Archive for the ‘en’ Category

Newer Entries »

Opening the Vasco Digipass 810 [en]

jeudi, février 24th, 2011
Vasco Digipass 810

Vasco Digipass 810

Many belgian and european banks are providing their customers with a device that look like a small calculator. This device, coupled with your bank card,  is used to secure and authenticate the transactions when using internet banking.

Since that device is fairly standard, there is nothing stopping you from using the reader from bank A with your card from bank Z and vice versa, because the crypto processing is happening on the chip of your card.

Knowing that the heavy crypto work is delegated to the bank card, it is safe to assume that the device is quite dumb: a keypad to feed data to the card, a screen to display the results and a micro-controller to do some simple housekeeping tasks, like update the screen, poll the keypad, clock the card and send/receive data.

I have no proof of what’s described above, but since mine had dead batteries after five years of use, it has become a prime candidate for exploration, so let’s open the case !! 🙂

Ugh !!

Digipass cracked open

Opened !!

It was a tough nut to crack !!

There are no screws and no clips holding it closed: the two halves of the case are welded together !! This is another prime example of planned obsolescence and wasteful engineering. There is no way to open it cleanly, you need to break it apart as careful as possible to get access to the main PCB and the batteries. Your ability to close the box afterward will fully depend on how you open it in the first place.

The batteries are nothing exotic: just two CR-2032 button cells. They are wired in series on the PCB, because many smartcards require a 5V power supply to work properly.

Circuit board detail

All test pads are clearly labelled !

When you observe the PCB, there are a lot of interesting test points, all properly labeled. A hacker’s dream. 🙂

Fried !!

Unfortunately, while groping at it with a multimeter set to continuity tester, i fried the microcontroller. Apparently, that kind of invasive measurement was enough to kill it.

I wanted to check the continuity between the SDATA test pad and the DATA line on the card connector, the SCLK and the CLOCK line of the card connector. There was no continuity between those points and the J2 pad is still a mystery of what the purpose could be. An optional eeprom maybe ?

I received a new reader to continue with my day to day banking operations, but i still want to see the data flowing between the card and the reader. My mistake is just a setback: i will change strategy and try to (ab)use the reader as-is, without opening the case. 🙂

More to come later. In the meantime, here are the Manufacturer’s information

 

Tags: , , ,
Posted in en | 23 Comments »

IPv6 mining exploitation (digging tunnels) [en]

mardi, novembre 23rd, 2010

IPv6 in IPv4

This is the most common situation: you want your IPv6 connectivity on your road warrior through your VPN:

Debian/Ubuntu:

router: /etc/network/interfaces

auto tunv6
iface tunv6 inet6 v4tunnel
address 2001:cafe:babe:1::1
netmask 64
endpoint 192.168.255.10
local 192.168.255.1
ttl 64

road warrior: /etc/network/interfaces

auto tunv6
iface tunv6 inet6 v4tunnel
address 2001:cafe:babe:1::2
netmask 64
gateway 2001:cafe:babe:1::1
endpoint 192.168.255.1
local 192.168.255.10
ttl 64

Shell commands:

Machine A:

ip tunnel add v6tun mode sit remote 192.168.255.10 local 192.168.255.1 ttl 63
ip link set v6tun up mtu 1280
ip addr add 2001:cafe:babe:1::1/96 dev v6tun

Machine B:

ip tunnel add v6tun mode sit remote 192.168.255.1 local 192.168.255.10 ttl 63
ip link set v6tun up mtu 1280
ip addr add 2001:cafe:babe:1::2/96 dev v6tun

IPv4 in IPv6

The weirdest and most interesting one: suppose you have equipment that is not IPv6 compatible, yet you want to connect them through a v6-only link between the two endpoints

Machine A:

ip -6 tunnel add v4tun mode ipip6 local 2a00:ffde:4567:edde::4987 remote 2001:473:fece:cafe::5179
ip addr add 192.168.99.1/24 dev v4tun
ip link set dev v4tun up

Machine B:

ip -6 tunnel add v4tun mode ipip6 remote 2a00:ffde:4567:edde::4987 local 2001:473:fece:cafe::5179
ip addr add 192.168.99.2/24 dev v4tun
ip link set dev v4tun up

Sources:

http://linux-hacks.blogspot.com/2008/02/howto-ipv6-ipv6-tunnel-and-ip4-ipv6.html

(Work in progress: this page will be syncronized with this one)

Tags: , , , ,
Posted in en | No Comments »

Acer Aspire One review: two years later [en]

dimanche, juin 27th, 2010

Two years ago i bought my first netbook: here are my impressions

Acer Aspire One

The good

  • The laptop is very light and pleasant to carry around
  • It came with Linpus Linux pre-installed. This mean i didn’t have to pay the Microsoft tax. Since i’m running Debian on it, that install was quickly ditched.
  • There is a gap between the screen and the main chassis, allowing me to hold it open and straight with one hand. There was a note in the user manual that this is NOT the way to hold it (risk of crushed fingers) This is really a killer feature for a road warrior that should be more developped.

The bad

  • small screen, low resolution. This cause a problem with many applications where some dialog boxes « sink » under the bottom of the screen.
  • battery life: i have about two hours of usable battery life: this can be tight sometimes
  • Lack of 3G modem: That was not an issue during the first five months because i didn’t have a subscription at the time. Now i have one and i’m stuck with that huge USB modem hanging from the USB port. A small extension cord and some velcro adhesive partially solved the bulky adapter problem. I’m now trying to find 90° angled male USB A connector to keep the size under control.
  • No bluetooth. Not really an issue because there are USB adapters on the market that stick out by less than 5 mm. Less opportunities to cause damage.
  • Limited CPU ressources: The machine has a hard time to keep up with heavy applications like playing a flash video or running the compiler. You just need to be very patient on that.

The ugly

  • After eight months of use, the right touchpad button was not working anymore.
  • It failed totally ten months after purchase: when turned on, the fan and harddisk were spinning, but the screen stayed black (no backlight) and there was no activity. This was fixed under warranty. However, i had to fight to get it fixed: the first time i got it back, the problem was still there. And the reseller told me that they changed the motherboard. It then went back for repair and it was fixed one month later. In total, i have been without for two months
  • To access the harddisk, you have to COMPLETELY DISMANTLE the laptop. That was a real PITA.

Conclusion

Despite it’s flaws, this machine has become my main workhorse when i’m away from home and saved my butt a few times already. After two years of daily carrying and nearly daily use, there are no cracks in the shell. My previous laptops failed by the case, with cracks at very nasty places after about two years of moderate use and carrying. I don’t plan to retire it at the moment: i tend to keep my machines until they are horribly obsolete or simply fall apart. Let’s see in about two years then. 🙂

Tags: , , ,
Posted in en | No Comments »

A kind of antitheft software [fr]

lundi, janvier 18th, 2010

Okay, i never ever got my laptop stolen, but reading this will just make you smile.

Many laptops and netbooks comes with a built-in low to mid-resolution webcam on top of the screen, normally to be used for video chatting. If you’re running Linux and you’re slightly paranoid, you maybe would like to see that piece of hardware put to some other use. 🙂

This script is monitoring the lid/screen switch of your laptop. Once someone open the screen, the script activate the camera, take a few pictures and send them back to you to an external e-mail address. Unlike the software used in the article linked above, this one is completely invisible, independent and works even when not logged in or without X running.

Notes:

  • You must have a local SMTP server on the laptop: this server will handle the e-mail queue and retry sending to the external SMTP server if the network is unreliable. The script will consider his job done once the mail is gone to the local server. Setting up the mail servers will be part of another article someday.
  • There is a config file to set up in /etc/antitheftd.conf. There is only one variable that MUST be set: DEST_EMAIL with your destination e-mail address. You can set other variables, but the default settings are nice enough.

« It doesn’t get much better than their bringing us a picture of the guy actually using the stolen property, It certainly made our job easier. » Daniel Jackson, deputy commissioner of public safety, city of White Plains.

The code is here. Have fun !!

Tags: , , , , , ,
Posted in en | 1 Comment »

Soekris Net4801 review [fr]

dimanche, novembre 8th, 2009

I have been using the Soekris Net4801 for a few years and here are my impressions

Soekris_net4801_boardThe good

  • This computer is small, power efficient, reliable and hacker-friendly.
  • It just has the needed hardware to make a decent router out-of-the-box and a little bit more.
  • It comes with a serial console to make configuration easy.
  • The BIOS can be set up, upgraded and flashed from the serial port.
  • It has GPIOs if you want to add custom hardware.
  • Bootable compact flash slot: enable you to build a router with no moving parts.
  • If the compact flash do not meet your needs, there is an optional bracket and cable to plug an IDE laptop harddisk.
  • One PCI slot and one mini-PCI slot for extensions like a WiFi card

The bad

  • This machine is underpowered: if you ask a little bit more than routing to the machine (file serving, playing MP3’s, imap server,…), performances are going straight to the toilet and you end up waiting… waiting… waiting…
  • Lack of USB ports: There is only one USB 1.0 port on the machine, limiting its potential.
  • The CF card slot is on the same IDE bus than the harddisk: if you want to use both, make sure the harddisk is configured as a slave device. You might want to test several compact flash cards for compatibility: many CF cards have a buggy IDE/ATA interface that will cause you headaches.

This machine should not be used as a file server due to the poor disk I/O performances, even with DMA on. I would like to see a similar setup with an Intel Atom CPU, a decent chipset and 4 USB 2.0 ports, then we would have a killer home server appliance.

Where to buy (europe)

I bought my board via Wim Vandeputte. This guy is reliable and is present at every event related to the free software movement.

Tags: , , ,
Posted in en | No Comments »

Newer Entries »