Archive for the ‘reverse engineering’ Category

New OV-Chipkaart site online

Monday, August 8th, 2011

Just noticed someone has put up a new website with all previous info and much more:

TLS, I’ve got only 1 thing to say; suck it up you incompetent bastards!

Be sure to checkout the internals of  the hardware (and save a copy because I have a feeling this wasn’t obtained through official channels LOL :D)

Paper on hardware security attacks

Saturday, June 25th, 2011

Interesting and extensive read. A very short abstract:

This thesis presents a wide range of attacks on hardware security in microcontrollers and smartcards. This includes already known non-invasive attacks, such as power analysis and glitching, and invasive attacks, such as reverse engineering and microprobing. A new class of attacks – semi-invasive attacks – is introduced. Like invasive attacks, they require depackaging the chip to get access to its surface. But the passivation layer remains intact, as these methods do not require electrical contact to internal lines. Semi-invasive attacks stand between non-invasive and invasive attacks. They represent a greater threat to hardware security, as they are almost as effective as invasive attacks but can be low-cost like non-invasive attacks.

The paper is already 6 years old, but well worth a look; Semi-invasive attacks – A new approach to hardware security analysis

OV Chipkaart wiki forced offline by TLS

Sunday, April 17th, 2011

TLS (that incompetent company behind the OV-chipkaart) send lawyers after the owner of He didn’t feel like putting up a fight, so the information was taken offline. A real shame because the site offered good information on the contents of the OV Chipkaart. Offcourse with the proper knowlegde one can hack the card, but it was intended for educational purposes. Some I fully support, so here’s a link to a mirror. If by any chance that one goes down as well, let me know and I’ll put a copy online ;)

Pocket-sized OV-Chipkaart reverse engineering

Tuesday, March 1st, 2011

For those interested in reverse engineering the OV-Chipkaart system (aka Dutch public transport card that’s currently being hacked to shreds because of gross incompetence of Trans Link Systems); here’s an setup that’ll work and fit in your pocket :)

Just a Pandora with a common RFID reader. With the proper knowledge you can whip up your own within a few hours ;)

Also fun would be to replace the reader with a custom Bluetooth capable setup (the Pandora already has Bluetooth). To help you on your way I’ll leave you with these URL’s: an ISO 14443 RFID module combined with a Bluetooth serial bridge. Put it in a lunchbox or something innocent looking and they’ll never suspect a thing.

Going up, going down

Tuesday, August 3rd, 2010

Raided some stowed away boxes this weekend and found some interesting displays in them. Among them were 2 Otis elevator VFD displays bought long ago on Ebay. Each module has 2 large alphanumeric characters which would make for some nice score displays or something along those lines.

Never got around to figuring out how they work, until today. Tracing lines, searching for datasheets and some guesswork resulted in 2 schematics. You’ll notice the data, load enable, data out and clock going nowhere. These go to an Oki MSM5267B-15 33-bit VFD segment driver. It requires a voltage between 8V and 18V and the rest of the components have an even larger range.

You’ll also notice some unused parts. These are on the PCB, but most likely not needed to get this thing to work, so I cut some corners. Let’s say I’m more a digital man and still trying to interpret some parts (what do those comparators do!?), but it seems these babies will come to life soon.

Otis VFD schematic 1 – Control

Otis VFD schematic 2 – Power