Kronecker

14 June 2011

HSM, NFC, GPU, Kindle Dash

HSM
I made a true triple DES key, loaded it into a HSM (software emulation)
It gave a correct KCV (encryption of 00..00) which had me fooled
But upon extraction (getKey) it gave a different result
Conclusion HSM double DES only!
____________________________________________________

Android 2.3.3 release, Google has added new capabilities for developers, including updates to the API ... that now allow for both reading and writing to standard NFC tags.
Dude..... its about more than tags
- we have a Nexus S in the office, it almost works for our reload app...
hope I can get some time to play with it (NZ1100?)

According to the Android Developers blog, some of the new features include:

A comprehensive NFC reader/writer API that lets apps read and write to almost any standard NFC tag in use today.
Advanced Intent dispatching that gives apps more control over how/when they are launched when an NFC tag comes into range.
Some limited support for peer-to-peer connection with other NFC devices.
For end users of NFC-enabled Android devices, what this means is that applications now have more control about how they are launched when an NFC tag is read. For example, apps could listen for specific tag content or tag technologies, and only launch when a match was made. Plus, applications running in the foreground could stop another app from launching upon the tag reading event, if need be.

The updated platform also provides a limited peer-to-peer communication protocol
http://android-developers.blogspot.com/2011/02/android-233-platform-new-nfc.html
NFC-A (ISO 14443-3A)
• NFC-B (ISO 14443-3B)
• NFC-F (JIS 6319-4)
• NFC-V (ISO 15693)
• ISO-DEP (ISO 14443-4)
• Mifare Classic
• Mifare Ultralight
NFC Forum NDEF tags
androidcommunity

developer.android
____________________________________________________

.Graphics Processing Unit for cracking passwords..the GPU produces the correct password in a fraction of the time. On a Windows machine he pitted the Cain password recovery tool which uses the CPU for its calculations against ighashgpu which uses ATI or Nvidia graphics cards to do the deed. Hands down ighashgpu is the fastest; with Cain taking about one year to crack an eight character password while ighashgpu can do it in under nineteen hours.

hackaday
.....................................
GPGPU computing ... doing general calculations on graphic cards (GPUs) rather than CPUs. ... GPUs ... rendering frames .... people started realizing that GPUs are far more efficient at handling highly parallel tasks ... GPUs are used to speed up video conversion, video processing, doing scientific calculations, folding and password hash cracking.
ighashgpu.
golubev

how many passwords the GPU has churned out per second. Dude, it’s 3.334 billion passwords.

wordpress
____________________________________________________

Kindle seems nifty. But : dash it!
lunascafe typography-is-about-reading-and-so-are
____________________________________________________

29 May 2011

Nexus S Secure Element, Google Wallet

Nexus S does NFC but has no µSD Slot
Google&Mastercard want to control your wallet.

But:

DIY NFC using the Nexus S

Here's what we did next: Download the source (actually from CyanogenMod 7 to have the full build environment for the new Nexus S), make the appropriate changes to the code, recompile everything and put it back into the phone and it works — Nexus S supports card emulation and SWP!
Then we developed an Android app which we call "The Secure Element Manager" that gives the user full control over the secure elements in the phone as well as the NFC chip.
We are now able to fully control the PN65N from an Android app. Very nice, but not enough; we need more: an API for accessing the UICC (secure element) from an Android API.
nearfieldcommunicationsworld...................................................................................................
Luckily Giesecke & Devrient already supports the development of a smartcard stack for Android, SEEK, the Secure Element Evaluation Kit. This one is available for Android 2.2 and requires some adaption to work in Gingerbread, but after these changes we have a fully featured NFC phone using the Nexus S Hardware. Nice, isn't it?

http://groups.googlecom/group/android-developers/browse_thread/thread/418c9b370f08a9f7

__________________________________________________
Nokia C7 comes with a PN544 from NXP. .. ready for Single Wire Protocol support in order to use the UICC as the secure element.

.. Nokia only needs to provide firmware .. likely use NXP's FRI (Forum Reference Implementation), which is also used in the Google phone...
aaa

The FRI a basic software stack for managing the NFC chip through HCI (Host Controller Interface) Android's core and Symbian^3 are both implemented in C, so the stack ..can be ported to both ..

P2P/LLCP and card emulation using SWP or an embedded secure element.

On top of the FRI, Nokia will provide JSR257 (Java layer) in order to manage reading/writing functionality or exchanging of NDEF data structures. Depending on the configuration of the FRI, the phone can support SWP to offer card emulation using a UICC.

Nokia's C7 already provides JSR177 for J2ME applications to communicate with the UICC...
.......................
The Nexus S comes with a PN65N from NXP. This chip is a combination of the PN544 NFC controller and an embedded SmartMX secure element.
__________________________________________________

1. Is this the birth of a new payments network, or an old network in mobile form?

.. Google will be partnering with MasterCard to bring mobile payments ... If that turns out to be true, it's a definite win for the old guard. The current payments infrastructure is built on principles that were defined in the 1970s when credit cards as we know them appeared on the market. It's ripe for disruption and Google has the perfect skillset for doing so. Both MasterCard and Visa have looked at risk of disintermediation.

"secure element" in the case of the Google Nexus S, .. a chip embedded in the mobile phone during manufacturing. (Nexus has NO slot)
With a microSD, it can be anyone. With an embedded secure element, it would usually be the manufacturer of the phone. This is expected to be the case with RIM's forthcoming Blackberry NFC phones and is almost certain to be the case with a future Apple iPhone.
..........
Will any business be able to get access to Google mobile wallets — even direct competitors like Microsoft and Apple — or will Google lock them out? How about the likes of Groupon, PayPal, Facebook and Visa? And who will these businesses go to instead to access the new generation of mobile wallet technology if they can't access a Google Wallet?
nearfieldcommunicationsworld
__________________________________________________

The NXP PN65 .. the NFC radio controller, the embedded secure element and NFC software ...
nxp

Google Wallet, Google Offers, Google Prepaid Card and SingleTap, .. in conjunction with MasterCard, Citi, First Data and Sprint.
. add funds.. from any credit card.
Payments processing ..through MasterCard's PayPass network.
First Data for trusted service manager (TSM) ..such as provisioning card ..
..
nearfieldcommunicationsworld
hypercom

The Google Wallet limited to Nexus S 4G phones Sprint, not the 3G version for T-Mobile or other Android phones...
..Steve Owen, vice p id NXP ..all Android .. could potentially support the wallet
Google could try to control embedded chips and APIs, in other NFC phones ... at odds with mobile operators that want to control the application-bearing chips ..

Isis AT&T, Verizon Wireless and T-Mobile wants to control the secure elements Sprint dropped out.
nfctimes
European.. business model for NFC is based on charging fees to banks and other service providers to put their NFC applications on SIM cards that the telcos issue.

But Google, in fact, is also seeking to recruit European banks ..the Nexus S also supports the single-wire protocol connection to the SIM card, it's possible that Google could block this.

PayPal accusing Google of stealing its trade secrets by recruiting Osama Bedier Google's head of payments. also names Tilenius, who worked at eBay.

__________________________________________________

the wallet will require an “app-specific PIN” to activate, and in the first release (sic), “all payment card credentials will be encrypted and stored on a chip.” (like, in later releases card credentials will be scattered about in clear?]

Update: It's possible Google could ... use Andorid API availability to prohibit other wallet service providers? ..
Google made a point of saying that the wallet would be open to other banks and service providers, along with other mobile carriers and handset makers. ..Google is likely to want to control which applications go into its wallet, ..APIs and master keys, managed by First Data.

__________________________________________________

24 May 2011

Secure Element, Kenya, ChangeKeyAES

Secure Element
The Mobile Security Card SE 1.0 is a standard flash memory mass storage card supplemented with an additional secure element, .. functionality for security operations such as PKI key management or key generation... e-mails, network access.. smartphones, the microSD™ format is the most adopted..
Mobile Commerce Extension protocol ( SDA) or via file.. »Generic Security Interface«,.. Giesecke & Devrient (G&D). The drivers offer a PC/SC (or similar) interface .. Windows Mobile™, ..Symbian OS, Android and Linux®. ..

Memory • 78 kB free EEPROM Mass storage capability • Min. 2 GB flash memory
..
• Hash algorithms: SHA-1, SHA256, MD5, RIPE-MD160 • Symmetric encryption: DES, 3-DES, AES up to 256 bit, Seed 128 bit • Asymmetric encryption: RSA® up to 2048 bit..DSA up to 1024 bi
aaa

gi

__________________________________________________
Smart Card based PKI (Public Key Infrastructure)
.. used by eMails (S/MIME), data encryption and secure authentication (VPN, SSL/TLS). It is based on public/private keys (typically RSA) and certificates, which bind a user identity to a public key.
..the private key is often stored on a smart card..
The most common API to access cryptographic smart card functions is the PKCS#11 interface, published by RSA Labs.
..Corresponding to the PKCS#11 interface, the PKCS#15 specification defines a file structure and description syntax for keys and certificates on the smart card.
google
____________________________________________________________________
State Snooping aka "foiling scalpers"
A real-name ticket sales system began operation Sunday in Beijing. .., aims to make buying a ticket more convenient and fair, by foiling scalpers.
..a ticket vending machine particularly installed with an ID card reader
passengers who forget or lose their ID cards can go to a special window opened by local police ..
Without an ID card, the office can't sell any tickets.
Regarding the new rule's inconvenience..passengers would feel they have no privacy any more."
___________________________________________
African NFC Money
By Griffins Omwenga and Kui Kinyanjui 16 May 2011 21:54
Nairobi. .InMobi, Pay4Me and MoMagic services in the next few months.. pay for goods and services through their mobile phones.
Mobile advert firm InMobi... to launch a new mobile payment system..SmartPay solution..
..a simple payment gateway..to receive money for goods sold online..
..one-time, no-cost, single point of integration across multiple countries.
Locally, it will take on solutions like Pesa Pal and M-Pesa,.. payment solution for e-commerce ventures .. due to low penetration of.. credit cards.
thecitizen.co.tz

___________________________________________
Near Field Communication (NFC) Apple will not include in the next version of the iPhone.
pple's next iPhone, said to be called the 4S, will not have the mobile payment support through NFC (near field communication) says Bernstein in a note this morning.
businessinsider

businessinsider

___________________________________________________
Neat Drive
The GoFlex Satellite is a 500Gb external (Seagate) .. Wi-Fi access and a lithium-polymer battery.
USB interface ( 3.0.. 10x faster),..recharging and moving files. Video, music, photo..
..pressing a power button.. Wi-Fi access mode. ..shows up as a wireless network on your Wi-Fi-enabled device, .. iPad, iPhone, iPod touch, Android tablet, smartphone or a laptop.
..www.goflexsatellite.com in the device’s browse..Movies, Pictures, Music and Documents ..
..media files have to be compatible with Apple devices.. video has to be in H.264, MPEG4 or Motion-JPEG format.
However, using the $5 OPlayer HD iPad app, I was able to play media files in any format on my iPad...
..play three videos at once from the drive, stutter-free and in very good quality...
..$200 .. cf $500 16Gb Wi-Fi only iPad and $700 64Gb iPad

___________________________________________________
Odd DESFire Fact
When changing a Key on a DESFire SAM using AES
you can only do it once!
To change tha key again you have to restart the program.
Even an ATR does not enable that second key change..
So I wrote a "hot-swap" program which enables SAM change...
the original SAM can still only change a key once ...
There must be something in the Javax.smartcardio that gets initialized on program startup
which then only lets you change a key once!
___________________________________________________

16 May 2011

Peer To Peer

Peer to Peer
I doubt whether MasterCard/Visa are enthusiastic about Actual Peer-to-Peer
- because that would cut them out of the picture.
All you need is a retailer or bank at the receivers end who has a deal with the
PtoP system operator. they might well settle using conventional EFTPOS or even Visa credit.
But the PtoP doesnt need any CreditCardCompany
__________________________________________________
Google gets it, and says its too hard

"I'd love to see peer-to-peer used for payment," Google's Nick Pelly
...Typically, the hardware is set up to do card emulation through the secure element. Right now, we don't have any APIs to talk to the secure element. And we think that we probably won't be getting APIs to do that anytime in the near future in the SDK.
..to talk to the secure elements, even from applications on the phone, you need to authenticate yourself properly.
And if you improperly authenticate yourself a certain number of times, there are secure elements out there that will physically destroy themselves and can never be recovered. So that's something that we really think would be a bad experience for users, and we don't want developers getting blamed for, you know, breaking hardware

nearfieldcommunicationsworld

__________________________________________________
Some places arent even getting started:
Smartcards delayed for seven years .. 13 May 2011
..commuters in Scotland will not benefit from queue-busting travel smartcards until at least 2018 because companies involved are reluctant to share their tickets..
heraldscotland

___________________________________________________
Third World types really get it:

The strides Kenya has made in mobile banking .. Mobile Money Transfer Conference in Nairobi.
..“Kenya is a pioneer in the mobile payment industry ..
..Mobile money transfer platforms like M-Pesa by Safaricom, YuCash by Yu, Orange Money by Orange and Airtel Money enable people to access money through mobile phones, ..
...“Idle soft currency kept under the mattress is not safe, but once it is in the mobile wallet it can be lent out for traders to do business for additional revenue streams.”(???)
..nation

__________________________________________________
MasterCard want to stay in the picture .. but really, we dont need them ..
..May 16 2011
MasterCard demonstrates.. iPhone attachment running its contactless PayPass ..
..iCarte (Wireless Dynamics) .. MasterCard PayPass application in an embedded secure chip,...tap their iPhone 4 handsets .. where the PayPass is accepted...
.. Singapore Cassis Intl as trusted service manager to provision the PayPass
..Singapore’s EZ-Link .. used for transit,.. some retail ..also issues a MasterCard branded prepaid card.. Fevo.
..whether EZ-Link..would also be on the phones, though likely not.

..another trial of an NFC bridge .. a SIM attached to a flexible contactless antenna, (Gemalto).. mobile operator StarHub and DBS Bank. ..

In Malaysia.. Maxis Communications ..some interest..
.
Visa Europe ..trial in Turkey ..United Kingdom of the iCarte...Visa has trialed contactless microSD cards in the iPhone and other..

The microSDs, as well as the iCarte have corresponding apps .. to access the payment applications stored on the secure chips ..
..
nfctimes

___________________________________________________
Speed not a problem
TransferJet is a wireless technology that is said to combine the speed of Ultra Wide Band with the ease of Near Field Communications...560Mbit/s,.. effective throughput.. 375Mbit/s,.. 4.48GHz..
in V2 of the protocol, centre frequency of 60GHz.. data transfer rate to 2Gbit/s. Expect this chip in mid 2014.
___________________________________________________

05 May 2011

AES CMAC as used in DESFire AV2

AES CMAC
nb may need to chain the IV

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import java.security.NoSuchAlgorithmException;
import javax.crypto.spec.SecretKeySpec;

/**
*
* @author Chris Skinner
*/
public class AES {

static public byte[] K = new byte [16]; // 128 bit key
static public byte[] K1 = new byte [16]; // 128 bit sub key
static public byte[] K2 = new byte [16]; // 128 bit sub key
static final public byte[] Z16 = new byte [16]; // 128 bit zero
static Cipher cipher = null;

//♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧
static void print (String s) {
System.out.print(s);
}
//♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧

static byte[] shl (byte[] bin) // << 16 byte array
{
byte[] bout = new byte[16];
for (short j = 0; j < 15; j++) // java b[0] is the highorder
{
int sot = ((bin[j+1] & 0x80) >> 7);
int sef = ( bin[j] << 1 ) | sot;
bout[j] = ( byte)sef;
}
bout[15] = (byte)(bin[15] << 1);
return bout;
}
//♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧
static SecretKeySpec skeySpec = null;

public static void subKeys(byte[] key) // make K1 K2 from key
{
/*
+ Algorithm Generate_Subkey +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +
+ Input : K (128-bit key) +
+ Output : K1 (128-bit first subkey) +
+ K2 (128-bit second subkey) +
+-------------------------------------------------------------------+
+ +
+ Constants: const_Zero is 0x00000000000000000000000000000000 +
+ const_Rb is 0x00000000000000000000000000000087
binary 10000111 +
+ Variables: L for output of AES-128 applied to 0^128 +
+ +
+ Step 1. L := AES-128(K, const_Zero); +
+ Step 2. if MSB(L) is equal to 0 +
+ then K1 := L << 1; +
+ else K1 := (L << 1) XOR const_Rb; +
+ Step 3. if MSB(K1) is equal to 0 +
+ then K2 := K1 << 1; +
+ else K2 := (K1 << 1) XOR const_Rb; +
+ Step 4. return K1, K2; +
+ +
*/
byte bRb = (byte)0x87; // Rb for AES128
// key must be 16 bytes
try
{
skeySpec = new SecretKeySpec(key, "AES");
if (cipher == null)
cipher = Cipher.getInstance("AES/ECB/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
K1 = cipher.doFinal(Z16);
}
catch (Exception ex) // nosuchalgorithm, invalidkey,nosuchpadding...
{
print("\n error 400 AES " + ex.getMessage());
}
boolean highL = ((K1[0] & 0x80) != 0);
K1 = shl(K1);
if (highL)
K1[15] = (byte)(K1[15] ^ bRb);
highL = ((K1[0] & 0x80) != 0);
K2 = shl(K1);
if (highL)
K2[15] = (byte)(K2[15] ^ bRb);
}
//♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧
static byte[] xor16(byte[] ba, byte[] bb)
{
byte[] bout = new byte[ba.length];
for (short j = 0; j < ba.length; j++)
bout[j] = (byte)(ba[j] ^ bb[j]);
return bout;
}

//♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧

static public byte[] CMAC(byte[] key, byte[] mesg)
{
/*
+ Input : K ( 128-bit key ) +
+ : M ( message to be authenticated ) +
+ : len ( length of the message in octets ) +
+ Output : T ( message authentication code ) +
+
+ const_Bsize is 16 +
+ +
+ Variables: K1, K2 for 128-bit subkeys +
+ M_i is the i-th block (i=1..ceil(len/const_Bsize)) +
+ M_last is the last block xor-ed with K1 or K2 +
+ n for number of blocks to be processed +
+ r for number of octets of last block +
+ flag for denoting if last block is complete or not +
+ +
+ Step 1. (K1,K2) := Generate_Subkey(K); +
+ Step 2. n := ceil(len/const_Bsize);
The smallest integer no smaller than x.
ceil(3.5) is 4. ceil(5) is 5.+
+ Step 3. if n = 0 +
+ then +
+ n := 1; +
+ flag := false; +
+ else +
+ if len mod const_Bsize is 0 +
+ then flag := true; no overflow +
+ else flag := false; +
+ +
+ Step 4. if flag is true +
+ then M_last := M_n XOR K1; +
+ else M_last := padding(M_n) XOR K2; +
+ Step 5. X := const_Zero; +
+ Step 6. for i := 1 to n-1 do +
+ begin +
+ Y := X XOR M_i; +
+ X := AES-128(K,Y); +
+ end +
+ Y := M_last XOR X; +
+ T := AES-128(K,Y); +
+ Step 7. return T; +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

*/
subKeys(key); // set K1,K2
int mz = mesg.length ;
print("\n\n message " + Uti.asString(mesg)); //✦✦✦✦✦✦✦✦✦✦✦✦✦✦✦
int n = mz / 16; // number of 16byte chunks.. if overflow > 0 add 1 to this
print("\n mz " + mz + " first n " + n); //✦✦✦✦✦✦✦✦✦✦✦✦✦✦✦
int m = n * 16;
int v = mz - m; // overflow bytes 0..15
print(" m " + m + " v " + v);//✦✦✦✦✦✦✦✦✦✦✦✦✦✦✦
if (v > 0)
n++; // now the "actual" number of chunks ie ceiling
print(" new n " + n);//✦✦✦✦✦✦✦✦✦✦✦✦✦✦✦

byte[] MLast = new byte[16];
int lastn = ( n-1 ) * 16; //byte address of lastchunk within mesg
int lastz = mz -lastn; // number of bytes to copy to lastchunk
System.arraycopy(mesg,lastn, MLast,0,lastz);
print("\n MLast " + Uti.asString(MLast)); //✦✦✦✦✦✦✦✦✦✦✦✦✦✦✦
if (v == 0) // no overflow
MLast = xor16(MLast,K1);
else
{
MLast[lastz] = (byte)0x80; // this does the padding
print("\n v pre MLast " + Uti.asString(MLast)); //<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
MLast = xor16(MLast,K2);
print("\n v post MLast " + Uti.asString(MLast)); //<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

}
//todo: put MLast backk into mesg and do a normal CBC....
// we should be able to use CBC... // todo replace with CBC

byte[] X = new byte[16]; // zeros by default;
//BUT updated IV has to be used in next CMAC or encryption
byte[] plain = new byte[16];
try
{
if (cipher == null)
cipher = Cipher.getInstance("AES/ECB/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec); // spec set in subkeys???

for (short j = 0 ; j < n-1; j++)
{
int jx = j * 16; // dont do this kind of thing...
System.arraycopy(mesg,jx, plain,0,16);
plain = xor16(plain,X);
print("\n plain aaa " + Uti.asString(plain)); //<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
X = cipher.doFinal(plain);
}
plain = xor16(MLast,X);
print("\n plain zzz " + Uti.asString(plain)); //<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
X = cipher.doFinal(plain);
print("\n cipherzzz " + Uti.asString(X)); //<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
}
catch (Exception ex) // nosuchalgorithm, invalidkey,nosuchpadding...
{
print("\n error 400 AES " + ex.getMessage());
}
return X;
}
}//♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧ fin ♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧♧

17 April 2011

Money by Phone, Obscurity, Reader Detection

Peer to Peer money transmission
ie. send money phone to phone, with NO central control
The SIMs control security.
I would suggest asymmetric eg RSA, but I suppose it could be done with symmetric (eg AES)
- which would mean every SIM has the main key on board.

Obviously, using SMS, or similar, lost transmissions would be a problem.

Oddly, you can only cancel a send (and get your money back) if your receiver has an active Log file.
If your receiver can put a Cancel message on her log, her SIM will then permit her to send you a signed CancelOK message.
Your SIM would verify this, then reverse your transaction - ie money back.

If your receiver is non-contactable, ie if she breaks her SIM, you can NOT cancel, ie you can not get your money back.

Still & all, wouldnt it be grand to send money with no Govt snooping, no Western Union 20%...

________________________________________________________________
Obscurity
DESFire manual is still available online MF3 IC D40 3.1 April 2004
(hint: search for M075031 and pudn)
- Why is Philips so set on secrecy for its documentation? Reeks of 'security through obscurity'
I guess theyre still smarting from that bunch of students who cracked their 'classic' 48bit key.
Nobody supposes the 'new' 112bit key will be cracked, so why hide the docs?

__________________________________________________________________
Detecting Readers

I've spent a lot of hours trying to Auto-Detect card readers
Contact readers are OK to autodetect.
I've decided that it is NOT possible to auto-detect NFC/ContactLess Readers.

All the 'utility' card reader programs I have seen start with "Pick your readers from a list"

Its just impossible to wait for a card on every reader, and eg check the ATR.

I thought for a while it was a threading problem with java Swing, but console apps cant do it either.

Oddly, even if you pick readers from a list, I still get a hiccup on first NFC read if I auto-detect my SAM.

We tend to assume people have Omnikey (5321)
Sometimes we even hardcode "-CL" into the terminal name comparison (ugh)

Omnikey does a bunch of read & writes to DESFire AV1 in 140msec, whereas an ACR122U-A2 takes 638msec which is so slow I reckon I have missed a section on "speeding up your ACS reader" somewhere (?)
_____________________________________________________________________

30 March 2011

DESFire SAM crc16

byte[] iso14443a_crc(byte[] Data) // DESFireSAM crc16 do not invert the result
{
int bt;
int wCrc = 0x6363;
int j = 0;
int t8 = 0;
int t9 = 0;
int tA = 0;
int Len = Data.length;
final int maskB = 0x0000000000000000FF;
final int maskW = 0x00000000000000FFFF;

do
{
bt = Data[j++] & maskB;
bt = (bt^(wCrc & 0x00FF)) & maskB;
bt = (bt^(bt<<4)) & maskB;

t8 = (bt << 8) & maskW;
t9 = (bt<<3) & maskW;
tA = (bt>>4) & maskW;
wCrc = (wCrc >> 8)^(t8^t9^tA) & maskW;
}
while (j < Len);

byte[] bb = new byte[2];
bb[0] = (byte) (wCrc & maskB);
bb[1] = (byte) ((wCrc >>8) & maskB);
return bb;
}