Tag: smartcard

smartcard worldUncategorized

difference between Infineon SLE 36 and SLE 78

admin

The Infineon SLE 36 and SLE 78 series are both families of security microcontrollers designed for secure applications such as smart cards, secure identification, and access control systems. However, they differ in several key aspects:

Security Features

  • SLE 78: This series is known for its advanced security features like Integrity Guard, which provides full encryption of data paths and offers various countermeasures against physical and logical attacks.
  • SLE 36: Generally has basic security features and may not offer the advanced countermeasures against attacks that the SLE 78 series provides.

Cryptographic Support

  • SLE 78: Supports a wide range of cryptographic algorithms including RSA, ECC, DES, and AES.
  • SLE 36: Typically supports basic cryptographic algorithms like DES and 3DES but lacks the extensive cryptographic capabilities of the SLE 78 series.

Security Certification

  • SLE 78: Often certified to higher Common Criteria levels, such as CC EAL 6+, making it suitable for high-security applications.
  • SLE 36: May have some level of security certification but usually not as high as the SLE 78 series.

Processing Speed and Memory

  • SLE 78: Generally offers higher processing speeds and more memory, suitable for applications that require fast data processing and more storage.
  • SLE 36: Typically has less memory and may operate at lower speeds.

Use Cases

  • SLE 78: Because of its advanced features, it's used in high-security applications like electronic passports, secure elements in mobile devices, and secure identification cards.
  • SLE 36: More suited for lower-security applications where cost-effectiveness is a priority but some level of security is still required.

Given your background in security research, understanding these differences could be vital, especially if you're evaluating the security of systems that utilize these microcontrollers. You may find it interesting to examine the trade-offs between security features and performance or cost in these two series.

Read More
smartcard world

APDU Lc and Le encoding

admin

Standard ISO_IEC_7816-4-2020

https://www.iso.org/obp/ui/#iso:std:iso-iec:7816:-4:ed-4:v1:en

What we want:

  • we want to test 2 byte Le fields, that means the Lc field should give us already the info that the c r apdu pair is extended. means Lc = 00 and 2 bytes of lenght info.
  • then data, means command data,
  • then 2 bytes of Le encoded

eg. extended length apdu

00CB3FFF
04
5C02DF40
09

eg. normal length apdu

00CB3FFF
000004
5C02DF40
0009

https://stackoverflow.com/questions/40663460/use-apdu-commands-to-get-some-information-for-a-card

Read More
smartcard world

smartcard steps

admin

creating objects AMR cmd

  • DataAccessRightTemplate
  • creating All enum values for reducing lines of code
  • object with several keys
  • diff data
  • selection of different levels gd and ad
  • exception catcher for not implemented parts
  • authentication squence more or less unclear
  • changing access rights for according hex tag hex hex

steps contd

  • remove try catch blocks
  • remove pragma directives
Read More
smartcard world

smart card encryption FAQs

admin

see a task, pick it, and start by step 0:

IFD

ICC Reader Device (IFD)

http://pcscworkgroup.com/Download/Specifications/pcsc4_v2.01.01.pdf

general authenticate

The GENERAL AUTHENTICATE command is used to establish a Secure Channel session, according to Secure Channel Protocol '03' described in GPCS Amendment D [Amd D].

symmetric key

ISO/IEC 11770-2:2018
https://www.iso.org/standard/73207.html

apdu

https://en.wikipedia.org/wiki/Smart_card_application_protocol_data_unit

RND

RND.IFD and RND.ICC are each 16 Bytes

A.IFD

A.IFD = RND.IFD || RND.ICC etc

Read More
Uncategorized

secure authentication

admin

read the counter of auth attempts:

https://globalplatform.org/specs-library/card-specification-v2-3-1/

The INITIALIZE UPDATE command is used, during explicit initiation of a Secure Channel, to transmit card and session data between the card and the host. This command initiates the initiation of a Secure Channel Session.

read the counter of apdu.

findings: counter ist increasing in 2 apdu responses

https://www.rapidtables.com/convert/number/hex-to-decimal.html

https://www.scadacore.com/tools/programming-calculators/online-hex-converter/

Read More
Uncategorized

the AMR command

admin

section 4.5.1, APPLICATION MANAGEMENT REQUEST (AMR) Command

https://globalplatform.org/wp-content/uploads/2014/03/GPC_ISO_Framework_v1.0.pdf

ideas tear and check and repeat.

run multiple parameterized tests with NUnit as in:

https://www.lambdatest.com/blog/nunit-parameterized-test-examples/

        [Test]
        [TestCase("chrome", "72.0", "Windows 10")]
        [TestCase("internet explorer", "11.0", "Windows 10")]
        [TestCase("Safari", "11.0", "macOS High Sierra")]
        [TestCase("MicrosoftEdge", "18.0", "Windows 10")]
        [Parallelizable(ParallelScope.All)]
        public void DuckDuckGo_TestCase_Demo(String browser, String version, String os)
        {
            String username = "user-name";
            String accesskey = "access-key";
            String gridURL = "@hub.lambdatest.com/wd/hub";

Read More
Uncategorized

tearing smartcard RF power

admin

tearing power from cards during command execution. Keolabs SPulse option triggered by Command PCD_EOF triggers RF_POWER output, cycles parameter to align tearing moment.

keo.Spulse.LoadSpulseCsvFile(filepath, fdt, (uint)eFrameTypeFormat.FRAME_TYPE_SPULSE, (uint)eEmulatorLoadSpulseMode.STAND_ALONE);
keo.Spulse.EnableSpulse((uint)eEmulatorSpulseEvent.SP_PCD_EOF, (uint)eEmulatorSpulseOutput.SP_RF_POWER);
keo.Reader.ISO14443.SendTclCommand(0x00, 0x00, ref txBuffer[0], (uint)txBuffer.Length, out rxBuffer[0], (uint)rxBuffer.Length, out rxBufferLength);
Read More