full-disclosure-uk January 2009 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] ANNOUNCE - RFIDIOt 0.1w re

[Full-disclosure] ANNOUNCE - RFIDIOt 0.1w released - January 2009

From: Adam Laurie <adam_at_nospam>
Date: Fri Jan 30 2009 - 13:32:40 GMT
To: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com


Hi,

I've been working on adding Global Platform functionality to non-PC/SC devices so folks with LAHF and HF ACG devices can play with JCOP cards... It's not quite there yet, but jcoptool.py is a work in progress which currently supports printing manufacturer info and card contents. I'll be working on installing/deleting applets next.

Other fixes are mostly to do with e-passports...

 From CHANGES:

v0.w
fix ACG reset/info sequence in RFIDIOt.py fix facial image display bug in mrpkey.py where conversion is required [Andreas Schmidt]
fix RANDOM_UID setting in jcop_mifare_access.cap/jcopmifare.py (you will need a secret key from NXP)
add jcoptool.py - JCOP toolkit (work in progress) mrpkey.py changes:

   fix binary mode when reading files under Windows (for WRITE to card)    fix computation of composite checksum digit    support reading non-BAC passports
   specify a dummy MRZ or simply the keyword 'PLAIN' for Plain Access if there is no Basic Access Control

   support writing non-BAC passports (only for vonJeek cards)    new commands SETBAC and UNSETBAC to toggle the BAC mode on vonJeek cards    extract & display signature image stored in DG7, if any    fix bug in Jpeg 2000 handling & add Jpeg 2000 support for DG7    better error handling if PCSC daemon is down or no reader is found    support clone mode by specifying PLAIN/MRZ and WRITE: first read then write

   support shortened MRZ (as in mrp0wn)
   strip AA & EAC by default when writing, set STRIP_INDEX=False to disable stripping
change Makefile to match vonJeek gpshell files (upload2jcop.gpsh & upload2nokia.gpsh)

Full details here:

   http://rfidiot.org

BTW, I'm giving a course with Zac Franken at BH Europe in April, and USA in July if you want to get hands on with this stuff...

   http://www.blackhat.com/html/bh-europe-09/train-bh-eu-09-zf.html

cheers,
Adam -- Adam Laurie Tel: +44 (0) 20 7993 2690 Suite 117 Fax: +44 (0) 1308 867 949 61 Victoria Road Surbiton Surrey mailto:adam@algroup.co.uk KT6 4JX http://rfidiot.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/