Fork me on GitHub

MontréHack

Apprentissage et partage de connaissance sur la sécurité informatique en travaillant des problèmes appliqués.

Learning and sharing knowledge on IT security by solving technical challenges.

Troisième lundi du mois
Third monday of every month

Archives | Learning | Mailing list | Group Chat | Calendar |

NorthSec Smartcards

a.k.a the Employee Crypto-Storage HSM

a NorthSec smartcard

Lors de l’événement NorthSec 2014, des cartes spécialement conçues pour l’événement étaient fournies aux participants sur lesquelles ceux-ci devaient trouver de l’information cachée, exploiter des failles artificielles ou encore briser des cryptosystèmes défectueux. Voici la description sommaire de l’épreuve (Anglais) :

“As a new employee of the A.N.O. (Associated Nations Organization), your employee card has already been dead dropped by one of our agents directly at your current location. You should be able to locate it very easily by carefully inspecting your work environment.

This card will be your one of the most valuable tool during your whole career as a faithful employee.

It serves many purposes, as a way of showing our commitment to openness and adhering to Kerchkoffs’s principle we are able to share a maximum of information with you, described hereafter.”

Outils et préparation / Tools and preparation

Assurez-vous de choisir l’un des outils ci-bas et d’être en mesure de lire un ATR d’une carte avant l’événement. Utilisez la carte de NorthSec 2014 par exemple. Plusieurs lecteurs de cartes seront disponibles.

Choose one of the tools below and make sure you are able to read a card ATR before the event. You can use the NorthSec smartcard for example. We will provide card readers.

Tools (very basic but will get you around) :

Something very important to consider during the event : Smart cards are minimal hence tooling is minimal. Interacting with the card is a pain in itself, don’t add to it by using a tool you do not fully understand and with which you are not completely at ease.

Readers under Linux :

In order to have a functional reader, you might need to install pcscd and pcsc-tools using your favorite package manager. Use Google if you need further help.

GPShell (Text-based script SmartCard Interaction) :

Smart Card Shell (JavaScript-based SmartCard Interaction) :

Python tools :

Perl tools :

Java tools:

Diapos / Slides

Remerciements / Credits


Intéressé à présenter? / Interested to present a challenge?