logo dexlab

Downloads

In this section you can find the following software and documents:

ePassport emulator

The epassport_emulator is an ePassport / eID emulator for JavaCard. It
implements functionality as described in ICAO Doc 9303. Additionally it
implements functionality to write files and key data to the emulator.

Name: epassport_emulator
Version: 1.02 (build 20090120)
Details: http://seclists.org/fulldisclosure/2009/Jan/0788.html
Tested on: 72k JCOP v4.1
Nokia NFC "secure element"
Supported by: RFIDIOt by Adam Laurie
RFIDIOT-vonjeek by The Hacker's Choice
ecl0wn by dexlab (see below)
Download: 7 kbyte ZIP

[ back ]

eCL0WN

eCL0WN is an ePassport utility for NFC-enabled phones that allows you to
read and clone your ePassport's chip content. Just follow six easy steps:

eCL0WN

  1. Upload eCL0WN to your phone and start it
  2. Set the passport key
  3. Read an ePassport
  4. View details on your phone
  5. Write data to an emulator
  6. Verify written data with e.g. Golden Reader Tool
Name: eCL0WN for Symbian
Version: 1.01 (build 20090120)
Details: http://seclists.org/fulldisclosure/2009/Jan/0789.html
Tested on: Nokia 6131 NFC
Nokia 6212 NFC
Supported by: epassport_emulator 1.02 (see above)
Download: 34 kbyte ZIP

Name: eCL0WN for Android
Version: 1.0 (build 20110927)
Details: http://seclists.org/fulldisclosure/2013/Oct/176
Tested on: NFC-enabled phones running Android 2.3+
Supported by: epassport_emulator 1.02 (see above)
Download: Google Play Store

[ back ]

crapto1gui

Crapto1gui is a Windows implementation of the crapto1 tool. It allows you to crack crypto-1 Mifare Classic keys. If you're using the ProxMark3 RFID sniffer on the Windows platform this utility might save you some time, avoiding copying data from one system to another. The ZIP contains a standalone binary and source code (CodeGear C++ Builder 2009).

Name: crapto1gui (binary + source)
Version: 1.01  (build 20090611)
Details: http://code.google.com/p/crapto1/
Tested on: Windows x86
Windows x64
Supported tag: Mifare Classic
Download: 353 kbyte ZIP

[ back ]

ePassports reloaded goes mobile

This presentation will examine the different mechanisms used in ePassports to prevent cloning and creation of electronic travel documents with non-original content and ways to attack these mechanisms. Additionally we dive into the process of integrating emulator chips in existing travel documents. Also a new ePassport attack suite will be presented, allowing you to backup your passport chip with a mobile phone.

Title: ePassports reloaded goes mobile
Author: Jeroen van Beek (dexlab)
Download: 4.98 Mbyte PDF

[ back ]

Security and Reliability of Automated Waste Registration in The Netherlands

Electronic registration of domestic waste is in wide use, often to raise taxes based on the amount of waste households produce, but not much prior research into the technical aspects of this area has been done. Two basic methods are found: personal household containers and shared underground containers. This report tries to de ne requirements for such systems and compares several systems in actual use to these requirements.

Every municipality surveyed employed a different combination of systems, each having their own strengths and weaknesses. All use radio frequency identification (RFID) but many can easily be copied. Encryption is hardly used. No critical security risks were found, but a number of issues still need addressing.

Jeroen van Beek (and others) supervised this project.

Title: Security and Reliability of Automated Waste Registration in The Netherlands
Authors: Dick Visser
Thijs Kinkhorst
Download: 553 kbyte PDF

[ back ]

Security analysis of Dutch smart metering systems

Smart meters enable utility companies to automatically readout metering data and to give consumers insight in their energy usage, which should lead to a reduction of energy usage. To regulate smart meter functionality the Dutch government commissioned the NEN to create a Dutch standard for smart meters which resulted in the NTA-8130 specification. Currently
the Dutch grid operators are experimenting with smart meters in various pilot projects. In this project we have analyzed the current smart meter implementations and the NTA using an abstract model based on the the CIA-triad (Confidentiality, Integrity and Availability). It is important that no information can be attained by unauthorized parties, that smart meters
cannot be tampered with and that suppliers get correct metering data.

We conclude that the NTA is not specific enough about the security requirements of smart meters, which leaves this open for interpretation by manufacturers and grid operators. Suppliers do not take the privacy aspect of the consumer data seriously. Customers can only get their usage information through poorly secured websites. The communication channel for local meter configuration is not secured sufficiently: consumers might even be able to reconfigure their own meters. Also, the communication channels that are used between the smart meter and gas or water meter are often not sufficiently protected against data manipulation. It is important that communication at all stages, starting from the configuration of the meter to the back-end systems and websites, is encrypted using proven technologies and protected by proper authentication mechanisms.

Jeroen van Beek (and others) supervised this project.

Title: Security analysis of Dutch smart metering systems
Authors: Sander Keemink
Bart Roos
Download: 2.28 Mbyte PDF

[ back ]