Posts Tagged ‘hardware’

A puzzle solved. [en]

mercredi, juillet 4th, 2012
Vasco Digipass 810

Vasco Digipass 810

Do you remember when i opened my bank calculator ? Beside replacing dead batteries, i wanted to see what made it tick and eventually replace it by an ordinary smartcard reader and some code running on a computer.

Turns out that other people had the same idea, but they beat me by having put more time and energy into that project and ended up producing something usable.

It’s just a Python script to talk to the card. The usage is very straightforward, here are some examples:

To authenticate with the M1 key and the 23543696 challenge, type the following command:

$ ./EMV-CAP -m 1 23543696
***************************************************************************
Using this software for real financial operations can lead to some risks.
Indeed advantage of using a standalone reader is is to isolate your banking
card from big bad malwares.
Using it in a non-secured reader is taking risk that a keylogger intercepts
your PIN, a malware accesses to your card informations, or even intercepts
your transaction to modify it or operates its own transactions.
***************************************************************************
Are you sure you want to continue?
If so, type 'YES', or anything else to quit:YES
Enter PIN (enter to abort) :
Response: 45108749
$

To sign a transaction the same way than the M2 key with the challenges 09356196 and 345, use the following command:

$ ./EMV-CAP -m 2 09356196 345
***************************************************************************
Using this software for real financial operations can lead to some risks.
Indeed advantage of using a standalone reader is is to isolate your banking
card from big bad malwares.
Using it in a non-secured reader is taking risk that a keylogger intercepts
your PIN, a malware accesses to your card informations, or even intercepts
your transaction to modify it or operates its own transactions.
***************************************************************************
Are you sure you want to continue?
If so, type 'YES', or anything else to quit:YES
Enter PIN (enter to abort) :
Response: 45201783
$

Thank you Jean-Pierre Szicora and Philippe Teuwen, nice work !! 🙂

An update to the wall wart hunting [en]

mercredi, avril 4th, 2012

There was some evolution since that article.

Velleman PSIN30012 with some desk clutter

The Power supply: a Velleman PSIN30012

power supply with brackets

I can has brackets ?

I finally decided to make the brackets and installed the power supply in my apartment.

The power supply can output 25A under 12V, should be enough for my applications at the moment.

I pulled some 6 mm² wires through my apartment, inside the same conduits as the network cables. There is one supply going to the datenklo (the toilet host my network, like at the Chaos Communication Camp) and two independent supplies are going to my desk. They only meet at the terminal blocks.

The power supply has been installed in the cupboard near the fuse box and is protected by a 6A breaker at the primary, sharing the circuit with the doorbell.

power supply in place

Installed and wired

6 mm² wires on the power supply

6 mm² wires on the power supply

temporary cable with XLR 4 pin female connector for the wireless router

Temporary cable with XLR 4 pin female connector

The connectors i use for the 12V power sockets are Neutrik XLR 4 pins, they are much more resilient and safer than cigarette lighter plugs (will be part of a rant in a separate article)

Problems

None so far, the power supply is running smooth and cool, but the fan is noisy like hell !!

My wireless router is running from that power supply and seems very happy about it.

The future

  • I will have to move the power supply to the datenklo: i have a noisy 24/7 ventilation in there. 🙂
  • Still need a way to integrate the XLR sockets with my light switches in such a way that it look like it’s coming straight from the manufacturer. Will be part of a separate article. 🙂
  • Rebuild my media-PC to work straight from a 12V DC source.
  • Connect LED strips to it: my bar and my kitchen will receive a bunch of LED strips.
  • Figure out how to work with pictures in WordPress, this article is a mess !!

Wall wart hunting [en]

mardi, janvier 17th, 2012

I found in my apartment about 10 wall warts and two linear power supplies that give the same (or similar) voltage for my equipment.

Spools of red and black wire with a power supply

Let the hunt begin

I would like to get rid of those power bricks and have a more consistent and centralized setup. I hope to make some savings in the process by using a more efficient oversized switch mode power supply. Another advantage is that if i want an UPS on that line, i just need to connect a SLA battery.

My apartment will be wired with 6 mm² wires carrying 12VDC: one branch go to the networking area, the other two go to my desk.

Let’s lay down some wires !!

1 minute hackjob: bicycle light battery [en]

dimanche, octobre 30th, 2011

I needed a battery to power the front light of my bicycle last night, here is my solution. You will need:

  • A 4,5V flashlight battery
  • A zip tie
  • An adhesive pad for the zip tie
  • A nose pliers

  • Bend the battery terminals in two, crimp the hinge area.
  • Slightly lift the free side to facilitate the insertion of a wire
  • Attach the adhesive pad to the battery, slide the zip tie in the pad and attach the whole contraption to the bicycle
  • Insert the wires in the clamps you made earlier: let there be light. 🙂
If you can’t find the adhesive zip tie pad, you can still use the good old fashioned duct tape. 🙂

Opening the Vasco Digipass 810 [en]

jeudi, février 24th, 2011
Vasco Digipass 810

Vasco Digipass 810

Many belgian and european banks are providing their customers with a device that look like a small calculator. This device, coupled with your bank card,  is used to secure and authenticate the transactions when using internet banking.

Since that device is fairly standard, there is nothing stopping you from using the reader from bank A with your card from bank Z and vice versa, because the crypto processing is happening on the chip of your card.

Knowing that the heavy crypto work is delegated to the bank card, it is safe to assume that the device is quite dumb: a keypad to feed data to the card, a screen to display the results and a micro-controller to do some simple housekeeping tasks, like update the screen, poll the keypad, clock the card and send/receive data.

I have no proof of what’s described above, but since mine had dead batteries after five years of use, it has become a prime candidate for exploration, so let’s open the case !! 🙂

Ugh !!

Digipass cracked open

Opened !!

It was a tough nut to crack !!

There are no screws and no clips holding it closed: the two halves of the case are welded together !! This is another prime example of planned obsolescence and wasteful engineering. There is no way to open it cleanly, you need to break it apart as careful as possible to get access to the main PCB and the batteries. Your ability to close the box afterward will fully depend on how you open it in the first place.

The batteries are nothing exotic: just two CR-2032 button cells. They are wired in series on the PCB, because many smartcards require a 5V power supply to work properly.

Circuit board detail

All test pads are clearly labelled !

When you observe the PCB, there are a lot of interesting test points, all properly labeled. A hacker’s dream. 🙂

Fried !!

Unfortunately, while groping at it with a multimeter set to continuity tester, i fried the microcontroller. Apparently, that kind of invasive measurement was enough to kill it.

I wanted to check the continuity between the SDATA test pad and the DATA line on the card connector, the SCLK and the CLOCK line of the card connector. There was no continuity between those points and the J2 pad is still a mystery of what the purpose could be. An optional eeprom maybe ?

I received a new reader to continue with my day to day banking operations, but i still want to see the data flowing between the card and the reader. My mistake is just a setback: i will change strategy and try to (ab)use the reader as-is, without opening the case. 🙂

More to come later. In the meantime, here are the Manufacturer’s information

 

Soekris Net4801 review [fr]

dimanche, novembre 8th, 2009

I have been using the Soekris Net4801 for a few years and here are my impressions

Soekris_net4801_boardThe good

  • This computer is small, power efficient, reliable and hacker-friendly.
  • It just has the needed hardware to make a decent router out-of-the-box and a little bit more.
  • It comes with a serial console to make configuration easy.
  • The BIOS can be set up, upgraded and flashed from the serial port.
  • It has GPIOs if you want to add custom hardware.
  • Bootable compact flash slot: enable you to build a router with no moving parts.
  • If the compact flash do not meet your needs, there is an optional bracket and cable to plug an IDE laptop harddisk.
  • One PCI slot and one mini-PCI slot for extensions like a WiFi card

The bad

  • This machine is underpowered: if you ask a little bit more than routing to the machine (file serving, playing MP3’s, imap server,…), performances are going straight to the toilet and you end up waiting… waiting… waiting…
  • Lack of USB ports: There is only one USB 1.0 port on the machine, limiting its potential.
  • The CF card slot is on the same IDE bus than the harddisk: if you want to use both, make sure the harddisk is configured as a slave device. You might want to test several compact flash cards for compatibility: many CF cards have a buggy IDE/ATA interface that will cause you headaches.

This machine should not be used as a file server due to the poor disk I/O performances, even with DMA on. I would like to see a similar setup with an Intel Atom CPU, a decent chipset and 4 USB 2.0 ports, then we would have a killer home server appliance.

Where to buy (europe)

I bought my board via Wim Vandeputte. This guy is reliable and is present at every event related to the free software movement.