of 21 /21
Roo2ng SIM cards The SRLabs Team

Rooting SIM cards by Karsten Nohl

Tags:

Embed Size (px)

DESCRIPTION

Some DES-secured SIM cards allow for remote key cracking and applet installation; Java vulnerabilities enable attacker to remotely extract Ki, banking applet data; Mitigation options exist on network, baseband, and SIM card level.

Text of Rooting SIM cards by Karsten Nohl

  • 1. Roo2ngSIMcards TheSRLabsTeam SRLabsTemplatev12

2. SIMcardsarefullyprogrammablecomputersystems Applica'onsonmodernSIMcardSmartcardwithreal-2meopera2ngsystem Basicfunc'onsSimplelesystemJavavirtualmachine Iden2ca2on(IMSI) AddressbookCustomJavaapps Authen2ca2on(Ki& Hashfunc2on) SMSmessages Roamingmgmt Sessionkeys Payment Tracking2 3. SIMsecurityinvolvesmanylayersfromsmartcardstocryptography andJavaprocesssepara2on SIMcardincludesvariousprotec'onmechanisms Userauthen'ca'on bysimplecomparisonPIN/PUK numbersSIMauthen'ca'on bycryptographichashfunc2on (oLenComp128inGSM; Ki Milenagein3G/4G)B Applica'onsepara'on: JavaVMsandboxing Individualprotec2on logicforbanking applets,iden2ca2on applets,etc. ASecureJavadeployment usingDES/3DES/AES signature+encryp2on Storageprotec'on throughproprietarysmartcard securitymechanismsOTA keys JavacryptoAPI:DES/3DES/AES; some2mesRSA3 4. AgendaSIMcardbackground A GeDngontotheSIM B StealingSIMsecrets4 5. OTAsecuritylevelischosenbyserverwhileSIM enforcesmandatoryminimumlevelILLUSTRATIVEBinarySMScommunica'on OTAserver ini2ates remote transac2onTargetapp/keyset# Command Used possibly security encrypted level and/or signedReque- sted security levelSIMcardstoresmul2ple keysets,possiblywith dierentprotec2onlevels Keyset3 Keyset2 Keyset1 Man- DES 3DES AES datoryResponseprotected accordingtorequest, butnotbelowminimum levelstoredoncardEncry- p2onSigna- ture5 6. OTAerrorhandlingisunderspecied,possiblyopeningacack surface BinarySMScommunica'on AOacker probescards togain materialfor DESkey crackingCommandwith wrongsignatureUse:DES signatureRequest:DES signatureResponsetomal-signedrequestdiersbycardtype a.(25%* ofcards)SIMcard withDES key (prevalenceofDES keysvariesbetween operators;canbeup to100%)(Noresponse)b.(50%*)ErrormessageSome2mes withall-zeros signaturesc.(25%*)ErrormessageDES signatureDatauseableforkeycracking* Es2matedfromrela2velysmallandgeographicallyskewedmeasurementset6 7. OTADESdonotwithstandkeycracking Challenge:Derive56bitDESkeyfromOTAresponsesignature Crackingstrategies Bepa'ent BruteforceonGPUThrowmoneyatit BruteforceonFPGAclusterRidetherainbow Time-memorytrade-o usinglargeharddisks&GPUInvestmentCracking'meEUR1.0006monthsEUR50.0001dayEUR1.500+ 1yearpre-computa2on1minute (but


BlackHat Japan 08 Nohl Secret Algorithms in Hardware
BlackHat Japan 08 Nohl Secret Algorithms in Hardware
Documents
“Rooting Out” Rootkits
“Rooting Out” Rootkits
Documents
Nohl Sustainable Landscape Use and Aesthetic Perception
Nohl Sustainable Landscape Use and Aesthetic Perception
Documents
Starbug & Karsten Nohl University of Virginia
Starbug & Karsten Nohl University of Virginia
Documents
Rooting Out Hunger
Rooting Out Hunger
Documents
How Rooting Works -- A Technical Explan...Droid Rooting Process - Season of Code
How Rooting Works -- A Technical Explan...Droid Rooting Process - Season of Code
Documents
Know ) Way VIA ESCOLA Noh' Ranch Canyon Rim 91 NOHL RANCH
Know ) Way VIA ESCOLA Noh' Ranch Canyon Rim 91 NOHL RANCH
Documents
Article history Rooting of hardwood cuttings of ... · peruviana cv. Shubra (white flowers), the rooting success through conventional method of rooting of hardwood cuttings is very
Article history Rooting of hardwood cuttings of ... · peruviana cv. Shubra (white flowers), the rooting success through conventional method of rooting of hardwood cuttings is very
Documents
Karsten Nohl Henryk University of Virginia HU Berlinevents.ccc.de/.../1241_081229.25C3.RFIDSecurity.pdf · 2016-11-23 · For secure RFID, we need: Publicly reviewed standards Yes,
Karsten Nohl Henryk University of Virginia HU Berlinevents.ccc.de/.../1241_081229.25C3.RFIDSecurity.pdf · 2016-11-23 · For secure RFID, we need: Publicly reviewed standards Yes,
Documents
Rooting With ZergRush
Rooting With ZergRush
Documents
Android rooting
Android rooting
Software
Karsten Nohl Henryk University of Virginia HU Berlin · More elegant solutions considered too expensive 4 Security building blocks on RFID tags are insufficient for privacy applications
Karsten Nohl Henryk University of Virginia HU Berlin · More elegant solutions considered too expensive 4 Security building blocks on RFID tags are insufficient for privacy applications
Documents
Rooting android
Rooting android
Mobile
Rooting Instructions
Rooting Instructions
Documents
Rooting and Sucking Reflexes.docx
Rooting and Sucking Reflexes.docx
Documents
rooting SIM cards
rooting SIM cards
Documents
Rooting Out Relationship Killers
Rooting Out Relationship Killers
Documents
CCC ‘07 Karsten Nohl, Starbug, Henryk Plötz · 2016-11-23 · CCC ‘07 Karsten Nohl, Starbug, ... 2) Output bit derived from fixed subset of bits non-optimal avalanche properties
CCC ‘07 Karsten Nohl, Starbug, Henryk Plötz · 2016-11-23 · CCC ‘07 Karsten Nohl, Starbug, ... 2) Output bit derived from fixed subset of bits non-optimal avalanche properties
Documents
Legic Prime: Obscurity in Depth - CCC Event Blog...Legic Prime: Obscurity in Depth Henryk Pl otz, Karsten Nohl Legic Primer Master Token System Control Attack overview Analyzing LEGIC
Legic Prime: Obscurity in Depth - CCC Event Blog...Legic Prime: Obscurity in Depth Henryk Pl otz, Karsten Nohl Legic Primer Master Token System Control Attack overview Analyzing LEGIC
Documents
Cracking GSM Ecnryption - Chaos Computer Club · Source: H4RDW4RE, DeepSec GSM training Karsten Nohl - A5/1 Cracking. 11 A5/1 is vulnerable to generic pre-computation attacks For
Cracking GSM Ecnryption - Chaos Computer Club · Source: H4RDW4RE, DeepSec GSM training Karsten Nohl - A5/1 Cracking. 11 A5/1 is vulnerable to generic pre-computation attacks For
Documents
Android Device Rooting Lab - SEED Projectflashing the image file to specific Android Partition. Rooting Overview. Figure 1: Rooting Android Devices ModifyingAndroidfromoutside. Since
Android Device Rooting Lab - SEED Projectflashing the image file to specific Android Partition. Rooting Overview. Figure 1: Rooting Android Devices ModifyingAndroidfromoutside. Since
Documents
Karsten Nohl
Karsten Nohl
Documents
Rhizopon Rooting Guide
Rhizopon Rooting Guide
Documents
Android Rooting Technology
Android Rooting Technology
Presentations & Public Speaking
Karsten Pruess - ieaghg.org
Karsten Pruess - ieaghg.org
Documents
Karsten Buesser DESY
Karsten Buesser DESY
Documents
Advance rooting
Advance rooting
Education
Rooting phylogenies
Rooting phylogenies
Documents
Rooting of Android Devices
Rooting of Android Devices
Technology
Intercoms Hacking · State Of the Art: Mobile security Many publications exist: Attacks on GSM A5/1 algorithm with rainbow tables (at 26c3, Chris Paget and Karsten Nohl) OsmocomBB
Intercoms Hacking · State Of the Art: Mobile security Many publications exist: Attacks on GSM A5/1 algorithm with rainbow tables (at 26c3, Chris Paget and Karsten Nohl) OsmocomBB
Documents