 or GSM hacking, access point stuff, but today he's going to talk about smart cards, so I'm going to hand the mic over to him. Take it away. Thanks a lot, Carlos. I'm not sure how this is going to work because this cable barely reaches over to this laptop, and I have to switch between all these. So if there's like big pauses where things just fall apart randomly, please forgive me. My name is David Holton, and I'm giving a talk on smart cards today. I'm a researcher with Doc Bodin Labs, just a small little group in San Diego, and I'm the chairman of Tourcon, in case any of you have been there or heard of it. Just as a disclaimer, before we get started, this is educational purposes only, all that crap. Curiosity, not fraud, all those ideals, and full disclosure, all the information here, I'm planning on releasing in a frack article, like in the next frack, because I've got most of it done. If anybody wants a copy of it, just let me know, and I'll give it to you later on, or something like that. All this information will be posted later. This talk will cover, give you basic introduction to smart cards, basic technical knowledge of how smart cards work, how to analyze proprietary cards, reverse engineer the protocols that they use for both asynchronous and synchronous cards, and we're going to give an example with GSM SIM cards and parking meter cards, and finally show you methods on how to break it or do naughty stuff. So what do we know about smart cards? There's a thing called the ISO 7816 standard that defines what a smart card is, and it's a very loose standard. It basically just has durability requirements, pin layouts, and defines a little bit of the asynchronous protocols. For the durability requirements, it's really basic crap, like UV light protection and electrical resistance and magnetic field resistance and stuff like that, and really boring stuff. The pin layout, though, tells you exactly where all the pins should be, and so it just makes it so all the smart cards have the right pinouts and all the readers have the right pinouts and stuff like that. And we're mainly going to be focusing on the reset pin, the clock, and the IO. Those are the main ones that you want to know about. VCC is where all of your power comes into the card, and then there's the ground for zero voltage, and there's a couple of reserved pins that they don't really define. So for asynchronous cards, how they work is there's a couple of different protocols that they use, but mainly it acts as a serial device, and so you create a 9600-body connection to the device, and then you can do challenge response sort of stuff. And it's very common with processor cards. With synchronous cards, they're mainly used for memory cards, and so it's really simple logic. The cards don't even have their own internal clock, and so it's all supplied by the reader. So first I'm going to talk about asynchronous cards. Asynchronous cards are usually any type of processor card, so GSM SIM cards, bank cards, PKI token cards, Java cards. Ones that are a little bit more complex and actually have challenge response to them. And synchronous protocol, yeah, just use IO pin to create a 9600-body connection, and when the reset is set to high, it tells it to reset the card. And then you can just send simple commands. With APDU commands, you just have four bytes for your command on there, and one byte for the length, and then you can throw on arguments to whatever command you're sending to it. And then you receive a standard response back. So how SIM cards work in phones is we're mainly going to be looking at the KI on the cards like the ESN, basically the key on your SIM card that identifies you on the network. And how this whole thing works is, let's say you want your phone to connect up to a GSM base station. You say, hey, base station, can I connect to you? This is my identifier, and then the base station's like, oh, well, here's a challenge. If you are actually who you say you are, you can provide me with the right response. And so what it does is it relays this challenge on to COMP 128 on the SIM card, and whatever response it gets, it sends back to the base station basically. And actually COMP 128 is also used for seating like all the data encryption, the voice communication encryption, stuff like that. So they really try really hard to protect KI and make sure people can't get that. Different attacks on COMP 128. There's a NeuroPipe collision attack that Ian Goldberg, David Wagner, and Mark Persono found out. And there's also a side channel attack that uses DPA to try and find KI. And if you can actually get the KI on the SIM card, what does it get you? You can clone phones, eavesdrop on calls, defend stuff like that. And the only downside is it attacks the SIM card, so you actually have to have the person's physical SIM card to perform this attack. And there's a possibility of killing the card. So there's some risks involved. In this presentation I'm going to be doing a bunch of demonstrations and showing you how to use tools to interface with the cards and stuff. So in this demonstration I'm using a Taui Toco chip drive Micro 130. It's just a USB smart card reader. You can buy them for about like 50 bucks online. And I just like it because there's really good software for it and it works for virtually all the types of memory cards and stuff. And how you can interface with SIM cards is you just use standard APDU interfaces. With the libraries that they provide you can easily write software to interface with it really well. I just wrote a really simple command line app that, you know, it's really easy to interface with it. And I'm going to be demonstrating that in a couple minutes. You can also use a dumb mouse. It's really lots of people use this. All it does is it just ties your serial port over to the card and so you can just create a serial connection and talk to it directly that way. And there's really good software for it that you can grab from ftp.ccc.de slash gsm. And not too many people know about it but there's lots of really good resources in there. And also you could use a season which is basically the same thing as a dumb mouse. You can use it for tapping as well. And you can get schematics on that from FRAC 6215. So in this demonstration I'm just going to connect the card by inserting the card and then I'm going to select the gsm directory on the card, authenticate with a pin, and run comp128. So just a minute. Ah, it partially works. You can get a holder for your SIM card that allows you to put it in a smart card reader. And you can buy this for like two bucks online or something like that. Does Boto have one? Oh, Boto sells readers. Actually for people who have really good questions at the end, Boto gave me some smart card readers that I'm going to give away. So stick around. Okay, so first I'm going to reset the card. Just typing in R. And hopefully this will work. I'm going to issue a command to select the gsm directory. And so then I get this response back from the card and it's supposed to mean it's okay. There's been a bunch of stuff published. Like if you read the FRAC article, they have the guy publish like a bunch of the different directories that are on there. Yeah, yeah, like all the SIM cards have this one. And then there's different directories you can use for pulling down contact info, you know, contacts and SMS stuff or whatever else is stored on there. So yeah, read FRAC 62. It has all the info on there. And so now this command tells it to pull down 19 bytes from the result. And so this is info from the gsm directory. But now that we're in there, I'm going to authenticate with the pin. This is exactly what your phone does whenever you power it on and ask for the pin. And this is actually Carlos's old SIM card. So if you look at this enough, you can find out what his pin is. He probably uses it on his current cell phone too. And so if you look closely on there, it says 3839, 3839 and a bunch of Fs. And that means that if you look at it in ASCII, then you'll know what his pin is. So we're authenticated and now I'm going to run comp128 on the card. And I'm just going to feed a bunch of zeros just for an example. So there's 12 bytes of response. I'm going to grab that. And there's a response from comp128. And so that's how you can use to pull comp128 on the card. So now that we have an interface to getting a comp128, I'm going to show you how comp128 works. By the way, thanks to CCC and Ender for providing lots of info about the G-SIM SIM cards. So there's an administration. And if you happen to not know the protocol that things are using, you can always make your own by reading frack62 or buy a season, which you can grab from SDLogic and they've actually been involved in lawsuits with Primestar and DirectTV as you might have heard from the talk earlier. So if you buy something from there, then just be aware that they might try and sue you or something. But you can use that to log the connection and figure out the protocol. Now I'm just going to cover the narrow pipe collision attack. How do you perform this attack? Ian Goldberg found that there's a narrow pipe in comp128 and he attacks the second round. Collisions in comp128 responses reveal key information. And you can crack comp128 using his method and about 115,000 queries according to this article. Unfortunately, new SIM cards will die after 65,000 queries. It's a new feature that they added in. And so most people won't be able to get to the 115,000 and actually crack it. So I've been working on optimizations to speed this up to make it a little bit faster. This is what comp128 looks like. It's all like pseudocode and stuff. I don't expect you to read it or understand it, but the cool thing is that at the very end, they null padded 10 bits at the end and they think that it's because of the NSA. Just add in their own little feature to comp128. But it essentially reduces your voice security with your cell phone by 10 bits. So thanks, NSA. Just the algorithms used in the U.S. Is it reset or is that like... It's for the life of the card. So like every time you power on your phone, associate with the base station and stuff like that, it uses text down the counter once. And so they assume that you aren't going to be using it 65,000 times and you'll upgrade in like a couple years or something like that. So comp128 for dummies. What happens is, you know how I showed you feeding a challenge to comp128 when we interface with it? What happens is there's this x-array in the comp128 function that loads the secret key into the first 16 bytes. Then it takes a challenge and stuffs it in the next 16 bytes. Then it goes through this bit reduction routine I'm going to cover right now. So for example, if you have a key that sells zeros and a challenge that sells zeros, what happens is in this bit reduction, it ends up performing operations on like the zero byte and 16th byte and uses both of those as inputs and then spits out results into those. And so it just performs operations on those and goes along until it's gone through everyone, you know, an offset 16 for round one. Then in round two, it uses an offset of eight and does the same thing, only it reduces by seven bits and uses lookup tables and all that kind of stuff. So if you want to learn more, just look into it, but I'm just kind of skimming through this. So in round two, it goes through and performs operations on all those and reduces them down to seven bits for each byte. In round three, it does the same thing with offset four. It reduces them down to six bits. Round four does it with offset two, reduces them to five bits. And then in round five, it reduces them down to four all the way through. And essentially what comp128 does is it's just like a checksum. It basically makes all the bytes dependent on each other. So if any byte changes, the result is supposed to change. And then it takes all those four bit values, shifts them over, puts them at the end of X, and then feeds KI back into the beginning and then repeats it seven times. And so it iterates quite a lot. Then it reduces bytes, nullpads to 10 bits, and returns. So how the space line attack works is if we look for different challenges that end up giving us the same response and just kind of drill it down in the algorithm. In this example, I'm using this key, which is 1, 2, 3, 4, 5, 6, 7, 8, 9, and so on. And if you look at a challenge where it's 23, a bunch of zeros, and then 5, 5, a bunch of zeros, and 0, D, a bunch of zeros, and E7, a bunch of zeros. In round one, you'll notice that, of course, there's going to be different values when it performs operations on the first byte. But all these other ones end up being the same because it's virtually the same function that's going on there. And then it goes on, and you'll notice that all of these are the same except for ones that offset 0 and ones that offset 8. In the second round, look at that. It just happens to swap them with the exact same values. And so now we have all the same values in the very top row, and then it goes through to the bottom row and swaps them with the same values down there. And so once we get to that point, it'll end up having the exact same response. The cool thing about this property is that now we know that if we run Comp 128 with a challenge of 23, a bunch of zeros, and 5, 5, a bunch of zeros, it ends up with the same result as 0, D, a bunch of zeros, E7, a bunch of zeros. And we know that the keys in the byte are 0, 1, and something, and then F, E, and something. And so we've just retrieved two bytes of the key. Then you can just repeat it eight times and you have the whole key. So I was looking at trying to speed this up a little bit, and I tried brute forcing all the different collisions and finding the collisions that happen the most often, and then just choosing those first and optimizing it that way. And it makes it a bit faster, but it still isn't fast enough. So one thing you can do is you can attack the third round, and because you already have some pieces of the puzzle for the third round, you can find certain collisions that reveal single bytes. And so instead of attacking two bytes at a time and brute forcing 16 bits, you can virtually brute force one byte at a time, and so it reduces the complexity a lot. The only problem is that you have to pre-compute everything and it takes a lot of pre-computation. So you can do that with the third round to retrieve two bytes. Then in the fourth round you can retrieve four more, and then in the fifth round you can retrieve the rest of them, and as owned in less than 20,000 tries. So this works with most GSM carriers in the U.S., like T-Mobile, Singular, etc. And the new attack takes around 15 minutes with a pre-computer dictionary, and so I haven't totally computed like what the full dictionary is going to be, but it shouldn't be that bad. And once you have KI, you can emulate SIM card really easily with a pick. There's all kinds of code out there for doing it, gold wafer card, stuff like that. And I'm going to release some open source tools pretty shortly. You can also download SIM scan, which implements this, and I think it's had it out for a little while, so check that out. Any questions so far on the GSM stuff? Can I have my card back? No. I think that Boost Mobile uses something totally different. I'm pretty sure they don't use GSM SIM cards. Yeah, so I don't think it'll work with Boost. Any other quick questions? No, I haven't. They have three different types of encryption types you can use for it. There's one which is no encryption, which is really useful. There's another one that's like U.S., and there's one that's used in Europe, I think. There might be another one, I'm not sure. Anything else? Oh, no, it's just for GSM. Just GSM SIM cards. Anything else? Oh, yeah. It's actually kind of weird because they end up shaving off a lot of stuff when they put together the response at the end, because it's only 12 bytes of response, and you're feeding a lot of input to it. Oh, no, yeah, I found that there's some collisions that end up doing that. And so, yeah, what I end up doing is I just go through the algorithm and basically find a right equation that makes it line up. And so it's more kind of like making it line up in the second round than actually running it through and brute forcing everything. And so it's a little more accurate if you do it that way. Oh, no, we need to talk later or something. Anything else? Is that again? What was that? Oh, okay. Okay. Yeah, he said that there's a fourth one that nobody can crack, and so that's why nobody uses it. Yeah, there's some really good candidates for the new GSM encryption algorithms. Is that it? Yeah, we'll have more time for questions later. So, moving on to parking meters. What the fuck is a parking meter? Basic intro to parking meters. These are the types of parking meters we have in San Diego. There's a coin input, a coin output, which is very useful, and an input for a smart card. If you look at the smart card, I have a couple right here. They're just real simple SIM cards, smart cards. And what they say on the back is parking meter debit card. Insert debit card into meter and direction shown by arrow. The meter will increment in six-minute segments, and actually it's down to four-minute segments because they just raised the prices in San Diego. When desired, time is displayed to remove card. Did you buy too much time? To obtain extra time, refund. Insert the same debit card that was used to purchase time in the meter. Full six-minute increments will be created, credited to the card, increments of less than six minutes will be lost. So there is a way to refund credits onto the card, which is an important piece of information to know. These cards are synchronous smart cards, and they're just like memory cards, just like Kinko's cards, internet cafe cards, cash cards. And synchronous protocol is very, very simple. The clock sets the transfer speed, and so the reader just kind of moves the clock up and down from five volts to zero, and uses that to create the clock for the actual card. And if the reader wants to start reading information, it just sets the reset high to tell the card to reset, and then starts ticking the clock, and for each time that the clock goes high, the card will see that the clock's high, and so it'll set the data line to whatever the bit is. And so for the first time the clock goes high, the card will set the I-O line to whatever bit zero is, and then the second time it goes high, it'll set the I-O line to whatever bit one is. And just keep on going until the whole card is dumped. Parking your cards are very similar to European telecom cards that were actually covered in FRAC 48, and I have one here. And so you can use these in Europe to pay for pay phones and stuff. And how these work is they implement a one-way counter, and basically what happens is in the factory they set exactly how many credits the card is supposed to have. So let's say the card's only supposed to have like $50 on it. They set that amount of bits on the card, and then they blow a fuse, and then from then on the bits can only go from one to zero. And so that's supposed to provide security that you don't put bits back onto the card somehow, or reprogram them. And I'm just going to do a quick demonstration of reading some cards so you can kind of see what it looks like on them. There's this really nice tool that comes with a Tauitoko reader for reading stuff. It's kind of hard to find now because I think it took it off the website, but you can find it on the German site. Uh, no, no. Okay, so this is a European telecom card, and they actually use... they're actually able to round the bit deductions or something like that, so there's a lot less stuff on here. But that's all the data on there. If you look at a parking meter card, you get a lot more info on here. And so there's all these kind of empty spaces and full spaces of bits and stuff. So I'll be covering that a little bit later. But you can just drop in any memory card that you have. This is a Kinko Express Pay card. I haven't looked at these too much, so if anybody looks into these much, it's kind of interesting. There's this cash customer down here, and, I don't know, different things. And these types of cards actually use a pin for read-writing to them. So if you can figure out the pin, then you can rewrite stuff on the cards or you can just get your own or whatever, emulate your own. But if you guys have any interesting cards, let me know later on because I always like to look at new stuff. Okay, so from a parking meter card memory dump, we get something like this. Through trial and error, I kind of figured out, on most memory cards, the first four bytes is an ATR answer to reset, and it's just kind of like a serial number. And then there's another four bytes of another type of serial number. And what I found out is that if you look at the green portion over there, that's actually the area for credit bits. And so for every bit that's set in there, it means 10 cents on the card. And if you look at the blue portion, that's the refund bits area. Because they can only go from one bits to zero bits, they decided to have a separate section just for refunds. So for every bit that's set to zero in that area, you get a refund on the card. And how it works is like, let's say you have a bunch of refunds, but you use up all your credit bits. What do you do then? They have this refund buffer area that's only for about maybe $5. And so you can really only refund $5 and actually use it. So it seems kind of pointless to refund a bunch of credits when you can't you can only use like $5 extra. So on this particular card there's six bits for credits plus seven bits for refund, so it ends up being like $1.30. Now if you want to figure out how they increment credits and deduct credits, you'll have to somehow reverse engineer the protocol by tapping it or guessing or something like that. The basic method is to somehow tap the connection, log the data, and decode the protocol. Now, you can buy lots of tappers for asynchronous cards like have this one right here that PrimeStar can sue you for having. And these things are great. They just have a serial interface. You can listen to communication. But I can't find anything that's made for synchronous stuff. And so I don't know anything about electronics, but with a friend of mine we ended up developing this thing. It's attached onto the back of this laptop. It's really ghetto. They made like a fake smart card. I'm not sure if you can see this, but it's actually a Pete's coffee card. I put copper tape on, and it soldered on to a ripped up floppy drive cable. And it's run over to this smart card socket that I ripped off of an old smart card reader that I had laying around. And that goes back to and then I end up using like these floppy drive cable thingies. It has a vampire clips on it to tap the connection. And that runs back to 10K resistors. It goes to a buffer. It goes to the parallel port so you can monitor the lines. And in the FAC article I have lots of cool ASCII art, so this is like the basic schematics for it if you want to make your own. And with logging the data you just pull the parallel port IO and you can find all kinds of information on dealing with the parallel port online. And if the lines change just log it to memory and then once you're done just save it to a file. I had the really bad idea of just printing it out and this stuff goes so fast that I was just losing bits left and right so a lot of trial and error getting that to work. But it's really simple code for doing that. And decoding the protocol. I just wrote this really simple program for decoding bytes from the stream that you get. And then also doing time graph analysis. So here's a quick demonstration of that. Present for the DEF CON staff. There we go. Okay so... I'm just gonna... I'm just gonna tap the connection between this parking meter card and my smart card reader over here. I wasn't able to bring a real parking meter out here. I'm sorry guys, but it's just too heavy. What's that? Okay so... I just ended up getting a really bad idea. I'm just gonna... I'm just gonna... I'm just gonna... I just inserted my fake card into the reader. And so it's doing its thing. And I'm gonna pull it out. Cancel it. Spacebar doesn't work at all. So I just logged the bits to the file. And it's not too pleasant to deal with this stuff. So... You can pipe it through here. And here's some data that's pulling down just all kinds of crazy stuff. What kind of gives you an idea for what sort of information it's getting? The coolest stuff though is doing time graph analysis. Because that's when you can really figure out the protocols a little bit better. And I got this on the other machine. So you can feed into the script that we put together that just graphs it out. So you can kind of see, okay here's some bits that have been going along. The clock is on the bottom. The reset is actually inverted. It's kind of weird on here. But the reset's up on the top. Second to top. And then the eye line's at the very top. So you can see there's some data there. And just stays high. And it goes low for all of our credit bits. And it goes high again. And it goes along, goes along. And then it resets and reads it again. Half a dozen times or so. Actually, this area right here is where it actually writes to the card. And deducts or increments credits and stuff. And I kind of have it explained a little bit better. It slides. And then we kind of see the eye line going up and down and stuff. And then with the right to the card, it is this weird sequence. It's just like how the protocol works. But for deduct, you can do this sort of pattern to it. And it resets a couple of times. And it actually uses one of the reserved lines to do this. So you have to account for that when you're emulating it or whatever. Or tapping it. And for refund, it ends up doing something like this. And so you can do the same thing to the card to refund a bunch of bits if you want. But what I've been working on is emulating the park meter cards. So, you know, you just walk up with a card and insert it with $50 or whatever and it deducts some amount. And I just don't like dealing with eProm and stuff that saves to the card. So I just make it forget the credits and go back to $50 the next time you insert it. And so that'll probably the code for that will be I'll release it pretty soon. It's been hard to test it out here without a parking meter. Yeah, look at Frac4811 for hints. I'm using a 16F84A. Those are pretty popular right now. And just make sure you supply clock and a good tip is to tie the clock line to interrupt. Yeah, so I'll have four code and somatics pretty soon. See me for details if you want any sneak peeks or anything. And brute force. This is a really cool thing that I found out when I was messing with them. And I was like struggling on stuff for a couple months. I had this thing out when I out of accident. You just fold a business card in half, stick it in. It's not a valid smart card, so it goes out of order. And if you fold a business card in half, it's the perfect size where it's hard to pull out. And people barely even notice that it's in there. And so if it's out of order you can just park there forever until they figure it out. Yeah, and then just use a credit card or something to pull it out later. And other memory cards like I said with the pins and stuff. A lot of the stuff is just security through obscurity. They figure that if they make a weird protocol nobody's going to figure it out. So like I have this friend in Holland that was auditing some university soda machines because lots of universities use cards for credits for students and stuff. And it turned out that every card had a different pin for enabling read, write on it. What they ended up doing was they thought oh well, we'll have a different pin on each card so if somebody gets one card then they can't unlock all of them. And so what they did was they just had a bunch of garbage data on the card and they do something like byte 6 plus byte 8 minus byte 42 divided by some other byte equals whatever the pin is. And so the soda machine would know this sort of algorithm. It would read the card data and figure out the pin and then use that to unlock it to rewrite the credits on the card. And so you can easily defeat this stuff. Michael Stegen actually ended up coding a pick to just emulate the card and then when it receives the pin it just saves it to another portion of memory on there. And so you stick in the machine and it unlocks the card and thinks that everything's fine, deducts the credits. And then you just take the card and stick it in your machine and you can see what the pin is because it just writes it right there. And there's all kinds of ways of getting around it and it's just security through obscurity. But most of the time it seems that people just use the same pin on every card. So if you can tap the connection you can figure out the pin and then just have fun rewriting all their cards. So, yeah, conclusions. That's how you can reach me if you want to email me anything and ask me any questions. And some references. Really great stuff. Shameful plugs. Come to Torcon, please if you're able to make it out. And I'm going to be at Shmucon so if you want to go there and I think later one's going on again next year. So some good conferences. I'd like to support the small ones. And questions, suggestions. Who wants a free smart card reader? Yeah. Wow. You guys didn't respond to all the questions suggestions, but I got it. What's that? Do you have any questions? Are you going to give me the cards? Yeah. Where are the smart cards? Oh, wow. Oh, yeah, Magstripe? Yeah, Magstripe. What's that? What's that? What's that? I don't know. It's probably a processor card or something. What? I don't have a Magstripe reader. What's that? Huh. I'd like to take a look. Does it have the pinouts on it? Like it has some gold on the top? Yeah. Yeah, yeah. Do you have a question? What the cards or the readers? Um, yeah. I've heard about this. He was saying how credit card companies are starting to distribute smart card readers and stuff. And I think that they use it for authentication with their websites and things like that. And so, yeah, totally. You could try and tap the connection and figure out how they talk to each other and put some hacks on there. But I haven't looked at them personally. What's that? Yeah, yeah. There's plenty of drivers out there for gem plus readers, but I couldn't find anything for these, so good luck. But you can have one if you want. I'll just leave it here for you or something. Anybody else? What's that? Oh, okay, yeah. You deserve one. I'm not quite sure. I think it might be for timing reasons or something like that. When you stick the card into the meter, it ends up flashing the credits on the card and then it starts slowly counting it down and stuff. And so, it might have been some sort of timing weird thing or maybe they just wanted to verify that the data was there and there wasn't any corruption in the line or something like that. That's my only guess. I know some people. He was saying that he was wondering if any people have been actually disassembling the cards to read directly from the flash. I know that some people were using electron microscopes and stuff like that, using acid to burn away the plastic and stuff, but it takes a lot of equipment and it's really difficult. But yeah, people have been working on that. So yeah, you can have one of these if you want. Yeah. Timing attacks? Yeah, for attacking GSM, the side channel attack actually analyzes the amount of power it's sucking. And so, what it uses, it turns out that when it's computing stuff, there's a table in there that's actually 512 bytes and it can only do 8 bits at a time. And so, they split it up into two tables and there's a noticeable power drain when it reads from one table than the other. And so, they use something like that to do it. I'm not so totally sure about timing attacks, but people are definitely working on side channel attacks like that. Yeah, go ahead. Programming? Oh, how do they reprogram them for stuff like that? I don't know. I'm thinking that they might interface with some sort of smart card or, yeah, I have no idea. I'm not sure, but I'm guessing that if everybody ends up making these cards that get you free parking, they'll end up having to upgrade all of them or something like that. So we can find out then. What's that? Oh, are they? Oh, okay. What before or after? Okay. Yeah. Yeah. Yeah, he was saying that a lot of places are using Java cards and stuff like that and so you might be able to reprogram them and, yeah, the stuff that I've been dealing with, you can't reprogram them. It's all like hard code in the chip, but I know that Bruce Potter and a couple of other people have been working on it. They've been working on it. They've been working on it. They've been working on it. Like Bruce Potter and some other people have been working on the Java card stuff, and there's definitely all kinds of cool attacks you can do with those. Do you say that the military IDs use Java cards? Oh, okay. Oh, okay. Yeah, it'd be interesting to look at. Yeah, go ahead. Oh, the Puk for the SIM cards? Yeah, I don't know. I don't know how you'd get that because yeah, I haven't looked at any of the attacks when getting the pins or the Puk. Yeah, yeah, you can emulate the card once you have the key, so you don't have to worry about that stuff once you get there. But yeah, it'd be interesting if somebody found some attacks on getting that. Yeah, go ahead. With these store, I saw that these meters, obviously they're sold in multiple cities. What's to stop you from, say, taking a card from San Diego to say Boston, but at least they needed some there. If you were to stick it in there, would it still work? Yeah, I don't know. I noticed that all of them have serial numbers and stuff like that, so there might be some sort of algorithm for verifying that it's like a valid card. Yeah, they might have something like that. In that case, and if you use emulators and like that, you just have to reprogram that. I would think that it would work. There are a couple parking meter manufacturers that are doing this kind of stuff, and so it's probably really similar between the different cities. Go ahead. I don't know, it seems like smart cards are pretty popular right now, and it seems like RFIDs are too. But I don't know. There's definitely a lot of stuff people are doing with smart cards nowadays and like with Java cards and making things a lot more secure, like with PKI and stuff like that. And it seems like RFIDs are pretty new, and so there isn't a whole lot of security in them yet. So I don't know, it really depends. I like the manufacturing costs and stuff like that, I guess. I don't know. Yeah, way back there. No, I don't, but I live in downtown San Diego, so it's like right out my door. That's a question. He was asking if I actually own a parking meter or possess one. Yeah, we were thinking of using our friend's Hummer and tying it to the back or something. Oh, okay. Yeah, just a couple more questions, Jay. Yeah. Oh, to the GSM attacks? I don't know. Somebody from Europe emailed me the other day asking about it, and I think that they're definitely doing a lot of stuff to roll out new algorithms, like I know Qualcomm has just published a sober 128 that's supposed to be the new candidate for new GSM stuff. There seems like there's all kinds of open source candidates out there, so I don't think they're too concerned about stuff right now, but they're definitely using a lot of planning to just fix things and start over properly. Yeah, one more. Yeah, I tried that, but you actually have reserved PIN that I was talking about. If it doesn't have the right logic on that PIN, then it just doesn't work, and there aren't really any memory cards that use any of those PINs. Yeah, I definitely tried that, because I have a couple different blank cards here that I was using, and they definitely are able to distinguish between the correct ones and ones that you're copying. Okay, I guess that's it for today. Thanks a lot. If you have any other questions, feel free to walk up to me later.