Cloning SIM Cards and Hacking Payphones Tutorial. Description: In this video, Limor and Philip from Citizen Engineer, demonstrate how to clone SIM cards and hack payphones to do interesting things. The SIM card section starts with a primer on how the authentication works in the GSM world - challenge / response where the SIM contains the encryption key which is used to encrypt the challenge sent by the base station. Now the problem seems to be that there is no way to retrieve the encryption key directly from the SIM cards and the only way (which also only works for older cards) is to use a chosen plain text attack. This attack is carried out by connecting the SIM to a computer and bombarding it with encryption requests for known plain texts. After enough samples go through, the encryption key can be cracked. Once the encryption key is known it is trivial to clone the card using a writer. Disclaimer: We are a infosec video aggregator and this video is linked from an external website.
Skype's Biggest Secret Revealed. Reverse Engineering. IDA Page : IDA Pro Freeware Download Page. Circumventing Adobe ADEPT DRM for EPUB. By way of a concrete reverse-engineering contribution, I have successfully circumvented Adobe's ADEPT DRM scheme for EPUB files. The same circumvention probably also allows decryption of ADEPT-encrypted PDF files, although I haven't looked into it yet. ADEPT is pretty close to faultless as a crypto system -- a per-user RSA key encrypts a per-book AES key which encrypts the content. It uses AES in CBC mode with a random IV. It uses RSA with PKCS#1 v1.5 padding, which is perfectly adequate for this case. Unfortunately for Adobe, this isn't a crypto system, but a DRM system. DRM systems ultimately depend not on the strength of their cryptography, but the complexity of their obfuscation. In practical terms, this breaks ADEPT circumvention into two components: key retrieval and decryption. Here are the scripts: Key-retrieval script: ineptkey (version 5) Decryption script: ineptepub (version 5.2) And on a preachy note, please don't be a jerk with these.
Report 2010/594. Cache Games - Bringing Access Based Cache Attacks on AES to Practice Endre Bangerter and David Gullasch and Stephan Krenn Abstract: Side channel attacks on cryptographic systems are attacks exploiting information gained from physical implementations rather than utilizing theoretical weaknesses of a scheme. In particular, during the last years, major achievements were made for the class of access-driven cache-attacks. The source of information leakage for such attacks are the locations of memory accesses performed by a victim process.
In this paper we analyze the case of AES and present an attack which is capable of recovering the full secret key in almost realtime for AES-128, requiring only a very limited number of observed encryptions. Unlike most other attacks, ours neither needs to know the ciphertext, nor does it need to know any information about the plaintext (such as its distribution, etc.). Category / Keywords: implementation / AES; side channel; access-based cache-attacks; Malicious pdf analysis : from price.zip to flashplayer.exe | Peter Van Eeckhoutte's Blog. Introduction This morning, my generic attachment filter for MS Exchange reported about 100 emails that have been put in quarantine because they contained a small zip file : Email header : Received: from hosting1.i-excom.net ([87.106.13.96]) 18 Nov 2010 10:23:47 +0100 Received: (qmail 558 invoked from network); 18 Nov 2010 10:22:46 +0100 Received: from 41-135-4-212.dsl.mweb.co.za (HELO 192.168.2.3) (41.135.4.212) by hosting1.i-excom.net with SMTP; 18 Nov 2010 10:22:43 +0100 Received: from [10.10.0.11] by 192.168.2.3 id ib1m4s-000JkE-00; Thu, 18 Nov2010 11:49:01 +0200 Message-ID: <009601cb8704$ef9f3b00$0b000a0a@192.168.2.3> From: <pichi5@ozu.es> To: <xxxxxxxxxxxxxxxx> Subject: Re: lista de precios!
Date: Thu, 18 Nov 2010 11:49:01 +0200 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------B21C218F271B9A77" Return-Path: pichi5@ozu.es This morning, VirusTotal reports that the pdf file is clean (0/43)… But that doesn’t mean anything, does it. Analysing the pdf file Original code :