The document provides an overview of the hardware and software used in the Hitcon Badge 2018. It includes:
- An overview of the hardware components including the MT7697 Soc, e-paper display, button array, secure element, and other components.
- Descriptions of the software implementation including an Arduino package customized for the badge, wallet functionality using BIP32, BIP39, and BIP44 standards, and Ethereum transaction signing using the secure element.
- Explanations of the secure element usage for private key storage and transaction signing to securely implement the wallet functionality.
Understanding hd wallets design and implementationArcBlock
ArcBlock Technical Learning Series Presents Understanding HD Wallets. This talk will look at the building blocks to creating a virtual currency wallet including some of the basic design ideas, and implementation methods.
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...Bishop Fox
05 April 2016 - DEF CON 23 (2015)
Fran Brown & Shubham Shah - Bishop Fox
https://resources.bishopfox.com/resources/tools/rfid-hacking/
https://www.defcon.org/html/defcon-23/dc-23-speakers.html#Brown
Have you ever attended an RFID hacking presentation and walked away with more questions than answers? This talk will finally provide practical guidance for penetration testers on hacking High Frequency (HF - 13.56 MHz) and Ultra-High Frequency (UHF – 840-960 MHz). This includes Near Field Communication (NFC), which also operates at 13.56 MHz and can be found in things like mobile payment technologies, e.g., Apple Pay and Google Wallet. We’ll also be releasing a slew of new and free RFID hacking tools using Arduino microcontrollers, Raspberry Pis, phone/tablet apps, and even 3D printing.
This presentation will NOT weigh you down with theoretical details or discussions of radio frequencies and modulation schemes. It WILL serve as a practical guide for penetration testers to better understand the attack tools and techniques available to them for stealing and using RFID tag information, specifically for HF and UHF systems. We will showcase the best-of-breed in hardware and software that you’ll need to build an RFID penetration toolkit. Our goal is to eliminate pervasive myths and accurately illustrate RFID risks via live attack DEMOS:
o High Frequency / NFC – Attack Demos:
- HF physical access control systems (e.g., iCLASS and MIFARE DESFire “contactless smart card” product families)
- Credit cards, public transit cards, passports (book), mobile payment systems (e.g., Apple Pay, Google Wallet), NFC loyalty cards (e.g., MyCoke Rewards), new hotel room keys, smart home door locks, and more
o Ultra-High Frequency – Attack Demos:
- Ski passes, enhanced driver’s licenses, passports (card), U.S. Permanent Resident Card (“green card”), trusted traveler cards
Schematics and Arduino code will be released, and 100 lucky audience members will receive one of a handful of new flavors of our Tastic RFID Thief custom PCB, which they can insert into almost any commercial RFID reader to steal badge info or use as a MITM backdoor device capable of card replay attacks. New versions include extended control capabilities via Arduino add-on modules such as Bluetooth low energy (BLE) and GSM/GPRS (SMS messaging) modules
This DEMO-rich presentation will benefit both newcomers to RFID penetration testing as well as seasoned professionals.
DISCLAIMER: This video is intended for pentesting training purposes only.
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Svetlin Nakov
Cryptography for Java Developers
Hashes, MAC, Key Derivation, Encrypting Passwords, Symmetric Ciphers & AES, Digital Signatures & ECDSA
About the Speaker
What is Cryptography?
Cryptography in Java – APIs and Libraries
Hashes, MAC Codes and Key Derivation (KDF)
Encrypting Passwords: from Plaintext to Argon2
Symmetric Encryption: AES (KDF + Block Modes + IV + MAC)
Digital Signatures, Elliptic Curves, ECDSA, EdDSA
Live demos and code examples: https://github.com/nakov/Java-Cryptography-Examples
Video (in Bulgarian language): https://youtu.be/ZG3BLXWVwJM
Blog: https://nakov.com/blog/2019/01/26/cryptography-for-java-developers-nakov-at-jprofessionals-jan-2019/
toring passwords and secret configuration is a challenge for an application. Ada Keystore is a library that stores arbitrary content by encrypting them in secure keystore (AES-256, HMAC-256).
The talk presents the project and shows how to use the Ada Keystore library to get or store secret information in a secure manner. The presentation explains how the Ada features such as types, protected types, tasks, pre/post conditions have helped during the development of this project.
Understanding hd wallets design and implementationArcBlock
ArcBlock Technical Learning Series Presents Understanding HD Wallets. This talk will look at the building blocks to creating a virtual currency wallet including some of the basic design ideas, and implementation methods.
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...Bishop Fox
05 April 2016 - DEF CON 23 (2015)
Fran Brown & Shubham Shah - Bishop Fox
https://resources.bishopfox.com/resources/tools/rfid-hacking/
https://www.defcon.org/html/defcon-23/dc-23-speakers.html#Brown
Have you ever attended an RFID hacking presentation and walked away with more questions than answers? This talk will finally provide practical guidance for penetration testers on hacking High Frequency (HF - 13.56 MHz) and Ultra-High Frequency (UHF – 840-960 MHz). This includes Near Field Communication (NFC), which also operates at 13.56 MHz and can be found in things like mobile payment technologies, e.g., Apple Pay and Google Wallet. We’ll also be releasing a slew of new and free RFID hacking tools using Arduino microcontrollers, Raspberry Pis, phone/tablet apps, and even 3D printing.
This presentation will NOT weigh you down with theoretical details or discussions of radio frequencies and modulation schemes. It WILL serve as a practical guide for penetration testers to better understand the attack tools and techniques available to them for stealing and using RFID tag information, specifically for HF and UHF systems. We will showcase the best-of-breed in hardware and software that you’ll need to build an RFID penetration toolkit. Our goal is to eliminate pervasive myths and accurately illustrate RFID risks via live attack DEMOS:
o High Frequency / NFC – Attack Demos:
- HF physical access control systems (e.g., iCLASS and MIFARE DESFire “contactless smart card” product families)
- Credit cards, public transit cards, passports (book), mobile payment systems (e.g., Apple Pay, Google Wallet), NFC loyalty cards (e.g., MyCoke Rewards), new hotel room keys, smart home door locks, and more
o Ultra-High Frequency – Attack Demos:
- Ski passes, enhanced driver’s licenses, passports (card), U.S. Permanent Resident Card (“green card”), trusted traveler cards
Schematics and Arduino code will be released, and 100 lucky audience members will receive one of a handful of new flavors of our Tastic RFID Thief custom PCB, which they can insert into almost any commercial RFID reader to steal badge info or use as a MITM backdoor device capable of card replay attacks. New versions include extended control capabilities via Arduino add-on modules such as Bluetooth low energy (BLE) and GSM/GPRS (SMS messaging) modules
This DEMO-rich presentation will benefit both newcomers to RFID penetration testing as well as seasoned professionals.
DISCLAIMER: This video is intended for pentesting training purposes only.
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Svetlin Nakov
Cryptography for Java Developers
Hashes, MAC, Key Derivation, Encrypting Passwords, Symmetric Ciphers & AES, Digital Signatures & ECDSA
About the Speaker
What is Cryptography?
Cryptography in Java – APIs and Libraries
Hashes, MAC Codes and Key Derivation (KDF)
Encrypting Passwords: from Plaintext to Argon2
Symmetric Encryption: AES (KDF + Block Modes + IV + MAC)
Digital Signatures, Elliptic Curves, ECDSA, EdDSA
Live demos and code examples: https://github.com/nakov/Java-Cryptography-Examples
Video (in Bulgarian language): https://youtu.be/ZG3BLXWVwJM
Blog: https://nakov.com/blog/2019/01/26/cryptography-for-java-developers-nakov-at-jprofessionals-jan-2019/
toring passwords and secret configuration is a challenge for an application. Ada Keystore is a library that stores arbitrary content by encrypting them in secure keystore (AES-256, HMAC-256).
The talk presents the project and shows how to use the Ada Keystore library to get or store secret information in a secure manner. The presentation explains how the Ada features such as types, protected types, tasks, pre/post conditions have helped during the development of this project.
Steam Learn: HTTPS and certificates explainedinovia
You've seen it somewhere, you already know about it, maybe without even knowing it... that's embarrassing, it is. If you don't understand what I'm saying, it doesn't matter, have a look at the presentation and you'll understand how credit card information is secured.
Cryptography 101 for Java Developers - Devoxx 2019Michel Schudel
So you're logging in to your favorite crypto currency exchange over https using a username and password, executing some transactions, and you're not at all surprised that, security wise, everything's hunky dory...
The amount of cryptography to make all this happen is staggering. In order to appreciate and understand what goes on under the hood, as a developer, it's really important to dive into the key concepts of cryptography.
In this session, we discover what cryptography actually is, and will use the JCA (Java Cryptography API) en JCE (Java Cryptography Extensions) in the JDK to explain and demo key concepts such as: - Message digests (hashing) - Encryption, both symmetric and asymmetric - Digital signatures, both symmetric and asymmetric.
Furthermore, we'll show how these concepts find their way into a variety of practical applications such as: - https and certificates - salted password checking - block chain technology After this session, you'll have a better understanding of basic cryptography, its applications, and how to use the cryptography APIs in Java.
Cryptography 101 for Java Developers - JavaZone2019Michel Schudel
So you're logging in to your favorite crypto currency exchange over https using a username and password, executing some transactions, and you're not at all surprised that, security wise, everything's hunky dory...
Ever wondered about the amount of cryptography begin used here? No? Let's dive into the key concepts of cryptography then, and see how the JDK supports this using the standard cryptography API's: JCA (Java Cryptography Architecture) and JCE (Java Cryptography Extension)! We'll be exploring message digests, encryption, and digital signatures, and see how they'are used in password checks, https, and block chain technology.
After this session, you'll have a better understanding of basic cryptography, its applications, and how to use the cryptography APIs in Java.
Cryptography 101 for_java_developers, Fall 2019Michel Schudel
So you’re logging in to your favorite crypto currency exchange over https using a username and password, executing some transactions, and you’re not at all surprised that, security wise, everything’s hunky dory…
The amount of cryptography to make all this happen is staggering. In order to appreciate and understand what goes on under the hood, as a developer, it’s really important to dive into the key concepts of cryptography.
In this session, we discover what cryptography actually is, and will use the JCA (Java Cryptography API) en JCE (Java Cryptography Extensions) in the JDK to explain and demo key concepts such as:
– Message digests (hashing)
– Encryption, both symmetric and asymmetric
– Digital signatures, both symmetric and asymmetric
Furthermore, we’ll show how these concepts find their way into a variety of practical applications such as:
– https and certificates
– salted password checking
– block chain technology
After this session, you’ll have a better understanding of basic cryptography, its applications, and how to use the cryptography APIs in Java.
In the blockchain, contracts may be lost but are never forgotten. Over 1,500,000 Ethereum smart contracts have been created on the blockchain but under 7,000 unique contracts have value today. An even smaller fraction of those have source code to analyze. Old contracts have been purged from the world computer's working memory but they can be reconstructed and analyzed. When a contract's purpose is fulfilled, the owner typically triggers a self-destruct switch that removes code and state. These steps are similar to what an attacker would do after hijacking a contract. Is it likely the self-destruct was intentional or performed by a trusted third party? Or was it a hack or fraud? By investigating the transactions leading up to the termination of a binary-only contract, we can determine if there was an attack. After identifying an attacker, we can find patterns that lead to a possible motive by carefully examining their other transactions.
This presentation will introduce Ethereum smart contracts, explain how to reverse engineer binary-only contracts, describe common classes of vulnerabilities, and then show how to investigate attacks on contracts by demonstrating new tools that re-process blockchain ledger data, recreate contracts with state, and analyze suspect transactions using traces and heuristics.
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)Svetlin Nakov
Crypto-Wallets: A Technical Perspective
Svetlin Nakov @ OpenFest 2018 - https://www.openfest.org/2018/en/
Sofia, 4 November 2018
In this talk the speaker explains the concepts of crypto-wallets used by the blockchain developers to securely keep the private keys controlling the blockchain addresses and crypto-assets. The different wallet types (brain, paper, desktop, mobile, online, hardware) will be introduced and how to build and interact with wallets, sign and send blockchain transactions are demonstrated. The speaker explains the basic concepts and will give examples how to use and interact with keystores (holding a single ECC-based private key) and hierarchical deterministic wallets (HD wallets), which use mnemonic phrases with key-derivation based on the BIP39 and the BIP44 standards to keep multiple private keys.
All attendees are invited to create their own crypto-wallet and to get some testing crypto-coins (Ethereum Ropsten Testnet ethers – ETHt) and to send a few payment transactions on the Testnet.
All concepts are demonstrated with live examples in JavaScript: creating a simple wallet, encrypting and saving it; creating a new random HD wallet and creating an HD wallet from mnemonic phrase, along with deriving private keys.
Learn more at: http://www.nakov.com/blog/2018/11/04/crypto-wallets-a-technical-perspective-nakov-at-openfest-2018/
“Technical Intro to Blockhain” by Yurijs Pimenovs from Paybis at CryptoCurren...Dace Barone
He will give an introduction talk about Blockchain technology technical aspects like cryptography, protocols, APIs and scripting with focus on explaining how Bitcoin and other blockchain works and what they consist of.
Yurijs is a Chief Technical Officer at Paybis, blogger at coinside.ru , blockchain enthusiast since 2011.
Talk slide at Blockchain&DAPPs technologies meetup held on 11th April 2018 @ Microsoft - Singapore.
The slides cover the basic concept of bitcoin wallet functionalities.
Explains what the Blockchain is and how it works. Features slides about the Cryptography, P2P Networking, Blockchain Data Structure, Bitcoin Transactions, Proof of Work Algorithm (Mining) and Scripts.
Blockchain, cryptography and tokens — NYC Bar presentationPaperchain
Concise version of presentation delivered at the NYC Bar Association.
Overview of blockchains, how cryptography works on blockchains and the difference between cryptocurrencies and tokens.
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...CODE BLUE
Malware analysts normally obtain IP addresses of the malware's command & control (C2) servers by analyzing samples. This approach works in commoditized attacks or campaigns. However, with targeted attacks using APT malware, it's difficult to acquire a sufficient number of samples for organizations other than antivirus companies. As a result, malware C2 IOCs collected by a single organization are just the tip of the iceberg.
For years, I have reversed the C2 protocols of high-profile APT malware families then discovered the active C2 servers on the Internet by emulating the protocols. In this presentation, I will explain how to emulate the protocols of two long-term pieces of malware used by PRC-linked cyber espionage threat actors: Winnti 4.0 and ShadowPad.
Both pieces of malware support multiple C2 protocols like TCP/TLS/HTTP/HTTPS/UDP. It's also common to have different data formats and encoding algorithms per each protocol in one piece of malware. I'll cover the protocol details while referring to unique functions such as server-mode in Winnti 4.0 and multiple protocol listening at a single port in ShadowPad. Additionally, I'll share the findings regarding the Internet-wide C2 scanning and its limitations.
After the presentation, I'll publish over 140 C2 IOCs with the date ranges in which they were discovered. These dates are more helpful than just IP address information since the C2s are typically found on hosted servers, meaning that the C2 could sometimes exist on a specific IP only for a very limited time. 65% of these IOCs have 0 detection on VirusTotal as of the time of this writing.
A broad-ranging introduction into Blockchain, the Mental Models to use to think about its implications (Blockchain as a Database, as a City and as a Continent); and a technical introduction into the key ingredients to build a blockchain as well as dApps.
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & CodeHorea Porutiu
This video will talk through the concepts needed to understand a Hyperledger Fabric solution - it will talk about smart contracts, the client application, the connection profile, the hyperledger fabric SDK, and how to use a UI to update the ledger.
Steam Learn: HTTPS and certificates explainedinovia
You've seen it somewhere, you already know about it, maybe without even knowing it... that's embarrassing, it is. If you don't understand what I'm saying, it doesn't matter, have a look at the presentation and you'll understand how credit card information is secured.
Cryptography 101 for Java Developers - Devoxx 2019Michel Schudel
So you're logging in to your favorite crypto currency exchange over https using a username and password, executing some transactions, and you're not at all surprised that, security wise, everything's hunky dory...
The amount of cryptography to make all this happen is staggering. In order to appreciate and understand what goes on under the hood, as a developer, it's really important to dive into the key concepts of cryptography.
In this session, we discover what cryptography actually is, and will use the JCA (Java Cryptography API) en JCE (Java Cryptography Extensions) in the JDK to explain and demo key concepts such as: - Message digests (hashing) - Encryption, both symmetric and asymmetric - Digital signatures, both symmetric and asymmetric.
Furthermore, we'll show how these concepts find their way into a variety of practical applications such as: - https and certificates - salted password checking - block chain technology After this session, you'll have a better understanding of basic cryptography, its applications, and how to use the cryptography APIs in Java.
Cryptography 101 for Java Developers - JavaZone2019Michel Schudel
So you're logging in to your favorite crypto currency exchange over https using a username and password, executing some transactions, and you're not at all surprised that, security wise, everything's hunky dory...
Ever wondered about the amount of cryptography begin used here? No? Let's dive into the key concepts of cryptography then, and see how the JDK supports this using the standard cryptography API's: JCA (Java Cryptography Architecture) and JCE (Java Cryptography Extension)! We'll be exploring message digests, encryption, and digital signatures, and see how they'are used in password checks, https, and block chain technology.
After this session, you'll have a better understanding of basic cryptography, its applications, and how to use the cryptography APIs in Java.
Cryptography 101 for_java_developers, Fall 2019Michel Schudel
So you’re logging in to your favorite crypto currency exchange over https using a username and password, executing some transactions, and you’re not at all surprised that, security wise, everything’s hunky dory…
The amount of cryptography to make all this happen is staggering. In order to appreciate and understand what goes on under the hood, as a developer, it’s really important to dive into the key concepts of cryptography.
In this session, we discover what cryptography actually is, and will use the JCA (Java Cryptography API) en JCE (Java Cryptography Extensions) in the JDK to explain and demo key concepts such as:
– Message digests (hashing)
– Encryption, both symmetric and asymmetric
– Digital signatures, both symmetric and asymmetric
Furthermore, we’ll show how these concepts find their way into a variety of practical applications such as:
– https and certificates
– salted password checking
– block chain technology
After this session, you’ll have a better understanding of basic cryptography, its applications, and how to use the cryptography APIs in Java.
In the blockchain, contracts may be lost but are never forgotten. Over 1,500,000 Ethereum smart contracts have been created on the blockchain but under 7,000 unique contracts have value today. An even smaller fraction of those have source code to analyze. Old contracts have been purged from the world computer's working memory but they can be reconstructed and analyzed. When a contract's purpose is fulfilled, the owner typically triggers a self-destruct switch that removes code and state. These steps are similar to what an attacker would do after hijacking a contract. Is it likely the self-destruct was intentional or performed by a trusted third party? Or was it a hack or fraud? By investigating the transactions leading up to the termination of a binary-only contract, we can determine if there was an attack. After identifying an attacker, we can find patterns that lead to a possible motive by carefully examining their other transactions.
This presentation will introduce Ethereum smart contracts, explain how to reverse engineer binary-only contracts, describe common classes of vulnerabilities, and then show how to investigate attacks on contracts by demonstrating new tools that re-process blockchain ledger data, recreate contracts with state, and analyze suspect transactions using traces and heuristics.
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)Svetlin Nakov
Crypto-Wallets: A Technical Perspective
Svetlin Nakov @ OpenFest 2018 - https://www.openfest.org/2018/en/
Sofia, 4 November 2018
In this talk the speaker explains the concepts of crypto-wallets used by the blockchain developers to securely keep the private keys controlling the blockchain addresses and crypto-assets. The different wallet types (brain, paper, desktop, mobile, online, hardware) will be introduced and how to build and interact with wallets, sign and send blockchain transactions are demonstrated. The speaker explains the basic concepts and will give examples how to use and interact with keystores (holding a single ECC-based private key) and hierarchical deterministic wallets (HD wallets), which use mnemonic phrases with key-derivation based on the BIP39 and the BIP44 standards to keep multiple private keys.
All attendees are invited to create their own crypto-wallet and to get some testing crypto-coins (Ethereum Ropsten Testnet ethers – ETHt) and to send a few payment transactions on the Testnet.
All concepts are demonstrated with live examples in JavaScript: creating a simple wallet, encrypting and saving it; creating a new random HD wallet and creating an HD wallet from mnemonic phrase, along with deriving private keys.
Learn more at: http://www.nakov.com/blog/2018/11/04/crypto-wallets-a-technical-perspective-nakov-at-openfest-2018/
“Technical Intro to Blockhain” by Yurijs Pimenovs from Paybis at CryptoCurren...Dace Barone
He will give an introduction talk about Blockchain technology technical aspects like cryptography, protocols, APIs and scripting with focus on explaining how Bitcoin and other blockchain works and what they consist of.
Yurijs is a Chief Technical Officer at Paybis, blogger at coinside.ru , blockchain enthusiast since 2011.
Talk slide at Blockchain&DAPPs technologies meetup held on 11th April 2018 @ Microsoft - Singapore.
The slides cover the basic concept of bitcoin wallet functionalities.
Explains what the Blockchain is and how it works. Features slides about the Cryptography, P2P Networking, Blockchain Data Structure, Bitcoin Transactions, Proof of Work Algorithm (Mining) and Scripts.
Blockchain, cryptography and tokens — NYC Bar presentationPaperchain
Concise version of presentation delivered at the NYC Bar Association.
Overview of blockchains, how cryptography works on blockchains and the difference between cryptocurrencies and tokens.
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...CODE BLUE
Malware analysts normally obtain IP addresses of the malware's command & control (C2) servers by analyzing samples. This approach works in commoditized attacks or campaigns. However, with targeted attacks using APT malware, it's difficult to acquire a sufficient number of samples for organizations other than antivirus companies. As a result, malware C2 IOCs collected by a single organization are just the tip of the iceberg.
For years, I have reversed the C2 protocols of high-profile APT malware families then discovered the active C2 servers on the Internet by emulating the protocols. In this presentation, I will explain how to emulate the protocols of two long-term pieces of malware used by PRC-linked cyber espionage threat actors: Winnti 4.0 and ShadowPad.
Both pieces of malware support multiple C2 protocols like TCP/TLS/HTTP/HTTPS/UDP. It's also common to have different data formats and encoding algorithms per each protocol in one piece of malware. I'll cover the protocol details while referring to unique functions such as server-mode in Winnti 4.0 and multiple protocol listening at a single port in ShadowPad. Additionally, I'll share the findings regarding the Internet-wide C2 scanning and its limitations.
After the presentation, I'll publish over 140 C2 IOCs with the date ranges in which they were discovered. These dates are more helpful than just IP address information since the C2s are typically found on hosted servers, meaning that the C2 could sometimes exist on a specific IP only for a very limited time. 65% of these IOCs have 0 detection on VirusTotal as of the time of this writing.
A broad-ranging introduction into Blockchain, the Mental Models to use to think about its implications (Blockchain as a Database, as a City and as a Continent); and a technical introduction into the key ingredients to build a blockchain as well as dApps.
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & CodeHorea Porutiu
This video will talk through the concepts needed to understand a Hyperledger Fabric solution - it will talk about smart contracts, the client application, the connection profile, the hyperledger fabric SDK, and how to use a UI to update the ledger.
201803 Blockchains, Cryptocurrencies & Tokens - NYC Bar Association Presentat...Paperchain
Presented at the NYC Bar Association, an overview of the technologies that make up blockchain technology and why those technologies have implications with existing legal frameworks.
This presentation gives you the sense on what is Blockchain and how does work
Blockchain is the technology that can disrupt economies by decentralizing , democratizing trust and eliminating unnecessary intermediaries using the TRUST protocol!
(Note: All numbers / brands / currencies used in these slides are for demonstration purposes)
MATHEMATICS BRIDGE COURSE (TEN DAYS PLANNER) (FOR CLASS XI STUDENTS GOING TO ...PinkySharma900491
Class khatm kaam kaam karne kk kabhi uske kk innings evening karni nnod ennu Tak add djdhejs a Nissan s isme sniff kaam GCC bagg GB g ghan HD smart karmathtaa Niven ken many bhej kaam karne Nissan kaam kaam Karo kaam lal mam cell pal xoxo
NO1 Uk Amil Baba In Lahore Kala Jadu In Lahore Best Amil In Lahore Amil In La...Amil baba
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
4. MT7697
WiFi/BLE Soc
SLE97 2.13” e-Paper
Button Array
CP2102N
USB to UART
3V to 3.3V
Step-up
5V to 3.3V
LDO
PN532
NFC
controller
SPI bus
I2C bus
Interrupt
Analog
UART
USB
5V
3.3V
3.3V Special
buttons
Digital
Hardware Diagram
4
6. Linkit 7697
• Arduino Support
• Wrtnode’s module with 4MB Flash
• MTK Official Support Platform
• With Auto-Switch to load Firmware
• Arduino IDE Setup:
https://docs.labs.mediatek.com/resour
ce/linkit7697-
arduino/en/environment-setup/setup-
arduino-ide
6
19. Secure Element
• SLE97 – From Infineon, Software from IKV
• ARM® SecurCore™ SC300™
• Crypto processor
• ISO 7816 interface
• SPI interface
CC EAL5+ high !
19
22. Wallet – Cryptocurrency: BTC
• 對比特幣來說,每一筆交易
完成後,餘額會匯到新的錢
包
錢包需要管理一堆Private Key
➔Private Key 管理問題
Solution: Deterministic Wallet
50 BTC 10 BTC
40 BTC
交易
A
A
B
22
23. HD Wallet – BIP32,39,44 Overview
Root Seed
Mnemonic
Code
HMAC-SHA512
Right 256bit
Master Chain Code
Left 256bit
Private Key m
Child Key m/0
Child ID
Child Chain code
…….
Child Key m/2
Child ID
Child Chain code
Child Key m/1
Child ID
Child Chain code
Grandchildren
Keys
m/0/0~2^32
Grandchildren
Keys
m/1/0~2^32
Grandchildren
Keys
m/2/0~2^32
BIP39
BIP32
BIP44
…….
23
24. Child key derivation
Parent
Private or
Public Key
HMAC-SHA512
Left
256bits
Right
256bitsParent
Chain Code
index
number
Child Private
Key
Child Chain
Code
Key
Data
https://github.com/bitcoin/bips/blob/master/bip-
0032.mediawiki
Hardened
24
25. BIP39 - Mnemonic Code
• 由於Root Seed 不方便人類抄寫,所以透過2048個字的組合定義一
個Coding 方式
• 2048個字➔ 每個字代表11byte
Word List:
Abandon 0x01
Ability 0x02
Able 0x03
About 0x04
.
.
.
https://github.com/bitcoin/bips/blob/master/bip-
0039.mediawiki
Root Seed (128~256bit multiple of 32bit)
…….
11bit 11bit 11bit 11bit …….
Mnemonic Words
First Seed Length/32 bit
of SHA256(Root Seed)
25
26. BIP39 - Mnemonic Code https://github.com/bitcoin/bips/blob/master/bip-
0039.mediawiki
Root Seed Length Checksum Length Total Length Word Length
128 Bits 4 Bits 132 Bits 12 Words
160 Bits 5 Bits 165 Bits 15 Words
192 Bits 6 Bits 198 Bits 18 Words
224 Bits 7 Bits 231 Bits 21 Words
256 Bits 8 Bits 264 Bits 24 Words
Badge預設值
26
27. BIP 44 – Meaningful structure
m / purpose' / coin_type' / account' / change / address_index
• Purpose ➔ 固定 44’
• Coin type
• Bitcoin ➔ 0’
• Eth ➔ 60’
• Account
• Change
• 0 for External chain ➔收款/付款用
• 1 for internal chain ➔ 內部處裡用
• Address index
• Badge預設: m/44’/60’/0’/0/0
Tool:https://coinomi.com/recovery-phrase-tool.html
27
28. BIP 44 – Meaningful structure
m / purpose' / coin_type' / account' / change / address_index
• Purpose ➔ 固定 44’
• Coin type
• Bitcoin ➔ 0’
• Eth ➔ 60’
• Account
• Change
• 0 for External chain
• 1 for internal chain
• Address index
• Badge預設: m/44’/60’/0’/0/0
Tool:https://coinomi.com/recovery-phrase-tool.html
Hardened key
28
29. 乙太幣交易
• To Who
• 交易對方的Address
• 20byte
• How much
• 金額 單位為wei
• Uint256_t
• Gas Price
• 手續費 單位為wei
• Uint256_t
• Gas Limit
• 運算數量
• Uint256_t
• Nonce
• 交易筆數
• Data
RLP encoder
keccak256
Secp256k1
橢圓曲線
Transaction Data Transaction Hash
Transaction Signature
Recursive Length Prefix
Encoder for variable
length binary data
29
30. 乙太幣交易
• To Who
• 交易對方的Address
• 20byte
• How much
• 金額 單位為wei
• Uint256_t
• Gas Price
• 手續費 單位為wei
• Uint256_t
• Gas Limit
• 運算數量
• Uint256_t
• Nonce
• 交易筆數
• Data
• Transaction Signature
RLP encoder
Broadcast
Transaction data
https://steemit.com/ethereum/@n-ur/behind-the-scene-on-
how-myetherwallet-works-simple-illustration
30
31. Smart Contract : Program on ETH
• Smart Contract: 類似一種部屬在乙太幣網路的一段程式碼
• 藉由交易來傳遞/運算資料
• 一旦交易的對象是Smart Contract,Data會傳遞到對應的程式執行
31
33. • Contract Address
• How much meaning less
• Gas Price
• Gas Limit
• Nonce
• Data
怎麼交易ERC20?
• 對於錢包來說,ERC20只是帶有Data的交易
• 能夠塞Data就代表能支援ERC20,只是不一定有辦法顯示相對應
的交易資料
• To Who
• How much
• Gas Price
• Gas Limit
• Nonce
• Data • Contract Method
• Contract Data 33
34. ERC20 Data format
• Contract Method – 4 Byte ➔ Hashed Application Binary Interface
• Contract Data – Depend on function
• EX:
transfer(address _to, uint256 _value)
4 Byte 32 Byte 32 Byte Data
34Detail: https://github.com/ethereum/wiki/wiki/Ethereum-Contract-ABI
35. ERC20 Data format
• Example: 要轉 1 個 Hitcon Token給我的話
• transfer(0x4bf5193805a4fd033b84b5bb700bf2a2aaae6a7d, 0xDE0B6B3A7640000)
• “transfer(address,uint256)” ➔SHA3➔
a9059cbb2ab09eb219583f4a59a5d0623ade346d962bcd4e46b11da047c9049b
• Address ➔ Append to 32Bytes
0x0000000000000000000000004bf5193805a4fd033b84b5bb700bf2a2aaae6a7d
• Value ➔ Append to 32Bytes
0x000000000000000000000000000000000000000000000000de0b6b3a7640000
➔Data:0xa9059cbb0000000000000000000000004bf5193805a4fd033b84b5bb700bf
2a2aaae6a7d0000000000000000000000000000000000000000000000000de0b6b3a
7640000
35
41. Secure Element - State
Init
No Host Disconnect Normal
Perso
Perso?
Bind Reg
BackToNoHost
-with pin code
Bind Login
BackToInit – with Vender Key
Bind Logout
InitDevInfo
41
42. Host Registration
Host SE
BindRegInit (UUID, Description, HASH)
Handle, (OTP)
Get UUID of the Host
BindRegChlng (Handle)
Challenge
Calculate devKey from UUID & OTP
Calculate Response of Challenge by devKey
BindRegFinish (Handle, Response)
HostId, Confirm Status
Verify Response
Store Host if Passed
42
43. Host Login
Host SE
Get UUID and OTP from storage
BindLoginChlng (HostId)
Challenge
Calculate devKey from UUID & OTP
Calculate Response of Challenge by devKey
Bind Login (HostId, Response)
Status Words, 0x9000 if success
Verify Response
43
44. Device Key (devKey) Derivation
UUID of Host
32 bytes
OTP from SE
6 bytes
SHA256
devKey
32 bytes
44
46. Encrypt Key and MAC Key
• Encryption Key
• Used for Data Encryption after
Login
• Mac Key
• Used for Data HMAC-SHA256
Device Key
32 bytes
“ENC”
3 bytes
SHA256
Encryption Key
32 bytes
“MAC”
3 bytes
SHA256
Mac Key
32 bytes
https://en.wikipedia.org/wiki/Hash-based_message_authentication_code
Login Challenge
16 bytes
Device Key
32 bytes
Login Challenge
16 bytes
46
47. HDW Management
• Secure Element Handles BIP32 Path
• m/BIP44/coin/Account/Change/Address
• Badge預設: m/44'/60'/0'/0/0
• Secure Element Holds up to 5 accounts
• External Address Pointer of each account (update to 2128 addresses)
• Internal Address Pointer of each account (update to 2128 addresses)
47
48. Cmd line Management
• QueryAccountKey: Query Public Key for a specific Account/Key_ID
Usage: QueryAccountKey [account] [key_id]
• CreateAccount: Create a New Account for a specific cointype/account_id
Usage: CreateAccount [cointype] [account_id] [Name]
• QueryAccountInfo: Query a specific Account Info
Usage: QueryAccountInfo [account_id]
• CreateNextAddr: Generate a new key for a Specific Account
Usage: CreateNextAddr [account_id]
• Account ID:0~4
48
49. Cmd line Management
• SEState: Query Secure Element State
• BindReg: Bind Register
• BindLogin: Bind Login
• BindLogout: Bind Logout
• BackToNoHost: Back to NoHost state
• BackToInit: Back to Init State
• InitDevInfo: InitDeviceInfo and confirm
• PINAuth: Auth Pin Code
• InitWallet: Initialize Wallet from Mnemonic Words
• QueryWalletInfo: Query Wallet Info
• QueryAllAccount: Query All Account Info
• QueryAccountKey: Query Public Key for a specific Account/Key_ID
• CreateAccount: Create a New Account for a specific cointype/account_id
• QueryAccountInfo: Query a specific Account Info
• CreateNextAddr: Generate a new key for a Specific Account
• Transaction: Generate a new Raw Transaction
• Misc.
• Voltage: Read Battery Voltage
• ReinitBLE: Re-init BLE
• AddVcard: Adding a Vcard
• ResetHitconTokenDisplay: Reset Hitcon Token counter
49
50. Cmd line Usage
• USB to UART IC: CP2102N
• Driver: Linux & Windows & Mac
https://www.silabs.com/products/development-tools/software/usb-to-
uart-bridge-vcp-drivers
• Mac OSX 10.11 up: Apple Blocked kernel extension.
• https://stackoverflow.com/questions/47109036/cp2102-device-is-not-listed-in-
dev-on-macos-10-13 (Note: Answer 2)
• Setting:115200 8N1
50
54. Badge initialize + re-generate wallet
Enter
No-Host
State
First time
initialize
Bind
Register
Enter Discon.
Back To Init
& Init
Bind Login,
Set Pin Code
and enter
Normal
State
Generate/
Input
Master Key
Initialize
Master Key
Initialize
Account
m/44’/60’/0’
Initialize
address
index 0
Read Public
Key of
address
index 0
User
Request for
re-generate
54
55. Secure Element - State
Init
No Host Disconnect Normal
Perso
Perso?
Bind Reg
BackToNoHost
-with pin code
Bind Login
BackToInit – with Vender Key
Bind Logout
InitDevInfo
55
56. Badge startup wallet
Read Status
Reg Bind Login
Calc ETH
Address
Read Public
Key of
m/44’/60’/0
/0/0
0x06
0x07
other
Init Wallet
Read Version
If bootloader
mode, jump
56
57. Wallet Address BLE AES Key
QR-Code
格式:
Hitcon://pair?v=版本數
&a=錢包Address
&k=AES Key
&s=ServiceUUID
&c=Characteristic前四個Byte[6]
初始化的時候,
Badge會將生成好的Public
Address和BLE Key打包成一
個網址顯示在QR Code上面
BLE 各charastic
UUID前4byte
Example:
hitcon://pair?
v=18&
a=808c2257d778e5f1340d9325116f5a7273b33f5d&
k=09626aa096254e8a8ce871bfd7b8895c&
s=1cbfbb33-ffc7-c966-77f9-311c6ba9e425&
c=26ccce12e2c66a0b72c50cca509dbfc1275074f57e7c5668
BLE Service
UUID
Hitcon Badge 2018 – BLE Initialize + Re-paring
57
58. 為了避免濫發交易訊息,UUID是綁定時隨機產生的
QR Code會寫Characteristic UUID的前4個Byte,後面的UUID與Service相同
QR code的Characteristic順序如下:
Hitcon Badge 2018 – BLE UUIDs
Transaction, Txn, AddERC20, Balance, General Purpose Cmd, General Purpose Data
58
EX:
[init_BLE] LFLASH_Saved_UUID:
ServiceUUID: 8b15cb6c-0dfd-553a-9302-3cdcded12f56
Transaction_UUID: bbf16eb7-0dfd-553a-9302-3cdcded12f56
Txn_UUID: d754e76e-0dfd-553a-9302-3cdcded12f56
AddERC20_UUID: 448821bb-0dfd-553a-9302-3cdcded12f56
Balance_UUID: 19aceb1f-0dfd-553a-9302-3cdcded12f56
General_CMD_UUID: 8a2c0cd1-0dfd-553a-9302-3cdcded12f56
General_Data_UUID: 4ff47ce6-0dfd-553a-9302-3cdcded12f56
60. AES encryption + Encoding
Raw Data
AES encryption
16Byte
Random IV
Encrypted
Data
Encrypted
Data
16Byte
Random IV
Payload
Append to 128 Byte
Encoding Format:
Header1(uint8_t) length1(uint8_t) Data1[len]
Header2(uint8_t) length2(uint8_t) Data2[len]
Header3(uint8_t) length3(uint8_t) Data3[len]
60