Archive for the ‘security’ Category

New OV-Chipkaart site online

Monday, August 8th, 2011

Just noticed someone has put up a new website with all previous info and much more:

TLS, I’ve got only 1 thing to say; suck it up you incompetent bastards!

Be sure to checkout the internals of  the hardware (and save a copy because I have a feeling this wasn’t obtained through official channels LOL :D)

Paper on hardware security attacks

Saturday, June 25th, 2011

Interesting and extensive read. A very short abstract:

This thesis presents a wide range of attacks on hardware security in microcontrollers and smartcards. This includes already known non-invasive attacks, such as power analysis and glitching, and invasive attacks, such as reverse engineering and microprobing. A new class of attacks – semi-invasive attacks – is introduced. Like invasive attacks, they require depackaging the chip to get access to its surface. But the passivation layer remains intact, as these methods do not require electrical contact to internal lines. Semi-invasive attacks stand between non-invasive and invasive attacks. They represent a greater threat to hardware security, as they are almost as effective as invasive attacks but can be low-cost like non-invasive attacks.

The paper is already 6 years old, but well worth a look; Semi-invasive attacks – A new approach to hardware security analysis

OV Chipkaart wiki forced offline by TLS

Sunday, April 17th, 2011

TLS (that incompetent company behind the OV-chipkaart) send lawyers after the owner of He didn’t feel like putting up a fight, so the information was taken offline. A real shame because the site offered good information on the contents of the OV Chipkaart. Offcourse with the proper knowlegde one can hack the card, but it was intended for educational purposes. Some I fully support, so here’s a link to a mirror. If by any chance that one goes down as well, let me know and I’ll put a copy online ;)

Sony and US judge gone mad

Saturday, March 5th, 2011

Just when you think things can’t get any more idiotic, something like this comes along;

A federal magistrate is granting Sony the right to acquire the internet IP addresses of anybody who has visited PlayStation 3 hacker George Hotz’s website from January of 2009 to the present.

Nothing new, we already knew Sony are nazis and the US is a 3rd world country, but if anything, this only encourages people even more to actively persuade their friends not to buy Sony crap. Personally I’m grabbing a glass of good whisky to celebrate on the day Sony finally goes up in flames.

While we’re at it. Here’s another scary story… Am I the only one who finds it strange they track down content sharing this hard, but when Wall Street and the likes screw up the entire worldwide economy, almost nothing happens… oh wait, Bush is also still at large… You know what’s going on in Libya? Bit harsh comparison, but similar battles and international judgments are in order against content providers and friends.

Pocket-sized OV-Chipkaart reverse engineering

Tuesday, March 1st, 2011

For those interested in reverse engineering the OV-Chipkaart system (aka Dutch public transport card that’s currently being hacked to shreds because of gross incompetence of Trans Link Systems); here’s an setup that’ll work and fit in your pocket :)

Just a Pandora with a common RFID reader. With the proper knowledge you can whip up your own within a few hours ;)

Also fun would be to replace the reader with a custom Bluetooth capable setup (the Pandora already has Bluetooth). To help you on your way I’ll leave you with these URL’s: an ISO 14443 RFID module combined with a Bluetooth serial bridge. Put it in a lunchbox or something innocent looking and they’ll never suspect a thing.

Wake up Keil

Sunday, November 21st, 2010

“Security is a concern of all on-line consumers”… apparently not for Keil… Not exactly something you’d want to see from a company who’s ARM development suite costs over €4000.

Security gone too far

Sunday, October 24th, 2010

It’s a fine line between customer friendliness and security, but sometimes the line is crossed making the system impossible to use. In this case my creditcard company has made their security too tight making it impossible to pay for something. It took 3 different browsers and 7 attempts to pay for a small item… time to look for a new bank to do business with…

On a related topic, their argument was that they don’t support all browsers. But that shouldn’t matter if they just follow standards. Websites should be independent of the browser used. Same goes for browsers themselves (yes I’m looking at you Microsoft). Can’t repeat that often enough!