Money by Phone, Obscurity, Reader Detection

Peer to Peer money transmission
ie. send money  phone to phone, with NO central control
The SIMs control security.
I would suggest asymmetric eg RSA, but I suppose it could be done with symmetric (eg  AES)
- which would mean every SIM has the main key on board.

Obviously, using SMS, or similar, lost transmissions would be a problem.

Oddly, you can only cancel a send (and get your money back) if your receiver has an active Log file.
If your receiver can put a Cancel message on her log, her SIM will then permit her to send you a signed CancelOK message.
Your SIM would verify this, then reverse your transaction - ie money back.

If your receiver is non-contactable, ie if she breaks her SIM, you can NOT cancel, ie you can not get your money back.

Still & all, wouldnt it be grand to send money with no Govt snooping, no Western Union 20%...

________________________________________________________________
Obscurity
 DESFire manual is still available online  MF3 IC D40 3.1 April 2004
(hint: search for M075031 and pudn)
- Why is  Philips so set on secrecy for its documentation? Reeks of 'security through obscurity'
I guess theyre still smarting from that bunch of students who cracked their 'classic' 48bit key.
Nobody supposes the 'new' 112bit key will be cracked, so why hide the docs?



__________________________________________________________________
Detecting Readers

I've spent a lot of hours trying to Auto-Detect card readers
Contact readers are OK to autodetect.
I've decided that it is NOT possible to auto-detect NFC/ContactLess Readers.

All the 'utility' card reader programs I have seen start with "Pick your readers from a list"

Its just impossible to wait for a card on every reader, and eg check the ATR.

I thought for a while it was a threading problem with java Swing, but console apps cant do it either.

Oddly, even if you pick readers from a list, I still get a hiccup on first NFC read if I auto-detect my SAM.

We tend to assume people have Omnikey (5321)
Sometimes we even hardcode "-CL" into the terminal name comparison (ugh)

Omnikey  does a bunch of read & writes to DESFire AV1 in 140msec, whereas an ACR122U-A2 takes 638msec which is so slow I reckon I have missed a section on "speeding up your ACS reader" somewhere  (?)
_____________________________________________________________________

DESFire SAM crc16

 byte[] iso14443a_crc(byte[] Data)   // DESFireSAM crc16 do not invert the result
    {
        int  bt;
        int wCrc = 0x6363;
        int j = 0;
        int t8 = 0;
        int t9 = 0;
        int tA = 0;
        int Len = Data.length;
        final int maskB = 0x0000000000000000FF;
        final int maskW = 0x00000000000000FFFF;


        do
        {
            bt = Data[j++]              & maskB;
            bt =  (bt^(wCrc & 0x00FF))  & maskB;
            bt =  (bt^(bt<<4))          & maskB;


            t8 = (bt << 8)          & maskW;
            t9 = (bt<<3)            & maskW;
            tA = (bt>>4)            & maskW;
            wCrc = (wCrc >> 8)^(t8^t9^tA)  & maskW;
        }
        while (j < Len);


        byte[] bb = new byte[2];
        bb[0] = (byte) (wCrc          & maskB);
        bb[1] = (byte) ((wCrc >>8)    & maskB);
        return bb;
}
   

crc32

NXP do a crc32 on 3D00000000120000010203040506070809101112131415161718 and get 0x9C1AF759

most crc32 give 0xa608e563 ..
eg :
fileformat.info/tool/hash All the hash you want...
networkdls
java.util.zip.CRC32;

I wonder what CRC32 they are using??

DESFire and King Croesus

DESFire Authentication and Key Derivation

Now Available!


_________________________________________________________________________

"rich as Croesus"
either very fine powder of the gold straight from the mines, or else get bigger pieces of old gold and hammer it out into very thin sheets - a bit like the old-fashioned cigarette papers - and then put these in a pot along with common salt, that's sodium chloride. And then heat that in a furnace to about 800 degrees centigrade, and ultimately you are left with pretty pure gold."
So the Lydians learned how to make pure gold coins. But no less importantly, they then employed craftsmen to stamp on them symbols indicating their weight, and thus their value. These first coins have no writing on them - dates and inscriptions on coins were to come much later - but archaeological evidence allows us to date our coins to around 550 BC, so the middle of Croesus's reign.


Gold Coin of Croesus, Kig of Lydia 550BC Turkey

- Once cards send money to each other, the reign of Croesus is finally over
_______________________________________________

Compile a Java Card Applet, Load onto JCOP card, execute..

ok this is how to
Compile a Java Card Applet, Load onto JCOP card, execute..

Applet Source is in \card\src\joe\Fred.java
joe is the package

Batch file to make CAP
_________________________________________________________
prompt $g
set JC_HOME=C:\card\java_card_kit-2_2_1
:: CARE set JAVA_HOME does NOT change javac version
set JAVA_HOME="C:\Program Files\Java\jre1.5.0_05"
set PATH=.;%JC_HOME%\bin;%JAVA_HOME%\bin;%PATH%
:: path overkill?
cd \card\src\joe
C:\card\jsdk13\bin\javac -g -classpath ".;%JC_HOME%\lib\api.jar" Fred.java
:: this JCOP card uses javacard 2.2.1 and javac 1.3
:: j1.5 gives: unsupported class file format of version 49.0.
:: nb classpath api.jar does give access to javacard.framework
set _CLASSES=C:\card\java_card_kit-2_2_1\lib\apduio.jar;C:\card\java_card_kit-2_2_1\lib\api.jar;C:\card\java_card_kit-2_2_1\lib\capdump.jar;C:\card\java_card_kit-2_2_1\lib\converter.jar;C:\card\java_card_kit-2_2_1\lib\offcardverifier.jar;
:: do this once only ......... xcopy /S C:\card\java_card_kit-2_2_1\api_export_files\*.* exp\
cd \card\src\
java -classpath "%_CLASSES%" com.sun.javacard.converter.Converter -config Fred.opt
____________________________________________________
You have to hunt around Oracle's archives to find the JDK1.3

____________________________________________________

____________________________________________________

Fred.opt


____________________________________________________
-out EXP JCA CAP
-exportpath joe\exp
-applet 0x1:0x0:0x0:0x0:0x1:0x3:0x1:0x0:0x1:0x1 joe.Fred
joe
0x1:0x0:0x0:0x0:0x1:0x3:0x1:0x0:0x1 1.0
____________________________________________________

Any old AID will do, but there are international Company standards in the Real World

To load the CAP I use jcManager
later on I'll try to do a low level load
Install for load etc etc
gpshell didnt load the HelloWorld that jcManager did,
so expect more difficulties

____________________________________________________
____________________________________________________

anubis script to run the Applet
(I copied CLA 80 and INS 20 from a wallet program)
I guess they can be anything...

____________________________________________________
atr = open();
prints(atr);
prints(" Select joe ");
cmd = new ApduCmd("00A404000A0100000001030100010100");
card_response = execute(cmd);
prints(card_response);
prints(" Get Data ");
cmd = new ApduCmd("B020000008111213141516171800");
card_response = execute(cmd);
prints(card_response);
____________________________________________________
right now the Applet just returns 2 bytes.
Now to get it to do Something interestng.
....
Also I would like to get NetBeans Card going with javac 1.3 and jcdk 2.2.1
 - is that even possible??

JavaCard CAP converter

Many problems trying to compile, Convert & Load a Java Applett onto a JCOP card

some lines from batch file

:: Compile the .java file
prompt $g
set JC_HOME=C:\card\java_card_kit-2_2_1
::set JAVA_HOME="C:\Program Files\Java\jre1.5.0_05"
set JAVA_HOME=\card\jre13
:: java 1.3 unsupported class file format of version 50.0.
:: java 1.5 gives eror  unsupported class file format of version 50.0.

set PATH=.;%JC_HOME%\bin;%JAVA_HOME%\bin;%PATH%
cd \card\src\joe
java -version
pause
javac -g  -classpath C:\card\java_card_kit-2_2_1\lib\javacardframework.jar Fred.java
pause
set _CLASSES=C:\card\java_card_kit-2_2_1\lib\apduio.jar;C:\card\java_card_kit-2_2_1\lib\api.jar;C:\card\java_card_kit-2_2_1\lib\capdump.jar;C:\card\java_card_kit-2_2_1\lib\converter.jar;C:\card\java_card_kit-2_2_1\lib\offcardverifier.jar;
::xcopy /S C:\card\java_card_kit-2_2_1\api_export_files\*.* exp\
:: this sems extreme  ....to copy !!!
java -classpath "%_CLASSES%" com.sun.javacard.converter.Converter -config Fred.opt








- so far havnt found the right combo of jcdk & jre

newer jcdk gave errors on CAP load...
they say JCOP can NOT do UNencrypted loads so we cant inspect the payload???

plan:
go back to
http://lavamunky.wordpress.com/2010/03/28/java-card-prog-compile/#comment-69



lavamonkey  - why does blogsearch not find monkey??
lava monkey  javacard compile - will blogsearch find this??

Java Swing/AWT  and Waiting for a Card
You need to use a "SwingWorker" which is a kind of Thread.

If not, your screen refreshes will freeze.

The main will need to be "invokeLater"

I wish Java AWT could do threads in a more simple fashion,

but this is how it is

    SwingWorker<String, String> waitForCard = null;
    String tap = "Tap";


    private void buttonPress(java.awt.event.ActionEvent evt)                          
    {                              


        jTextArea1.setBackground(Color.white);
        jButton1.setEnabled(false);
        jTextArea1.setText(tap);


        final String badRead = "badRead";
//SW SW SW SW SW SW SW SW SW SW SW SW SW SW SW SW 


        waitForCard = new SwingWorker<String, String>()
        {
            public String doInBackground()
            {
                do
                {
                    waitCard();  // waits for a card on the NFC card reader
                    if (this.isCancelled())
                           return("cancelled");
                }
                while ( rbal.contentEquals(badRead) );  // rbal example is Card BAlanc
                publish(rbal);   
 //publish an update, this will get added to a list and
// processed in bulk by the process() method at some point
/ ie if we want a sequence, eg clear the field after one second, do the work, publish
then "done" does the final clear


                waitCardGone();




                try {
                    Thread.sleep(1500);


                } catch (InterruptedException e) {
                    return("rupt");    // never seen?
                }


                return("blank");


            }
            @Override
            protected void process(List<String> chunks) {
                jTextArea1.setText(chunks.get(0));  // display your data
            }


            @Override
            protected void done()
            {
            jTextArea1.setText("");  // clear the text after 1.5 seconds
            jTextArea1.setBackground(mgreen);
            jButton1.setEnabled(true);


            } // done
        };    //waitForCard definition fin
//SW SW SW SW SW SW SW SW SW SW SW SW SW SW






        waitForCard.execute();


    }                         

----------------------------------------------------------------------------------

public static void main(String args[])

    {

        java.awt.EventQueue.invokeLater(new Runnable()

        {

            public void run()

            {

                Framek f = new Framek();

                f.setLocation(Uti.centrePoint(f));

                f.setTitle("Card Balance ");

                f.setVisible(true);

                f.initk();  // initialise stuff

             }

        });

    }