Smart-card-based protection services offer for developers

[FractalizeR]

Emeralda Engine


1. Introduction

As time goes by, cracking/cloning GSM software becomes a business. That's why more and more GSM software developers want to protect their products better and better. Almost all known types of protection now can be cracked/cloned starting from the easiest ones (software protectors only, like Armadillo, Themida etc.) and ending with complex hardware solutions based on some kind of microprocessors + software protection. The reason is simple. Almost all kinds of memory can be easily read and almost all kinds of electronic boards can be easily examined and cloned. And all software protectors can be removed from software. The only question here is time needs for cracking.
But still exists at least one type of protection, that can not be cracked. This type is Schlumberger Smart-Cards.


What smart-card is

Smart-card is a small card, of the size like usual GSM SIM cards. Inside this card exists some kind of microcomputer with it's own processor, small amount of memory. A computer, that was created to keep your secrets... Smart card is connected to PC via small simple USB device called Smart-Card Reader. This reader is like a bridge between smart-card and computer.


Smart-Card Architecture

As said above, smart-card is a microcomputer. Microcomputer with 32Kb memory on-board and cryptographic co-processor, accelerating execution of encryption and decryption blocks of data. Smart-card has in-built support for various cryptographic algos like various CRCs, DES, RSA, secure random numbers generator etc.
Smart-card can have several programs inside, that are called applets. These programs can be written in one of the variants of Java language, that is very easy to learn. Applets can communicate with software from PC using in-out buffer, that allows you to pass commands to your applet and to get results from your applet with few lines of code.
You can easily put your applets to your card if you know card access codes, but nobody including you even knowing codes can't read applets from card. Under any condition applet source can't be read from smart-card. This makes your card some kind of safe for your know-how technologies.


Smart card reliability

Reliability of Schlumberger Smart-Cards is confirmed by such a giants in business like Visa, MasterCard and many others. Smart-cards are used as authentication marks, digital signature containers, digital wallets and other holders of VERY important data. There was never a precedent of successful reading applet's code or applet's internal data from smart-card in whole world.

2. Protecting GSM software with Smart-Cards

How to?

In process of unlocking/flashing almost any phone there is some algo of processing information (for example, calculating IMEI checksums, various CRCs calculation, decrypting small blocks of data, etc.) This algo can be simply converted to smart-card applet. And after that your software will read some data from phone, that needs to be processed, send it to your applet and then receive back already processed. That’s all!


Algo’s, that should never been put to card

Of course, any protection, even the most powerful, should be correctly applied. Simply checking smart-card presence from software will not make your protection strong. So, there are several kinds of algos, putting which to smart-card will not improve your protection:

• Decryption of static (constant) data blocks, that come from software (PC) (for example, loaders decryption)
• Very easy-to-guess algos (like CRC32 calculations or XOR FFh decryption)
• Static data itself (table of software versions for example)

3. FractalizeR’s Emeralda Engine

What is this?

Of course, simply putting algos to dongle is not enough. Time passes, new phone models appear, algos inside the dongle should be updated, because, if you will put algo for a new model only to soft – this new software can be easily cracked. So you need dongle upgrade system. But, you can’t simply provide file with applet’s source to every user, because hacker can easily extract your algos from it. Also, you need control over all dongle upgrade process (for example, you may need to disable upgrade for some dongle, grant your resellers access their users’ accounts etc.). So, let me introduce to you my smart-card secure update engine: FractalizeR’s Emeralda Engine. All this can be easily done with a help of it.
Emeralda uses advantages of built-in smart-card secure communication protocol to make dongle upgrades safe, so you can be sure, that nobody will be able to extract your applets from any part of traffic, sent to client, or sent by client to smart-card. Emeralda server generates encrypted and signed stream of data, that is transmitted to upgrade client. Client sends stream in encrypted and signed untouched form directly to smart-card and only smart-card itself decrypts and verifies that stream, accepts applets and run internal commands, that are contained inside data stream. So, nobody have access to command source except server and smart-card itself. Data stream can be intercepted and examined by hacker, but it will be useless, because data stream is encrypted and only smart-card, this stream is generated for, can decrypt it.


Emeralda Engine as it is

Emeralda engine is a standalone set of software components, that provides ability to securely and remotely update user dongles, control upgrade process, control user accounts etc. Here are main features of Emeralda:

• Remote secure update of Schlumberger smart-cards – client and server applications
• Multithreaded server
• Three-level control system (author, distributor, reseller) for controlling user accounts on server
• User accounts database
• IP and dongle black list
• Logging of security violations
• Logging whole process of dongle upgrade for each user
• No need in source code of your project. Emeralda is fully stand-alone.

Emeralda server requirements:

• Usual PC, preferably not slower than PIII-700.
• 128Mb (better 256Mb) of memory
• Any type of Internet connection with static or dynamic (in this case no-ip.com services can be used) IP with speed preferably not slower than 10-15Kb/sec (maximum amount of traffic per client session is about 34Kb)
• Minimum 150Mb (500Mb or more is recommended) free space available on HDD
• Windows 2000/XP/2003 (Windows 98 is probably supported too, but not tested)


What I suggest?

• Emeralda engine-based client and server and tools
• Consultations on all questions related to using Schlumberger cards for protection
• Consultations on moving to Schlumberger cards protection of already existing project
• Consultations on software protection itself
• Custom improvements and additions for Emeralda server and client like additional data check, storing and retrieving additional data from user’s database, mailing lists support via all server’s database, custom parameters to check by server etc. on demand
• Additionally, I can help in your web-site enhancement: dynamic news on site, forum establishing, protected support area for your product, professional support of your users etc.

In cooperation with Narry Telecom I am also proud to provide also all-in-one solution, which includes all from the above plus:

+ Delivery of any number of Schlumberger smart-cards at the earliest possible date
+ Manufacturing any number of boxes for your project of any PCB design, case type and coloring with any number of cables
+ Boxes can have integrated smart-card reader thus eliminating a need in additional USB port for dongle and lowering box (dongle) self-cost (because reader is no longer needed)
+ Help in your product distribution via our wide distribution network

We are taking all weight of manufacturing boxes, protecting your software and supporting your users.
You need only to write software. We will do the rest.


Emeralda powered projects:

• ThunderStorm (www.gsmthunderstorm.com) – work completed. Server online.
• Anonymous project 1 – work in progress
• Anonymous project 2 – work in progress

Contacts

• All questions on FractalizeR’s Emeralda Engine and using Schlumberger cards for protecting software please send to FractalizeR. Email: [email protected], ICQ #108478223
• All questions on all-in-one solutions please send to [email protected]