#1
|
|||
|
|||
Extract Private Key Informations from Smart-Card
Good Morning to everyone.
I am starting this topic to ask some unusual informations about tools that might be able to help to extract Private-Key informations from Smart-Cards. Backgrounds: I live not far (but not near) to my parents'. Since they are aging, it's been some years that I'm having them apply for online services (even if they don't even know how to turn on a PC) so that I can help them in everyday life while being away (bank account problems and documentation, utilities bills and contracts, sanitary inspections and certifications and so on). This way, they simply call me and, with the credentials, the aid of a secondary phone number to generate OTPs from and a VNC installed on the PC I configured in their home, I've always been able to accomplish all of the required tasks. In these last years, in my country, the government is beginning to issue NFC ID Cards, Sanitary Smart Cards and Multilevel Identity Checks (which do always require something physical for most operations) which are beginning to pose serious issues to this form of "telematic assistance", since I can no more operate the way I used before. What was easy to accomplish, simply sending scanned ID Card or Sanitary ID, now creates lots of problems, since a physical card is required and, differently from OTPs, there are no software tokens or software vaults to load the certificates into. As for the moment, the only solution I found, is to involve them the process only as little as it is needed by purchasing a NFC and Smard-Card lector, connecting remotely to their PC and asking them to put onto/into the card as I need it. This will obviously work as long as they'll be able to walk, talk and understand. Any problem that might compromise their ability to do such things, might also cause me not to be able to remotely help them anymore. I obviously know that the security of the private key is what it's all about, otherwise Digital IDs would be totally useless, but I also know that hackers and crackers don't stay there watching without doing anything, so the question: Is someone able to point me out some tools, documentation or other that might help me trying to pry out, in a non destructive way, the private key from a Smart Card/NFC Card? Thanks in advance. |
#2
|
|||
|
|||
not think anyone have that info will make public here....
|
The Following User Gave Reputation+1 to user1 For This Useful Post: | ||
Avi_RE (11-26-2023) |
#3
|
|||
|
|||
I'm glad that banks have strong security and hope they make it stronger.
When my parents got old they gave me 'power of attorney' so I could legitimately access their accounts. Here in the UK, it was cheap and simple. Maybe you could consider this option. |
#4
|
|||
|
|||
Quote:
Once activated on a different phone (mine has my account activated and cannot be used with other accounts), it generates all the codes needed for every operation. At the moment, the main problem is the Sanitary ID Smart Card, which is required to book medical inspections, to download blood examination and other reports and to request medical recipes from the doctor. All these activities can be performed in person or via the internet with a valid Sanitary ID Card inserted into the reader. |
#5
|
|||
|
|||
That should be not possible if correctly implemented. Even physical attacks on chips are very difficult and expensive (not to mention that always are destructive).
_https://www.researchgate.net/publication/301317714_A_Survey_on_Chip_to_System_Reverse_Engineering |
The Following User Says Thank You to virus For This Useful Post: | ||
niculaita (06-07-2020) |
#6
|
|||
|
|||
Everything is possible with right tools and best approach.
Look this, may bring some ideas: https://www.youtube.com/watch?v=iJFnYBJJiuQ |
The Following User Says Thank You to phroyt For This Useful Post: | ||
niculaita (06-07-2020) |
#7
|
||||
|
||||
what you ask is a specific hardware hacking context .. this public document explains several tecniques, for smartcards is exactly the same
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.html
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪) There are only 10 types of people in the world: Those who understand binary, and those who don't http://www.accessroot.com |
#8
|
|||
|
|||
Yes if a proper cryptographically secure software solution is used which for some reason has proved difficult in the past, then attacking the hardware directly is the only option.
On the other hand, building a mechanical card insertion and removal device which you can control remotely would probably be easier and quite clever to say the least. Not as streamlined as having a private key, but a small electronics project should make it so a person does not have to directly handle the card but will still be able to retrieve it out of such contraption. |
The Following User Gave Reputation+1 to chants For This Useful Post: | ||
niculaita (06-07-2020) |
The Following User Says Thank You to chants For This Useful Post: | ||
niculaita (06-07-2020) |
#9
|
|||
|
|||
I can suggest another humble solution:
USB Redirector Install the server on your parents machine and using ngrok.com you can point the client on your machine to given address. [Parents + USB Redirector + NGrok Agent] <=> [Your Machine + USB Redirector Client] Now you have local access to all USBs on the host. Running USB Client with NGrok: https://imgur.com/hNu5Xb9 Running Host with NGrok (Green console is a running proxy): https://imgur.com/Cp0KG4O Last edited by phroyt; 05-27-2020 at 03:42. |
#10
|
|||
|
|||
What happen if your parents lose the card or if it's not working anymore?
they ask to official places to get a new card no?then say to your parents to send it to you and you can do the work yourself,maybe i've don't understood correctly.
__________________
I like this forum! |
#11
|
|||
|
|||
smart card gets the pin and the operation you want done and returns you the information, it happens on the chip thats why theres practially no option to do it - unless using some proxies etc, but the costs of "hacking" a simcard/smartcard are high
|
#12
|
|||
|
|||
Given how totally illegal (as in probably go-to-jail-if-you-are-caught illegal) doing any kind of messing with national ID cards is (drivers license/passport/etc) I wouldn't think its something appropriate for this forum.
|
#13
|
|||
|
|||
Quote:
And, by the way, did you think that there might be lots of licit reasons that might need such question? |
#14
|
|||
|
|||
@TmC
i think nowdays in 2023 with lots of Hardware Hacking Tools/Kits ) it can be done as 123 ) Good Luck |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
PC Card & CardBus Memory | theGate | General Discussion | 0 | 08-24-2006 07:26 |