|
Welcome to the GSM-Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. Only registered members may post questions, contact other members or search our database of over 8 million posts. Registration is fast, simple and absolutely free so please - Click to REGISTER! If you have any problems with the registration process or your account login, please contact contact us . |
|
Register | FAQ | Donate | Forum Rules | Root any Device | ★iPhone Unlock★ | ★ Direct Codes ★ | Direct Unlock Source |
Service Products News & Updates Service Products and Tools New and Updates |
| LinkBack | Thread Tools | Display Modes |
12-07-2008, 17:33 | #1 (permalink) |
No Life Poster Join Date: Nov 2002 Location: Russia Age: 42
Posts: 1,317
Member: 17711 Status: Offline Thanks Meter: 1,858 | --==> How they kill smart-cards <==-- The mechanism of killing a smart-card Before an applet is written to a card, a secured session is established. This is done using two APDU commands - INITIALIZE UPDATE and EXTERNAL AUTH. During data exchange each side (card and server or an application) proove that they know card access keys. Session keys are also generated. But if INITIALIZE UPDATE is not followed by a correct EXTERNAL AUTH, a card increases it's security counter. When security counter reaches some value, card stops accepting INITIALIZE UPDATE command at all. Card is alive, but noone can now update or delete any applet from it. Even the one knowing card access keys (the author). Security counter exists outside of time. It does not clear itself in a minute, two, month, year. Is is cleared only upon successful secured session has been established (e.g. card update was successfully initiated). The process of "murder" JAF cards were not destroyed at every user, that executed some application. This allows to suggest the following. Destructive software lists connected card readers in system and kills the first card it finds. Nothing is done further. Now about the most important. If the first card happened to be PKey card, you can see the result immediately. I will stop updating. But if that was a, say, SETool card, there will be no result at all because no SETool update server exist. Diagnostics Is it easy to recognize a "killed" card even if you don't know it's access keys. Just issue INITIALIZE UPDATE command and see the answer. If the card answer would be an error - it is damaged. Damaged card works ok, but it will be impossible to update it. It is easy also to write diagnostics software to detect damaged cards. But just keep in mind, that each such check increases security counter. Financial considerations You need to think about the fact, that killing cards is profitable for dishonest people. If card stopped updating, user is ought to keep using outdated software or buy a new card. It is obvious, that now we will see lots of "free" software with card destructor integrated. DO NOT DOWNLOAD AND EXECUTE UNKNOWN SOFWARE!!! Last edited by FractalizeR; 12-07-2008 at 17:39. |
The Following 345 Users Say Thank You to FractalizeR For This Useful Post: |
Bookmarks |
| |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
How to Release smart card with new 2.32? | KUBAT1 | Infinity-Box | 6 | 03-12-2008 13:11 |
How to deselect Smart Card option Only. | talkways | Universalbox | 4 | 07-05-2007 14:58 |
|