2024-10-21 12:12:28 +00:00
|
|
|
#import "@preview/ichigo:0.1.0": config, prob
|
|
|
|
|
|
|
|
|
|
#show: config.with(
|
|
|
|
|
course-name: "SMART CARDS & NFC",
|
|
|
|
|
serial-str: "k12104785",
|
|
|
|
|
author-info: [
|
|
|
|
|
Lukas Heiligenbrunner
|
|
|
|
|
],
|
|
|
|
|
author-names: "Lukas Heiligenbrunner",
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
#prob[
|
|
|
|
|
#figure(
|
|
|
|
|
image("Screenshot From 2024-10-21 14-07-41.png", width: 80%),
|
|
|
|
|
caption: [
|
|
|
|
|
Pin try counter.
|
|
|
|
|
],
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
][
|
2024-10-22 10:08:07 +00:00
|
|
|
- The PiN_TRY_COUNTER is prone to turn off attacks.
|
|
|
|
|
Each time the chip resets the ram value of the counter is cleared and one gets basically infinite retries.
|
2024-10-21 12:12:28 +00:00
|
|
|
todo solution
|
2024-10-22 10:08:07 +00:00
|
|
|
- Depending on the implementation of the comparison operation, it might leak side-channel information.
|
|
|
|
|
For example, if the comparison is done byte-wise, the attacker can determine the correct byte by comparing the time it takes to compare the bytes.
|
2024-10-21 12:12:28 +00:00
|
|
|
]
|
|
|
|
|
|
|
|
|
|
#prob[
|
|
|
|
|
#figure(
|
|
|
|
|
image("Screenshot From 2024-10-21 14-10-15.png", width: 80%),
|
|
|
|
|
caption: [
|
|
|
|
|
Pin comparision (PIN == REF_PIN).
|
|
|
|
|
],
|
|
|
|
|
)
|
|
|
|
|
][
|
|
|
|
|
todo solution
|
|
|
|
|
]
|
