The document discusses the .NET Smart Card Operating System, highlighting its applications in various areas such as identification, access control, and cashless payments. It addresses security concerns and vulnerabilities associated with smart cards, including potential attacks and the need for penetration testing. Additionally, it introduces the hivemod tool for vulnerability research and emphasizes the importance of secure card management systems.

1. Inside .NET Smart Card Operating System
44Con, September 2012
Behrang Fouladi, SensePost
behrang@sensepost.com

2. What is a smart card?
VS

3. What is a smart card?

4. Single Application Smart Cards

5. Multi-Application Smart Card
Card Parking
Access Control
Cashless Payments
Computer Access Identification

6. Did you know?
• How many of you have Orange SIM cards?
• What applications are running on your SIM
card?
• Any other apps working silently?

7. Example: SIM Tracker Applet
• Operators goal: sending the MMS/APN settings to the new handset
• Can also be used for investigation purposes

8. In The News…
– Oyster card: Crypto-1 encryption algorithm attack,
2004
– Cambridge university: EMV relay attack, 2010
– Sykipot malware Targeting US DoD smart cards,
2011-2012

9. In The News…

10. Why?

11. Why?
• 8 billion smart cards by 2014
• The “Internet of Things”
• Chip-enabled mobile payments
• Hardware backdoors
• Malware is everywhere!

12. Smart Card Firewall

13. Multi-application Smart Card Platforms
.NET card
MULTOS JavaCard

14. .NET Smart Card
• First .NET virtual machine on the chip
• Native support in Windows 7 and server 2008
• Used in:
– Smart card based corporate badges (Microsoft
employees badge)
– Remote Access Control (USA DoD and UK MOD)

15. .NET smart card overview

16. .NET smart card security model
App Domain B
App Domain C App Domain A
RSA Sig(B)
RSA Sig(C) RSA Sig(A)

17. Public Key Token

18. Code Access Security

19. Data Access Security

20. Card application development
Deployment & Debugging ??
??
Communication (APDU) ??

21. Card application development
.NET assembly
(1) Compiles program Converter
(3) Signed card binary
Plug-in
(2) Conversion
to card binary
(4) .NET remoting comm.
Comm.
Proxy
(5) APDU comm.
Vendor’s SDK

22. How secure is .NET card?
• Has EAL5+ certified Infenion chip
• EAL certification is widely used by smart card
industry (EAL3 to EAL7)
• .NET card OS is designed to achieve EAL4+
• EAL4+ audit:
– takes 6 to 9 months, costs high 10sk to low 100sk £
– includes independent penetration testing and source
code review in some case
• No published vulnerabilities so far

23. Rev. Engineering For Vuln. Discovery

24. Smart Card Vuln. research
• No Chip OS binary is available
• Traditional tools (debuggers, disassemblers)
are useless
• No publicly available testing tools
• Secure chips have sensors, shields, encryption
• ON-card bytecode/IL code verifier

25. “HiveMod” Tool

26. HiveMod
• Vulnerability research tool, for:
– .NET card binary (Hive format) visualization
– Card Binary manipulation
– Card binary Re-signing

27. .NET Card Binary
Compiler Header
Digital signature Header
Object counters Header
Namespaces reference table
Types reference table
Methods reference table
Fields reference table
Blob definitions
Type definitions
Method definitions
Program code (IL code)
RSA signature

28. HIVE manipulation/fuzzing

29. Manipulating Digital Signature Header
Compiler Header
Digital signature Header offset Field name size
32 SHA1 hash of the full assembly 20
Object counters Header 52 Public key token 8
60 RSA modulus length 4 (len)
Namespaces reference table
64 RSA public exponent 4
Types reference table 68 RSA modulus len
Methods reference table
Fields reference table
Blob definitions
Type definitions
Method definitions
Program code (IL code)
RSA signature

30. Manipulating Digital Signature Header
PBKT=Reverse(Right(SHA1(RSA_modulus),8))

31. (Bypassing .NET card app Firewall)
Old school attack: Public Key Token Spoofing

32. Attack Demo
Let’s use the HiveMod tool to test this
vulnerability!

33. Manual testing vs. HiveMod
• Rev. engineering the SDK: ~2 months
• Hex editor for binary patching : Frustrating
• Modified card binary needs to be signed
• Destroying at least 10 cards: ~200 Euros

34. Real World Attack?
(2) Payment GSM (data)
Access control app
Employee
POS terminal
corporate
E-Purse app
cafeteria
(no GSM access)
(4) save to card
GSM (data)
(1) Attacker plants malware
in e-purse
(3) Access control data
exfiltration
Attacker’s
system

35. Fiction or Real?
Document available on the internet

36. Vendor’s Response
• “An attacker needs administration key to be able to
upload his malicious application on the card, This Key is
normally securely stored in a HSM or a smart card
based controller”.

37. Vendor’s Response
• “Knowledge of the Public Key Token of the
targeted application is required”.

38. Vendor’s Response
• “The targeted application must use private
file-system storage for its data to be exposed.
Therefore, internal (Application Domain)
storage is immune to such attack”.
byte[] key={0xaf,0x09,0x45,0x12,....};

39. More Vulnerabilities...
• Unauthorized memory read in InitializeArray():
public static void InitializeArray(Array array,RuntimeFieldHandle fldHandle);
• Results: Partial memory dump
• Destroys the card (no reliable exploitation
yet)

40. More Vulnerabilities...

41. Conclusions
• don’t worry!
• check the apps PKTs for tampering.
• Use a secure card management system
• Smart card apps can be patched/updated , but
not the card’s OS!
• Smart cards OS and apps and card
management software need pen tests too!

42. Closing words
• HiveMod Tool would be available to Smart
Card vendors and security researchers
(contact research@sensepost.com)
• I’d like to thank Dr. Kostas Markantonakis for
supervising my research

43. Questions?