Downloads
In this section you can find the following software and documents:
- ePassport emulator
- eCL0WN
- crapto1gui
- Presentation slides Black Hat Briefings Europe 2009
- Security and Reliability of Automated Waste Registration in The Netherlands
- Security analysis of Dutch smart metering systems
ePassport emulator
The epassport_emulator is an ePassport / eID emulator for
JavaCard. It
implements functionality as described in ICAO Doc 9303. Additionally
it
implements functionality to write files and key data to the
emulator.
| Name: | epassport_emulator |
| Version: | 1.02 (build 20090120) |
| Details: | http://seclists.org/fulldisclosure/2009/Jan/0788.html |
| Tested on: |
72k JCOP v4.1 Nokia NFC "secure element" |
| Supported by: |
RFIDIOt by Adam Laurie RFIDIOT-vonjeek by The Hacker's Choice ecl0wn by dexlab (see below) |
| Download: | 7 kbyte ZIP |
[ back ]
eCL0WN
eCL0WN is a J2ME ePassport utility for Nokia NFC phones that
allows you to
read and clone your ePassport's chip content. Just follow six easy
steps:
- Upload eCL0WN to your phone and start it
- Set the passport key
- Read an ePassport
- View details on your phone (sorry Dutch and German folks, JPEG-2000 not supported)
- Write data to an emulator
- Verify written data with e.g. Golden Reader Tool
| Name: | eCL0WN |
| Version: | 1.01 (build 20090120) |
| Details: | http://seclists.org/fulldisclosure/2009/Jan/0789.html |
| Tested on: |
Nokia
6131 NFC Nokia 6212 NFC |
| Supported by: | epassport_emulator 1.02 (see above) |
| Download: | 34 kbyte ZIP |
[ back ]
crapto1gui
Crapto1gui is a Windows implementation of the crapto1 tool. It allows you to crack crypto-1 Mifare Classic keys. If you're using the ProxMark3 RFID sniffer on the Windows platform this utility might save you some time, avoiding copying data from one system to another. The ZIP contains a standalone binary and source code (CodeGear C++ Builder 2009).
| Name: | crapto1gui (binary + source) |
| Version: | 1.01 (build 20090611) |
| Details: | http://code.google.com/p/crapto1/ |
| Tested on: |
Windows x86 Windows x64 |
| Supported tag: | Mifare Classic |
| Download: | 353 kbyte ZIP |
[ back ]
ePassports reloaded goes mobile
This presentation will examine the different mechanisms used in ePassports to prevent cloning and creation of electronic travel documents with non-original content and ways to attack these mechanisms. Additionally we dive into the process of integrating emulator chips in existing travel documents. Also a new ePassport attack suite will be presented, allowing you to backup your passport chip with a mobile phone.
| Title: | ePassports reloaded goes mobile |
| Author: | Jeroen van Beek (dexlab) |
| Download: | 4.98 Mbyte PDF |
[ back ]
Security and Reliability of Automated Waste Registration in The Netherlands
Electronic registration of domestic waste is in wide use, often to raise taxes based on the amount of waste households produce, but not much prior research into the technical aspects of this area has been done. Two basic methods are found: personal household containers and shared underground containers. This report tries to de ne requirements for such systems and compares several systems in actual use to these requirements.
Every municipality surveyed employed a different combination of systems, each having their own strengths and weaknesses. All use radio frequency identification (RFID) but many can easily be copied. Encryption is hardly used. No critical security risks were found, but a number of issues still need addressing.
Jeroen van Beek (and others) supervised this project.
| Title: | Security and Reliability of Automated Waste Registration in The Netherlands |
| Authors: |
Dick Visser Thijs Kinkhorst |
| Download: | 553 kbyte PDF |
[ back ]
Security analysis of Dutch smart metering systems
Smart meters enable utility companies to automatically
readout metering data and to give consumers insight in their energy
usage, which should lead to a reduction of energy usage. To regulate
smart meter functionality the Dutch government commissioned the NEN
to create a Dutch standard for smart meters which resulted in the
NTA-8130 specification. Currently
the Dutch grid operators are experimenting with smart meters in
various pilot projects. In this project we have analyzed the current
smart meter implementations and the NTA using an abstract model
based on the the CIA-triad (Confidentiality, Integrity and
Availability). It is important that no information can be attained
by unauthorized parties, that smart meters
cannot be tampered with and that suppliers get correct metering
data.
We conclude that the NTA is not specific enough about the security requirements of smart meters, which leaves this open for interpretation by manufacturers and grid operators. Suppliers do not take the privacy aspect of the consumer data seriously. Customers can only get their usage information through poorly secured websites. The communication channel for local meter configuration is not secured sufficiently: consumers might even be able to reconfigure their own meters. Also, the communication channels that are used between the smart meter and gas or water meter are often not sufficiently protected against data manipulation. It is important that communication at all stages, starting from the configuration of the meter to the back-end systems and websites, is encrypted using proven technologies and protected by proper authentication mechanisms.
Jeroen van Beek (and others) supervised this project.
| Title: | Security analysis of Dutch smart metering systems |
| Authors: |
Sander Keemink Bart Roos |
| Download: | 2.28 Mbyte PDF |
[ back ]