fix as well as many other changes based on the probed data of the chip. Disconnecting the tamper switch circuit that would erease a chip would be a trivial task.
The truth shall set you free!
Or get the whole pdf (652kB) from usenix -- it's easier to add that to my library than the html. Thanks for a great link!
HIV Crosses Species Barrier... into Muppets