Never Ending Security

It starts all here

THC-Smartbrute

thcsmartbrute


[0x00] What is THC-SMARTBRUTE ?


Link to Tool   HERE

This tool finds undocumented and secret commands implemented in a smartcard.
An instruction is divided into Class (CLA), Instruction-Number (INS) and the
parameters or arguments P1, P2, P3. THC-SMARTBRUTE iterates through all the possible
values of CLA and INS to find a valid combination.

Furthermore it tries to find out what parameters are valid for a given class and instruction number.


  [0x01] Compiling

You need the pcsc-lite library installed which u can get from

http://pcsclite.alioth.debian.org

Edit Makefile to your needs and run make.


  [0x02] Command line arguments
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
--verbose
        prints a lot of debugging messages to stderr *FIXME*
--undoconly
        only prints found instruction if its not element of the standard
        instruction list
--fastresults
        before iterating through all possible combinates of class and
        instruction-number typical class/instruction-values are verified for
        availability.
        After that the classes 0x00, 0x80 and 0xA0 (GSM) are tried first.
--help
        prints out the usage
--chv1 pin1
        a VERIFY CHV1 instruction with pin1 as argument is executed
--chv2 pin2
        a VERIFY CHV2 instruction with pin2 as argument is executed
 .
--brutep1p2
        finds valid parameter p1 and p2 combinations for the instruction
        the user defined with --cla and --ins .
        For parameter p1 the value 0x00 is assumed.
 .
--brutep3
        find valid p3 values for given --cla, --ins, --p1 and --p2
 .
--cla CLASS
        sets the instruction class to CLASS
--ins INS
        sets the instruction-number to INS
--p1 P1
        sets parameter p1 to P1
--p2 P2
        sets parameter p2 to P2
--p3 P3
        sets parameter p3 to P3
 .
  [0x03] Examples
1. ~$ ./thc-smartbrute
        run thcsmartbrute without any arguments to brute force for valid instructions
2. ~$ ./thc-smartbrute --undoconly
        find valid instructions but only print out non-standard instructions
 .
3. ~$ ./thc-smartbrute --cla 0xA0 --ins 0xA4 --brutep1p2
        find the first two arguments for the GSM instruction SELECT FILE
 .
4. ~$ ./thc-smartbrute --cla 0xA0 --ins 0xA4 --p1 0x00 --p2 0x00 --brutep3
        find the 3rd argument for the already found first two arguments
        for the GSM instruction SELECT FILE
 .       
 .
  [0x04] Some interesting smartcard links
 .
1. ISO 7816 - the standard for general purpose smartcards

[0x05] Download Link

Grab the latest release thcsmartbrute-1.0.tar.gz

Yours sincerly,

Gamma
The Hackers Choice

http://www.thc.org/thc-smartbrute

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s