SlideShare a Scribd company logo

Soviet Russia Smartcard Hacks You

Priyanka Aash, profile picture
Priyanka Aash

The document presents an overview of smartcard vulnerabilities, highlighting the role of smartcards in authentication systems and their inherent risks. Eric Sesterhenn discusses various protocols, fuzzing techniques, and the importance of understanding trust models in security measures. The presentation encourages proactive engagement with open-source projects to enhance security and advocacy for comprehensive testing methods.

Technology
1 of 30
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Eric Sesterhenn <eric.sesterhenn@x41-dsec.de> 2018 X41 D-SEC GmbH https://www.x41-dsec.de/ 1 / 30
whoami • Eric Sesterhenn • Principal Security Consultant • Pentesting/Code Auditing at X41 https://www.x41-dsec.de/ 2 / 30
Disclaimer • The issues presented here have been reported and fixed! • These are open source projects - help them! • I am not interested in testing / debugging proprietary stuff in my spare time. DEF CON 2018 3 / 30
Targets LINUX LOGIN DEF CON 2018 4 / 30
Why? • Smartcards control authentication! • Authentication runs as root! • Users and programmers subconsciously trust the smartcard! DEF CON 2018 5 / 30
Smartcards User Smartcard Reader Reader Driver (PC/SC) Login (pam) Smartcard Driver (OpenSC) DEF CON 2018 6 / 30
What is a Smartcard? • Physical, tamper-proof device • Designed to keep information secret • Contains memory and a processor https://en.wikipedia.org/wiki/Smart_card#/media/File:SmartCardPinout.svg DEF CON 2018 7 / 30
Application Protocol Data Unit • APDUs form the protocol to talk to smartcards • ISO/IEC 7816-4 Identification cards - Integrated circuit cards • T=0 is character oriented / T=1 is block-oriented • Verify: 00 20 00 01 04 31323334 CLA INS P1 P2 LC Data 1 1 1 1 0-3 NC DEF CON 2018 8 / 30
PC/SC API • PC/SC API can be used on win and *nix • Other libraries have a similar interface LONG WINAPI SCardTransmit( SCARDHANDLE hCard, LPCSCARD_IO_REQUEST pioSendPci, LPCBYTE pbSendBuffer, DWORD cbSendLength, PSCARD_IO_REQUEST pioRecvPci, LPBYTE pbRecvBuffer, LPDWORD pcbRecvLength ); DEF CON 2018 9 / 30
PKCS11 • PKCS11 is a platform independent API for cryptographic token • Supported by OpenSSL, browsers,... (eg. via libp11) • Windows uses smartcard Minidriver now • Driver for each card, uses ATR to match CK_RV C_FindObjectsInit( CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount ); DEF CON 2018 10 / 30
Smartcard Stack Summary Application (pam) PKCS11 PC/SC APDU Physical Card DEF CON 2018 11 / 30
Smartcard for Sign-On PAM Smartcard CRLServer GetCerti cates Certi cate Validate Certi cate and User RevocationCheck CRL GenerateNonce SignRequestforNonce Signature CheckSignatureAgainstCerti cate DEF CON 2018 12 / 30
Trust the Smartcard • Driver developers trust the smartcard! • Let’s abuse that • Mess with the card responses DEF CON 2018 13 / 30
# Bugs Project # Bugs libykneomgr 1 OpenSC Over 9000 ;-) pam_pkcs11 1 smartcardservices 2 Yubico-Piv 2 No, I did not fuzz the &$#?@! out of it... but guess which one I fuzzed the most ;-) Thanks to Frank Morgner for fixing! DEF CON 2018 14 / 30
Apple Smartcardservices do { cacreturn = cacToken.exchangeAPDU(command, sizeof(command), result, resultLength);,! if ((cacreturn & 0xFF00) != 0x6300) CACError::check(cacreturn); ... memcpy(certificate + certificateLength, result, resultLength - 2); certificateLength += resultLength - 2; // Number of bytes to fetch next time around is in the last byte // returned. command[4] = cacreturn & 0xFF; } while ((cacreturn & 0xFF00) == 0x6300); DEF CON 2018 15 / 30
OpenSC - CryptoFlex u8 buf[2048], *p = buf; size_t bufsize, keysize; sc_format_path("I1012", &path); r = sc_select_file(card, &path, &file); if (r) return 2; bufsize = file->size; sc_file_free(file); r = sc_read_binary(card, 0, buf, bufsize, 0); DEF CON 2018 16 / 30
Popping calcs... DEF CON 2018 17 / 30
Basic Smartcard Exploitation in 2018 • Basiccard gives you nice control,... yes BASIC! • Example exploit (Kevin) will be released to the public at beVX • Other methods would be SIMtrace or certain Javacards DEF CON 2018 18 / 30
YUBICO PIV if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); ,! ,! } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } DEF CON 2018 19 / 30
Logging in... DEF CON 2018 20 / 30
Challenges in fuzzing a protocol • Most modern fuzzers are file-oriented • Radamsa: Generates a corpus of files • Hongfuzz: passes a file (filename different each run) • libfuzzer: passes a buffer and length • AFL: passes a file DEF CON 2018 21 / 30
Challenges in fuzzing a protocol • SCardTransmit() tells us how much data it expects • Read this from a file on each call and error out if EOF • No complicated poll handling like for network sockets required DEF CON 2018 22 / 30
How to fuzz - OpenSC • reader-fuzzy.c • Implements a (virtual) smartcard reader interface • Responds with malicious data read from file (OPENSC_FUZZ_FILE) • Have fun with AFL American Fuzz Lop pkcs11-tool -t libopensc card-cac.c reader-fuzzy.c Fuzzing File Input DEF CON 2018 23 / 30
How to fuzz - Winscard and PC/SC • Winscard(.dll) on Linux and Unix • For proprietary code • Preload the library • Have fun with non-feedback fuzzers (e.g. radamsa) or AFL in qemu mode DEF CON 2018 24 / 30
How to fuzz - Winscard 2 • Tavis loadlibrary • Extended to support Winscard drivers • Fuzz the windows drivers on linux without all the overhead DEF CON 2018 25 / 30
Smartcard fuzzing • Released now! • https://github.com/x41sec/x41- smartcard-fuzzing DEF CON 2018 26 / 30
pam_pkcs11: Replay an Authentication PAM Smartcard CRLServer GetCerti cates Certi cate Validate Certi cate and User RevocationCheck CRL RequestRandomNonce Nonce SignRequestforNonce Signature CheckSignatureAgainstCerti cate DEF CON 2018 27 / 30
Roadblocks • Channel back to card is quite limited • Might need to use revocation list check for information leaks • Interaction during exploitation not possible with basiccard, get SIMtrace for that • But: A single bitflip from false to true during login can be enough :) DEF CON 2018 28 / 30
Takeaways / Conclusions • Think about trust models! • Some security measures increase your attack surface big time! • Fuzz Everything! • Limit attack surface by disabling certain drivers. • Do not write drivers in C ;-) DEF CON 2018 29 / 30
Thanks • Q & A • https://github.com/x41sec/x41-smartcard- fuzzing • eric.sesterhenn@x41-dsec.de • Sorry no Twitter... stalk me on LinkedIn if you must ;-) https://www.x41-dsec.de/ 30 / 30

More Related Content

PDF
Why are we still vulnerable to Side Channel Attacks?
Riscure
 
PDF
Lowering the bar: deep learning for side-channel analysis
Riscure
 
PDF
Defeating RSA Multiply-Always and Message Blinding Countermeasures
Riscure
 
PDF
⭐⭐⭐⭐⭐ CHARLA MACI: Prototipado de Aplicaciones Industriales Basado en Hardwar...
Victor Asanza
 
PDF
Rdl esp32 development board trainer kit
Research Design Lab
 
PDF
Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]
RootedCON
 
PDF
Arduino Forensics
Steve Watson
 
PDF
Side Channel Attacks on AES
Ravi Prakash Giri
 
Why are we still vulnerable to Side Channel Attacks?
Riscure
 
Lowering the bar: deep learning for side-channel analysis
Riscure
 
Defeating RSA Multiply-Always and Message Blinding Countermeasures
Riscure
 
⭐⭐⭐⭐⭐ CHARLA MACI: Prototipado de Aplicaciones Industriales Basado en Hardwar...
Victor Asanza
 
Rdl esp32 development board trainer kit
Research Design Lab
 
Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]
RootedCON
 
Arduino Forensics
Steve Watson
 
Side Channel Attacks on AES
Ravi Prakash Giri
 

What's hot (15)

PPTX
Programming esp8266
Baoshi Zhu
 
PDF
Gnu linux on arm for $50 - $100
Dobrica Pavlinušić
 
PPTX
Humantalk Angers 14 Mars
Rémi Dubois
 
PPTX
Innovation with pcDuino
Jingfeng Liu
 
PDF
Ins and Outs of GPIO Programming
ICS
 
PPTX
IoT Hands-On-Lab, KINGS, 2019
Jong-Hyun Kim
 
PDF
Stm32 f4 first touch
Benux Wei
 
PPTX
How to drive a malware analyst crazy
Michael Boman
 
PDF
Programando o ESP8266 com Python
Relsi Maron
 
PDF
Home automation-in-the-cloud-with-the-esp8266-and-adafruit-io
Tran Minh Nhut
 
PPTX
Esp8266 Workshop
Stijn van Drunen
 
PDF
Iot Bootcamp - abridged - part 1
Marcus Tarquinio
 
PDF
Adafruit Huzzah Esp8266 WiFi Board
Biagio Botticelli
 
PDF
lesson2 - Nodemcu course - NodeMCU dev Board
Elaf A.Saeed
 
PPTX
Alessandro Abbruzzetti - Kernal64
Scala Italy
 
Programming esp8266
Baoshi Zhu
 
Gnu linux on arm for $50 - $100
Dobrica Pavlinušić
 
Humantalk Angers 14 Mars
Rémi Dubois
 
Innovation with pcDuino
Jingfeng Liu
 
Ins and Outs of GPIO Programming
ICS
 
IoT Hands-On-Lab, KINGS, 2019
Jong-Hyun Kim
 
Stm32 f4 first touch
Benux Wei
 
How to drive a malware analyst crazy
Michael Boman
 
Programando o ESP8266 com Python
Relsi Maron
 
Home automation-in-the-cloud-with-the-esp8266-and-adafruit-io
Tran Minh Nhut
 
Esp8266 Workshop
Stijn van Drunen
 
Iot Bootcamp - abridged - part 1
Marcus Tarquinio
 
Adafruit Huzzah Esp8266 WiFi Board
Biagio Botticelli
 
lesson2 - Nodemcu course - NodeMCU dev Board
Elaf A.Saeed
 
Alessandro Abbruzzetti - Kernal64
Scala Italy
 

Similar to Soviet Russia Smartcard Hacks You (20)

PDF
Linux+sensor+device-tree+shell=IoT !
Dobrica Pavlinušić
 
PDF
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
Felipe Prado
 
PDF
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
Felipe Prado
 
PPTX
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014
Takeda Pharmaceuticals
 
PPTX
Tiny ML for spark Fun Edge
艾鍗科技
 
PDF
DevOpSec_DockerNPodMan-20230220.pdf
kanedafromparis
 
PPTX
Getting started with Intel IoT Developer Kit
Sulamita Garcia
 
PDF
BRKDCT-3144 - Advanced - Troubleshooting Cisco Nexus 7000 Series Switches (20...
aaajjj4
 
PPTX
BSides London 2015 - Proprietary network protocols - risky business on the wire.
Jakub Kałużny
 
DOC
Sahil_Resume
Sahil Sharma
 
PDF
Video Gateway Installation and configuration
sreeharsha43
 
PPT
ucOS
Ramasubbu .P
 
PDF
Cryptography and secure systems
Vsevolod Stakhov
 
PDF
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
44CON
 
PPTX
Track c-High speed transaction-based hw-sw coverification -eve
chiportal
 
PPTX
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
PROIDEA
 
PDF
amrapali builders@@sub way hacking.pdf
amrapalibuildersreviews
 
PDF
Raspberry Pi - HW/SW Application Development
Corley S.r.l.
 
PPTX
How Microsoft will MiTM your network
Brandon DeVault
 
PDF
OSSNA 2017 Performance Analysis Superpowers with Linux BPF
Brendan Gregg
 
Linux+sensor+device-tree+shell=IoT !
Dobrica Pavlinušić
 
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
Felipe Prado
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
Felipe Prado
 
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014
Takeda Pharmaceuticals
 
Tiny ML for spark Fun Edge
艾鍗科技
 
DevOpSec_DockerNPodMan-20230220.pdf
kanedafromparis
 
Getting started with Intel IoT Developer Kit
Sulamita Garcia
 
BRKDCT-3144 - Advanced - Troubleshooting Cisco Nexus 7000 Series Switches (20...
aaajjj4
 
BSides London 2015 - Proprietary network protocols - risky business on the wire.
Jakub Kałużny
 
Sahil_Resume
Sahil Sharma
 
Video Gateway Installation and configuration
sreeharsha43
 
ucOS
Ramasubbu .P
 
Cryptography and secure systems
Vsevolod Stakhov
 
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
44CON
 
Track c-High speed transaction-based hw-sw coverification -eve
chiportal
 
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
PROIDEA
 
amrapali builders@@sub way hacking.pdf
amrapalibuildersreviews
 
Raspberry Pi - HW/SW Application Development
Corley S.r.l.
 
How Microsoft will MiTM your network
Brandon DeVault
 
OSSNA 2017 Performance Analysis Superpowers with Linux BPF
Brendan Gregg
 

More from Priyanka Aash (20)

PPTX
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
Priyanka Aash
 
PDF
From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...
Priyanka Aash
 
PDF
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
Priyanka Aash
 
PDF
Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdf
Priyanka Aash
 
PDF
Lessons Learned from Developing Secure AI Workflows.pdf
Priyanka Aash
 
PDF
Cyber Defense Matrix Workshop - RSA Conference
Priyanka Aash
 
PDF
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
Priyanka Aash
 
PDF
Securing AI - There Is No Try, Only Do!.pdf
Priyanka Aash
 
PDF
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
Priyanka Aash
 
PDF
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
Priyanka Aash
 
PDF
10 Key Challenges for AI within the EU Data Protection Framework.pdf
Priyanka Aash
 
PDF
Techniques for Automatic Device Identification and Network Assignment.pdf
Priyanka Aash
 
PDF
Keynote : Presentation on SASE Technology
Priyanka Aash
 
PDF
Keynote : AI & Future Of Offensive Security
Priyanka Aash
 
PDF
Redefining Cybersecurity with AI Capabilities
Priyanka Aash
 
PDF
Demystifying Neural Networks And Building Cybersecurity Applications
Priyanka Aash
 
PDF
Finetuning GenAI For Hacking and Defending
Priyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
Priyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
Priyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
Priyanka Aash
 
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
Priyanka Aash
 
From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...
Priyanka Aash
 
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
Priyanka Aash
 
Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdf
Priyanka Aash
 
Lessons Learned from Developing Secure AI Workflows.pdf
Priyanka Aash
 
Cyber Defense Matrix Workshop - RSA Conference
Priyanka Aash
 
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
Priyanka Aash
 
Securing AI - There Is No Try, Only Do!.pdf
Priyanka Aash
 
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
Priyanka Aash
 
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
Priyanka Aash
 
10 Key Challenges for AI within the EU Data Protection Framework.pdf
Priyanka Aash
 
Techniques for Automatic Device Identification and Network Assignment.pdf
Priyanka Aash
 
Keynote : Presentation on SASE Technology
Priyanka Aash
 
Keynote : AI & Future Of Offensive Security
Priyanka Aash
 
Redefining Cybersecurity with AI Capabilities
Priyanka Aash
 
Demystifying Neural Networks And Building Cybersecurity Applications
Priyanka Aash
 
Finetuning GenAI For Hacking and Defending
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
Priyanka Aash
 

Recently uploaded (20)

PDF
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
PPTX
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
 
PDF
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
PPTX
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
PDF
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
PDF
Doc9.....................................
SofiaCollazos
 
PDF
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
PDF
Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...
Sandesh Rao
 
PPTX
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
PDF
GDG Cloud Munich - Intro - Luiz Carneiro - #BuildWithAI - July - Abdel.pdf
Luiz Carneiro
 
PDF
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
PDF
MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdf
Neo4j
 
PDF
The Future of Artificial Intelligence (AI)
Mukul
 
PPTX
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
PDF
Get More from Fiori Automation - What’s New, What Works, and What’s Next.pdf
Precisely
 
PPTX
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
PDF
AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdf
Artjoker Software Development Company
 
PDF
Software Development Methodologies in 2025
KodekX
 
PDF
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
PDF
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
 
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
Doc9.....................................
SofiaCollazos
 
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...
Sandesh Rao
 
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
GDG Cloud Munich - Intro - Luiz Carneiro - #BuildWithAI - July - Abdel.pdf
Luiz Carneiro
 
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdf
Neo4j
 
The Future of Artificial Intelligence (AI)
Mukul
 
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
Get More from Fiori Automation - What’s New, What Works, and What’s Next.pdf
Precisely
 
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdf
Artjoker Software Development Company
 
Software Development Methodologies in 2025
KodekX
 
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 

Soviet Russia Smartcard Hacks You

  • 1. Eric Sesterhenn <[email protected]> 2018 X41 D-SEC GmbH https://www.x41-dsec.de/ 1 / 30
  • 2. whoami • Eric Sesterhenn • Principal Security Consultant • Pentesting/Code Auditing at X41 https://www.x41-dsec.de/ 2 / 30
  • 3. Disclaimer • The issues presented here have been reported and fixed! • These are open source projects - help them! • I am not interested in testing / debugging proprietary stuff in my spare time. DEF CON 2018 3 / 30
  • 5. Why? • Smartcards control authentication! • Authentication runs as root! • Users and programmers subconsciously trust the smartcard! DEF CON 2018 5 / 30
  • 7. What is a Smartcard? • Physical, tamper-proof device • Designed to keep information secret • Contains memory and a processor https://en.wikipedia.org/wiki/Smart_card#/media/File:SmartCardPinout.svg DEF CON 2018 7 / 30
  • 8. Application Protocol Data Unit • APDUs form the protocol to talk to smartcards • ISO/IEC 7816-4 Identification cards - Integrated circuit cards • T=0 is character oriented / T=1 is block-oriented • Verify: 00 20 00 01 04 31323334 CLA INS P1 P2 LC Data 1 1 1 1 0-3 NC DEF CON 2018 8 / 30
  • 9. PC/SC API • PC/SC API can be used on win and *nix • Other libraries have a similar interface LONG WINAPI SCardTransmit( SCARDHANDLE hCard, LPCSCARD_IO_REQUEST pioSendPci, LPCBYTE pbSendBuffer, DWORD cbSendLength, PSCARD_IO_REQUEST pioRecvPci, LPBYTE pbRecvBuffer, LPDWORD pcbRecvLength ); DEF CON 2018 9 / 30
  • 10. PKCS11 • PKCS11 is a platform independent API for cryptographic token • Supported by OpenSSL, browsers,... (eg. via libp11) • Windows uses smartcard Minidriver now • Driver for each card, uses ATR to match CK_RV C_FindObjectsInit( CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount ); DEF CON 2018 10 / 30
  • 11. Smartcard Stack Summary Application (pam) PKCS11 PC/SC APDU Physical Card DEF CON 2018 11 / 30
  • 12. Smartcard for Sign-On PAM Smartcard CRLServer GetCerti cates Certi cate Validate Certi cate and User RevocationCheck CRL GenerateNonce SignRequestforNonce Signature CheckSignatureAgainstCerti cate DEF CON 2018 12 / 30
  • 13. Trust the Smartcard • Driver developers trust the smartcard! • Let’s abuse that • Mess with the card responses DEF CON 2018 13 / 30
  • 14. # Bugs Project # Bugs libykneomgr 1 OpenSC Over 9000 ;-) pam_pkcs11 1 smartcardservices 2 Yubico-Piv 2 No, I did not fuzz the &$#?@! out of it... but guess which one I fuzzed the most ;-) Thanks to Frank Morgner for fixing! DEF CON 2018 14 / 30
  • 15. Apple Smartcardservices do { cacreturn = cacToken.exchangeAPDU(command, sizeof(command), result, resultLength);,! if ((cacreturn & 0xFF00) != 0x6300) CACError::check(cacreturn); ... memcpy(certificate + certificateLength, result, resultLength - 2); certificateLength += resultLength - 2; // Number of bytes to fetch next time around is in the last byte // returned. command[4] = cacreturn & 0xFF; } while ((cacreturn & 0xFF00) == 0x6300); DEF CON 2018 15 / 30
  • 16. OpenSC - CryptoFlex u8 buf[2048], *p = buf; size_t bufsize, keysize; sc_format_path("I1012", &path); r = sc_select_file(card, &path, &file); if (r) return 2; bufsize = file->size; sc_file_free(file); r = sc_read_binary(card, 0, buf, bufsize, 0); DEF CON 2018 16 / 30
  • 17. Popping calcs... DEF CON 2018 17 / 30
  • 18. Basic Smartcard Exploitation in 2018 • Basiccard gives you nice control,... yes BASIC! • Example exploit (Kevin) will be released to the public at beVX • Other methods would be SIMtrace or certain Javacards DEF CON 2018 18 / 30
  • 19. YUBICO PIV if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); ,! ,! } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } DEF CON 2018 19 / 30
  • 20. Logging in... DEF CON 2018 20 / 30
  • 21. Challenges in fuzzing a protocol • Most modern fuzzers are file-oriented • Radamsa: Generates a corpus of files • Hongfuzz: passes a file (filename different each run) • libfuzzer: passes a buffer and length • AFL: passes a file DEF CON 2018 21 / 30
  • 22. Challenges in fuzzing a protocol • SCardTransmit() tells us how much data it expects • Read this from a file on each call and error out if EOF • No complicated poll handling like for network sockets required DEF CON 2018 22 / 30
  • 23. How to fuzz - OpenSC • reader-fuzzy.c • Implements a (virtual) smartcard reader interface • Responds with malicious data read from file (OPENSC_FUZZ_FILE) • Have fun with AFL American Fuzz Lop pkcs11-tool -t libopensc card-cac.c reader-fuzzy.c Fuzzing File Input DEF CON 2018 23 / 30
  • 24. How to fuzz - Winscard and PC/SC • Winscard(.dll) on Linux and Unix • For proprietary code • Preload the library • Have fun with non-feedback fuzzers (e.g. radamsa) or AFL in qemu mode DEF CON 2018 24 / 30
  • 25. How to fuzz - Winscard 2 • Tavis loadlibrary • Extended to support Winscard drivers • Fuzz the windows drivers on linux without all the overhead DEF CON 2018 25 / 30
  • 26. Smartcard fuzzing • Released now! • https://github.com/x41sec/x41- smartcard-fuzzing DEF CON 2018 26 / 30
  • 27. pam_pkcs11: Replay an Authentication PAM Smartcard CRLServer GetCerti cates Certi cate Validate Certi cate and User RevocationCheck CRL RequestRandomNonce Nonce SignRequestforNonce Signature CheckSignatureAgainstCerti cate DEF CON 2018 27 / 30
  • 28. Roadblocks • Channel back to card is quite limited • Might need to use revocation list check for information leaks • Interaction during exploitation not possible with basiccard, get SIMtrace for that • But: A single bitflip from false to true during login can be enough :) DEF CON 2018 28 / 30
  • 29. Takeaways / Conclusions • Think about trust models! • Some security measures increase your attack surface big time! • Fuzz Everything! • Limit attack surface by disabling certain drivers. • Do not write drivers in C ;-) DEF CON 2018 29 / 30
  • 30. Thanks • Q & A • https://github.com/x41sec/x41-smartcard- fuzzing • [email protected] • Sorry no Twitter... stalk me on LinkedIn if you must ;-) https://www.x41-dsec.de/ 30 / 30