1 00:00:00,000 --> 00:00:02,000 ERIC BUTLER: Welcome, everyone. 2 00:00:02,918 --> 00:00:04,792 My name is Eric Butler. 3 00:00:04,792 --> 00:00:07,751 KARL KOSCHER: And I'm Karl Koscher. 4 00:00:07,751 --> 00:00:11,042 ERIC BUTLER: We are here to talk to you about SIM cards. 5 00:00:11,501 --> 00:00:15,167 This is a project that started for me last year when I heard 6 00:00:15,167 --> 00:00:17,125 about Toorcamp. 7 00:00:17,125 --> 00:00:19,792 This is a hacker camping trip. 8 00:00:19,792 --> 00:00:21,999 You can think DEF CON, but outdoors and with tents 9 00:00:21,999 --> 00:00:24,459 instead of hotel rooms. 10 00:00:24,751 --> 00:00:26,709 This was the second one. 11 00:00:29,667 --> 00:00:32,959 I thought it would be great in the middle of nowhere, to run 12 00:00:32,959 --> 00:00:34,999 a cell phone network. 13 00:00:34,999 --> 00:00:38,417 There was no GSM service out on the Washington coast. 14 00:00:38,876 --> 00:00:41,999 So I pitched the idea to some friends and we got people 15 00:00:41,999 --> 00:00:45,959 together, and we decided we can make this happen. 16 00:00:45,959 --> 00:00:47,792 And my part of the project specifically was 17 00:00:47,792 --> 00:00:49,999 to procure SIM cards. 18 00:00:50,999 --> 00:00:54,083 So I didn't know anything about what a SIM card was. 19 00:00:54,083 --> 00:00:56,999 So it stands for subscriber identity module. 20 00:00:57,000 --> 00:01:00,751 SIM cards contain identity information, usually the IMSI, 21 00:01:00,751 --> 00:01:05,999 the international mobile subscriber identity and KI which is the key used 22 00:01:05,999 --> 00:01:08,999 to authenticate with the cell network and 23 00:01:08,999 --> 00:01:11,542 to create session keys. 24 00:01:11,626 --> 00:01:15,792 SIM cards are smart cards that are designed to be secure, 25 00:01:15,792 --> 00:01:18,417 and tamper resistant. 26 00:01:18,417 --> 00:01:20,834 So the idea is that the key information can't be extracted 27 00:01:20,834 --> 00:01:24,751 from the card, even if you have physical possession. 28 00:01:24,999 --> 00:01:28,542 SIM card they are designed not to be cloned. 29 00:01:28,542 --> 00:01:30,999 There have been some issues of that in the past. 30 00:01:30,999 --> 00:01:33,626 Anyone who has a GSM phone definitely has 31 00:01:33,626 --> 00:01:37,999 a SIM card and now even the carriers that traditionally didn't have 32 00:01:37,999 --> 00:01:41,709 them, like Verizon are switching over to using them as part 33 00:01:41,709 --> 00:01:44,083 of their LTE migration. 34 00:01:44,209 --> 00:01:49,083 And while I was learning about this, I found that SIM cards can also 35 00:01:49,083 --> 00:01:50,876 run apps. 36 00:01:50,876 --> 00:01:51,999 What is that all about? 37 00:01:52,083 --> 00:01:54,999 So long ago, long before the iPhone, before Android, really 38 00:01:54,999 --> 00:01:57,999 before there was any concept of mobile development, 39 00:01:57,999 --> 00:02:02,834 there was this idea that applications would live in your SIM card. 40 00:02:02,959 --> 00:02:05,999 And so the phones would be dumb hosts. 41 00:02:05,999 --> 00:02:08,292 Could you move your SIM card between all of these phones and 42 00:02:08,292 --> 00:02:12,375 all of your contacts, and all of your apps would move with it. 43 00:02:12,375 --> 00:02:14,167 And the telcos liked this because it put them 44 00:02:14,167 --> 00:02:18,125 in complete control over everything that you could run. 45 00:02:18,501 --> 00:02:23,999 So fortunately, that didn't happen and we live in a little more open world. 46 00:02:24,584 --> 00:02:27,876 You might think this is an obsolete technology. 47 00:02:27,876 --> 00:02:32,417 It's actually still quite interesting because this technology is still around, 48 00:02:32,417 --> 00:02:36,083 almost a decade later, mostly unchanged. 49 00:02:36,083 --> 00:02:39,918 A lot of these standards came about in the mid 90s and still work 50 00:02:39,918 --> 00:02:43,667 today, are still supported today by modern smartphones, 51 00:02:43,667 --> 00:02:45,999 Android and iPhone. 52 00:02:45,999 --> 00:02:46,999 I wanted to understand how it works 53 00:02:46,999 --> 00:02:49,250 and uncover the mystery. 54 00:02:50,959 --> 00:02:54,751 The SIM cards, as it turns out are little tiny computers that 55 00:02:54,751 --> 00:02:57,999 everyone has in their pocket that you don't control, 56 00:02:57,999 --> 00:03:00,999 and may not know very much about. 57 00:03:00,999 --> 00:03:03,667 And everyone is walking around with these things. 58 00:03:03,667 --> 00:03:06,083 So I thought there was an interesting opportunity 59 00:03:06,083 --> 00:03:09,999 because I wanted to have SIM cards for this Toorcamp network 60 00:03:09,999 --> 00:03:15,792 and I thought why not get cards that would support running these apps. 61 00:03:15,959 --> 00:03:18,792 This ends up being a lot of work. 62 00:03:18,834 --> 00:03:22,083 It turns out most places that want to sell you SIM cards want 63 00:03:22,083 --> 00:03:24,999 to sell you about 500,000 to start. 64 00:03:24,999 --> 00:03:26,918 We were looking for about 500. 65 00:03:26,918 --> 00:03:30,292 A lot of them were looking for us to sign an NDA. 66 00:03:30,709 --> 00:03:33,918 We wanted to be able to talk about everything we learned. 67 00:03:33,999 --> 00:03:39,417 Some of the cards would support apps but didn't have any GSM support. 68 00:03:39,417 --> 00:03:42,083 So they wouldn't help for what we needed. 69 00:03:42,751 --> 00:03:46,459 There was very little documentation not only on where to get cards 70 00:03:46,459 --> 00:03:49,334 but how to program them, what you can do with them, 71 00:03:49,334 --> 00:03:52,083 and so we put a lot of time into collecting a lot 72 00:03:52,083 --> 00:03:55,375 of information together and we're hoping people can learn 73 00:03:55,375 --> 00:03:58,834 from our misery and build some interesting things with sort 74 00:03:58,834 --> 00:04:01,167 of a forgotten technology. 75 00:04:02,501 --> 00:04:07,250 So the SIM cards that we ended up getting have an ADR processor 76 00:04:07,250 --> 00:04:10,709 in them, not unlike in Arduino. 77 00:04:11,083 --> 00:04:17,375 They have 64k of memory and tiny amount of RAM. 78 00:04:17,626 --> 00:04:22,709 They run what's called JavaCard which we will talk about in a little bit. 79 00:04:22,876 --> 00:04:25,999 And they are somewhere between 30 and 40 megahertz. 80 00:04:25,999 --> 00:04:27,999 They are definitely little computers although definitely have 81 00:04:27,999 --> 00:04:29,999 a lot of limations. 82 00:04:30,209 --> 00:04:33,083 One of the things that I was really hoping was when people arrived 83 00:04:33,083 --> 00:04:36,083 at the conference, there is a registration tent where you pull 84 00:04:36,083 --> 00:04:38,292 up and this is where you get your badge and 85 00:04:38,292 --> 00:04:41,209 the schedule and I wanted to have the SIM cards right there 86 00:04:41,209 --> 00:04:43,375 at the entrance to really encourage people 87 00:04:43,375 --> 00:04:45,292 to use the network. 88 00:04:45,459 --> 00:04:48,334 And so this is what you saw when you arrived. 89 00:04:48,334 --> 00:04:49,999 You had a little packet from us. 90 00:04:49,999 --> 00:04:52,125 Our cell phone company was called Shadytel. 91 00:04:52,584 --> 00:04:55,751 We gave you all the private key information 92 00:04:55,751 --> 00:04:59,999 and everything else that you usually don't have when you get 93 00:04:59,999 --> 00:05:02,999 a SIM card from a carrier. 94 00:05:03,209 --> 00:05:07,999 We wanted to make this an open thing that people could 95 00:05:07,999 --> 00:05:09,792 hack on. 96 00:05:09,834 --> 00:05:12,501 The cell phone network was a huge hit. 97 00:05:12,501 --> 00:05:14,125 We gave away almost 500 SIM cards and we had 98 00:05:14,125 --> 00:05:17,751 over 400 phones connected to the network. 99 00:05:17,834 --> 00:05:19,334 We had a lot of people using SMS saying, 100 00:05:19,334 --> 00:05:21,083 where are you? 101 00:05:21,083 --> 00:05:21,999 There was a big campground and so people were trying 102 00:05:21,999 --> 00:05:23,542 to find each other. 103 00:05:23,584 --> 00:05:26,999 We had free outbound calling anywhere in the world. 104 00:05:26,999 --> 00:05:28,125 People were not only calling people in the camp 105 00:05:28,125 --> 00:05:32,459 but also someone called their mom in Australia and it was really great. 106 00:05:32,999 --> 00:05:36,959 So in some ways our network was more functional than a lot of other networks. 107 00:05:36,959 --> 00:05:38,999 That would have been very expensive to do. 108 00:05:39,417 --> 00:05:42,250 And we even had an FCC license for the weekend. 109 00:05:42,250 --> 00:05:43,792 So this is a very legit thing. 110 00:05:43,792 --> 00:05:44,792 (Applause). 111 00:05:44,792 --> 00:05:46,083 ERIC BUTLER: Thanks. 112 00:05:51,959 --> 00:05:55,959 So SIM applications are often called applets. 113 00:05:55,959 --> 00:05:58,751 They run on the SIM card completely separate 114 00:05:58,751 --> 00:06:01,167 from the phone in. 115 00:06:01,167 --> 00:06:02,584 Many cases the phone doesn't even see what's 116 00:06:02,584 --> 00:06:03,999 going on. 117 00:06:03,999 --> 00:06:05,209 The SIM card has the direct connection 118 00:06:05,209 --> 00:06:07,334 to the base band in many directions again 119 00:06:07,334 --> 00:06:10,999 without going through the phone's operating system. 120 00:06:10,999 --> 00:06:13,999 They can be remotely installed by the carrier, which we 121 00:06:13,999 --> 00:06:18,083 will cover a little bit later and most carrier SIM cards today 122 00:06:18,083 --> 00:06:22,999 support the technologies that we are going to talk about. 123 00:06:22,999 --> 00:06:24,167 It's very common. 124 00:06:24,626 --> 00:06:28,999 Cards can have multiple apps running on them, that's managed 125 00:06:28,999 --> 00:06:34,459 by a card manager master application, and referenced by an AID, applet ID 126 00:06:34,459 --> 00:06:39,959 and on a modern SIM card, the GSM is basically another app. 127 00:06:40,834 --> 00:06:42,999 It's written in a similar way to what we are going 128 00:06:42,999 --> 00:06:44,959 to talk about today. 129 00:06:46,167 --> 00:06:49,125 So what can one of these applets do. 130 00:06:49,209 --> 00:06:52,375 Most phones including modern smartphones 131 00:06:52,375 --> 00:06:56,083 will support basic user interface. 132 00:06:56,083 --> 00:06:59,876 It will show up on the phone to display menus, text. 133 00:06:59,876 --> 00:07:00,999 You can do user input. 134 00:07:00,999 --> 00:07:03,125 You can sometimes play sounds and this also works on a lot 135 00:07:03,125 --> 00:07:07,667 of dumb phones which is interesting for the developing world. 136 00:07:07,667 --> 00:07:10,375 Some phones will let the SIM launch URLs. 137 00:07:10,626 --> 00:07:13,751 Some phones you can send us a message, initiate calls, 138 00:07:13,751 --> 00:07:15,709 use data service. 139 00:07:16,125 --> 00:07:18,918 You can receive events or you might in some cases be able 140 00:07:18,918 --> 00:07:21,584 to detect when the user is dialing something and maybe even 141 00:07:21,584 --> 00:07:23,459 rewrite that number. 142 00:07:23,459 --> 00:07:25,459 There are a lot of other options. 143 00:07:25,459 --> 00:07:28,999 There are over 200 unique features that a handset can declare to the SIM card, 144 00:07:28,999 --> 00:07:31,375 this is what I support. 145 00:07:31,626 --> 00:07:33,918 And in some cases, you can even run arbitrary AT 146 00:07:33,918 --> 00:07:37,083 commands sent direction to the GSM modem. 147 00:07:37,876 --> 00:07:42,375 Just a few examples of SIM applet in the wild. 148 00:07:43,626 --> 00:07:47,167 We have MPESA, which is a mobile payment system 149 00:07:47,167 --> 00:07:52,417 in Kenya with over 15 million users and almost all of that is based 150 00:07:52,417 --> 00:07:55,709 on the SIM applet technology. 151 00:07:55,999 --> 00:07:58,999 It's also sometimes used for menus to top up your phone or 152 00:07:58,999 --> 00:08:01,501 to get other information. 153 00:08:01,501 --> 00:08:03,999 Not very common in the US but much more common 154 00:08:03,999 --> 00:08:05,999 in other places. 155 00:08:05,999 --> 00:08:07,417 So it's not at all surprising if you have never seen this 156 00:08:07,417 --> 00:08:09,542 on your phone if you live here but if you are coming 157 00:08:09,542 --> 00:08:12,709 from somewhere else, you might have seen this before. 158 00:08:12,834 --> 00:08:16,083 KARL KOSCHER: All right. 159 00:08:16,125 --> 00:08:18,626 How do these applications actually work? 160 00:08:18,626 --> 00:08:20,999 So with any good telco technology, it's 161 00:08:20,999 --> 00:08:25,459 a Maddening complex stack of technologies. 162 00:08:25,876 --> 00:08:29,999 At sort of the bottom layer is the smart cards themselves, 163 00:08:29,999 --> 00:08:34,417 which SIM cards are a particular type of. 164 00:08:34,417 --> 00:08:36,542 There's JavaCard, which came out of Sun 165 00:08:36,542 --> 00:08:40,751 in the late '90s which lets you write smart card applications 166 00:08:40,751 --> 00:08:45,292 with a variant of Java and this is what most SIM Cards support today 167 00:08:45,292 --> 00:08:49,334 for writing applet and there's a SIM toolkit API which lets 168 00:08:49,334 --> 00:08:53,918 the SIM card talk to the phone and push events and receive events 169 00:08:53,918 --> 00:08:55,334 as well. 170 00:08:55,334 --> 00:09:00,375 And then there's this standard called GlobalPlatform, which was originally 171 00:09:00,375 --> 00:09:03,459 developed by Visa to allow third parties 172 00:09:03,459 --> 00:09:08,542 to develop applications and load them on to the card. 173 00:09:08,959 --> 00:09:11,125 So a bit about smart cards. 174 00:09:11,375 --> 00:09:14,959 They are designed for secure storage and computation, 175 00:09:14,959 --> 00:09:18,584 and one of the key ideas with smart cards is that 176 00:09:18,584 --> 00:09:22,375 the secret keys do not leave the card. 177 00:09:22,375 --> 00:09:25,167 So you can ask the card to do things on your behalf, like, sign things, 178 00:09:25,167 --> 00:09:27,999 encrypt things, decrypt things. 179 00:09:27,999 --> 00:09:30,876 So these are widely used for, like, corporate log ins, 180 00:09:30,876 --> 00:09:33,876 US government uses them a lot. 181 00:09:33,876 --> 00:09:37,876 They are used for satellite TV DRM, they are used for ecache 182 00:09:37,876 --> 00:09:40,999 in some parts of the world. 183 00:09:41,292 --> 00:09:42,834 All sorts of things. 184 00:09:42,834 --> 00:09:47,459 And basically the way that they work there are these things called 185 00:09:47,459 --> 00:09:52,083 APDUs, which are command and response packets. 186 00:09:52,417 --> 00:09:55,999 Typically, these are a stream of bytes and you sort of have 187 00:09:55,999 --> 00:10:00,209 an instruction, a class of instruction, a couple of one byte parameters 188 00:10:00,209 --> 00:10:03,417 and maybe some variable length data. 189 00:10:04,501 --> 00:10:08,667 So that's the basic interface that smart cards have. 190 00:10:08,918 --> 00:10:09,918 So JavaCard. 191 00:10:10,125 --> 00:10:11,834 It's Java. 192 00:10:12,375 --> 00:10:13,959 Not really. 193 00:10:13,999 --> 00:10:16,083 There's no garbage collection. 194 00:10:16,083 --> 00:10:19,792 You can call new, but it won't clean up after itself. 195 00:10:19,999 --> 00:10:22,000 There are no characters. 196 00:10:22,000 --> 00:10:26,584 There are no strains New York floats and no multidimensional arrays. 197 00:10:26,584 --> 00:10:28,709 So this gets interesting and if you are lucky, 198 00:10:28,709 --> 00:10:31,751 you might have some ints, otherwise you are stuck 199 00:10:31,751 --> 00:10:33,999 with bytes and shorts. 200 00:10:34,999 --> 00:10:37,584 Of course, there's no standard Java APIs 201 00:10:37,584 --> 00:10:41,999 for file IO or threads or anything crazy like that. 202 00:10:42,417 --> 00:10:46,918 One interesting thing about this is that they envision these cards 203 00:10:46,918 --> 00:10:50,918 as being very simple, and so what regular JVMs do when 204 00:10:50,918 --> 00:10:55,834 they load class files they verify that the class files are correct 205 00:10:55,834 --> 00:11:01,083 and so that they can't violate any of the safety and security properties 206 00:11:01,083 --> 00:11:04,083 that Java tries to provide. 207 00:11:04,417 --> 00:11:09,999 JavaCards do not have to verify the apps that are loaded on to them. 208 00:11:09,999 --> 00:11:11,999 That's sort of delegated to whoever installs 209 00:11:11,999 --> 00:11:14,999 the applications which as you will see later, 210 00:11:14,999 --> 00:11:20,542 typically means that you can't load apps on to arbitrary JavaCards. 211 00:11:20,709 --> 00:11:22,999 There are exceptions, though. 212 00:11:22,999 --> 00:11:24,876 So everyone loves exceptions. 213 00:11:24,918 --> 00:11:28,999 So that's how you return errors back to the smart card interface. 214 00:11:29,125 --> 00:11:33,167 One interesting thing to note when you are developing 215 00:11:33,167 --> 00:11:37,501 for these is that instance and class variables are saved 216 00:11:37,501 --> 00:11:40,999 in EEPROM so those survive through power cycles 217 00:11:40,999 --> 00:11:45,459 but they have limits write endurance, anywhere from 1,000, 218 00:11:45,459 --> 00:11:47,999 5,000 write cycles. 219 00:11:48,250 --> 00:11:53,209 So you may not want to update these variables a lot. 220 00:11:53,209 --> 00:11:55,999 How do you actually build these things? 221 00:11:56,083 --> 00:12:00,959 So there's some commercial we looked into how to actually write these apps 222 00:12:00,959 --> 00:12:05,375 for our Shadytel SIMs and there are a lot of commercial IDEs for this, 223 00:12:05,375 --> 00:12:08,209 but they start around $3,000. 224 00:12:08,250 --> 00:12:10,459 That was a nonstarter for us. 225 00:12:11,250 --> 00:12:13,542 You can download the JavaCard development kit 226 00:12:13,542 --> 00:12:15,584 from Oracle for free. 227 00:12:15,709 --> 00:12:19,459 That was kind of surprising, but thanks, Oracle, for that. 228 00:12:19,709 --> 00:12:22,501 You can actually build these with eclipse. 229 00:12:23,334 --> 00:12:27,083 You have to add in the JavaCard run time library 230 00:12:27,083 --> 00:12:30,584 and you remove the JRE library. 231 00:12:34,334 --> 00:12:36,999 And then you have to do some craziness 232 00:12:36,999 --> 00:12:40,209 with the command line, but we made some tools 233 00:12:40,209 --> 00:12:43,751 to make this whole process easier. 234 00:12:44,792 --> 00:12:47,083 So what about STK apps. 235 00:12:47,083 --> 00:12:51,250 So STK apps are JavaCard apps and the way that they work is that 236 00:12:51,250 --> 00:12:54,834 they first get loaded on to the card and then 237 00:12:54,834 --> 00:12:59,918 the app when it gets instantiated on the card, it registers itself 238 00:12:59,918 --> 00:13:04,999 with the SIM card toolkit run time, and this SIM toolkit run time, 239 00:13:04,999 --> 00:13:08,999 it's informed of the phone's capabilities using those 240 00:13:08,999 --> 00:13:13,459 200 feature bests that we were talking about. 241 00:13:13,834 --> 00:13:17,083 This run time then lets all of the applications know 242 00:13:17,083 --> 00:13:21,959 or it tells the phone what all the applications are on the card, 243 00:13:21,959 --> 00:13:26,542 and then you have this menu of applications that you can select 244 00:13:26,542 --> 00:13:30,751 and when you select one, it actually dispatches an event 245 00:13:30,751 --> 00:13:34,709 to your particular JavaCard application. 246 00:13:35,083 --> 00:13:36,999 And then the app can do some IO back 247 00:13:36,999 --> 00:13:40,999 and forth through the standard SIM toolkit API. 248 00:13:41,626 --> 00:13:45,167 And so basically the way that this code looks 249 00:13:45,167 --> 00:13:48,999 is you have a class that has so with JavaCard, 250 00:13:48,999 --> 00:13:52,501 there are two standard methods. 251 00:13:52,501 --> 00:13:56,751 There's install which is responsible for instantiating the class 252 00:13:56,751 --> 00:14:00,584 and registering it with the JavaCard run time, and 253 00:14:00,584 --> 00:14:05,999 the SIM toolkit run time and there's also a process method which takes 254 00:14:05,999 --> 00:14:11,459 in the APDUs and does whatever computation you need there. 255 00:14:11,709 --> 00:14:15,459 For sim toolkit process is not typically used. 256 00:14:15,459 --> 00:14:18,167 There's typically process toolkit is called and these are 257 00:14:18,167 --> 00:14:22,125 for events that get delivered from the phone. 258 00:14:22,501 --> 00:14:25,542 You can also request a timer event to be sent back to you. 259 00:14:25,542 --> 00:14:27,083 So you can periodically wake up. 260 00:14:28,542 --> 00:14:36,292 So for Toorcamp, what we wanted to do is create some sample STK Aprils 261 00:14:36,292 --> 00:14:42,584 to get people interested and use the SIM cards. 262 00:14:42,999 --> 00:14:46,292 We had a simple app that we made that said "credits" 263 00:14:46,292 --> 00:14:50,999 an there and it would bring up the list of people who created 264 00:14:50,999 --> 00:14:55,167 the GSM network at Toorcamp, but the and that's all it did 265 00:14:55,167 --> 00:14:58,125 the first time you run it. 266 00:14:58,125 --> 00:14:59,999 But the second time you run it, it would ask if you wanted hinted 267 00:14:59,999 --> 00:15:02,999 for the crypto challenge that we were running. 268 00:15:03,375 --> 00:15:07,167 And the interesting thing about this is that we were able to store 269 00:15:07,167 --> 00:15:10,083 the hints on secure hardware. 270 00:15:10,083 --> 00:15:13,542 You couldn't extract them and we had some tamper resistant flags 271 00:15:13,542 --> 00:15:16,626 that were stored on secure hardware that marked 272 00:15:16,626 --> 00:15:20,626 whether you had viewed any of the hints or not and then as we 273 00:15:20,626 --> 00:15:25,083 will describe later, we had a way to remotely query what hints people 274 00:15:25,083 --> 00:15:27,209 had viewed, although we never got 275 00:15:27,209 --> 00:15:30,083 around to implementing that. 276 00:15:30,375 --> 00:15:34,167 So what does this code actually look like? 277 00:15:34,292 --> 00:15:36,667 I warn you, it's ugly! 278 00:15:36,751 --> 00:15:39,292 So if you want to create strings, you might remember there are no 279 00:15:39,292 --> 00:15:41,584 characters and no strings. 280 00:15:41,584 --> 00:15:43,918 So you have to create a byte array of individual bytes 281 00:15:43,918 --> 00:15:46,334 or individual characters. 282 00:15:46,834 --> 00:15:51,709 This is by far the most painful part of writing apps well, 283 00:15:51,709 --> 00:15:55,083 except nor debugging them. 284 00:15:55,083 --> 00:15:56,375 That's even more painful. 285 00:15:56,375 --> 00:15:57,375 (Laughter). 286 00:15:57,375 --> 00:15:58,584 But we will get to that. 287 00:15:58,999 --> 00:16:02,709 And so basically, the way that these that this Toorcamp 288 00:16:02,709 --> 00:16:07,083 app worked, the install gets called by the JavaCard runtime when it 289 00:16:07,083 --> 00:16:09,125 gets installed. 290 00:16:09,125 --> 00:16:10,999 That registers itself with the runtime and you can select 291 00:16:10,999 --> 00:16:12,209 the app. 292 00:16:12,709 --> 00:16:15,334 It registers itself with the SIM toolkit and a lot 293 00:16:15,334 --> 00:16:18,959 of this code is for reference later and the slides that 294 00:16:18,959 --> 00:16:22,083 will be available from our website. 295 00:16:22,083 --> 00:16:24,751 So you don't have to memorize any of this right now. 296 00:16:25,334 --> 00:16:28,999 And then sort of the when when events get handed 297 00:16:28,999 --> 00:16:33,542 down from the phone, you get a single byte that says what kind 298 00:16:33,542 --> 00:16:35,667 of event it is. 299 00:16:35,792 --> 00:16:40,083 Usually it's like a menu selection or something, and in this case, 300 00:16:40,083 --> 00:16:43,584 it checks to see if the hints that were given, 301 00:16:43,584 --> 00:16:46,501 if we displayed any hints. 302 00:16:46,501 --> 00:16:48,792 If not, we just show the credits. 303 00:16:48,792 --> 00:16:53,918 Otherwise, we mark that this app has been run before and then we show 304 00:16:53,918 --> 00:16:57,999 the menu for the hints constructing constructing 305 00:16:57,999 --> 00:17:02,999 UIs to send back to the phone is really ugly. 306 00:17:02,999 --> 00:17:06,999 You basically have this byte array of type length values and you have this 307 00:17:06,999 --> 00:17:11,417 API sort of that lets you pin stuff to this byte array and you have 308 00:17:11,417 --> 00:17:15,125 to send a byte array back, and it's kind of nightmarish, 309 00:17:15,125 --> 00:17:17,083 but it works. 310 00:17:17,334 --> 00:17:19,792 So that's basically what it's doing here is creating these menu items 311 00:17:19,792 --> 00:17:22,083 and sending it back to the phone. 312 00:17:22,375 --> 00:17:26,083 And then also that remote query capability, we had we used 313 00:17:26,083 --> 00:17:31,751 the standard JavaCard process method to expose an instruction that would let 314 00:17:31,751 --> 00:17:36,292 you query the card for what hints had been viewed. 315 00:17:38,709 --> 00:17:42,125 ERIC BUTLER: So to build JavaCard apps, you have 316 00:17:42,125 --> 00:17:46,250 to target an older version of Java, but you start out using 317 00:17:46,250 --> 00:17:51,876 a standard compiling, 1.1 byte code and 1.3 source compatibility. 318 00:17:52,626 --> 00:17:54,999 Once the standard Java compiler creates 319 00:17:54,999 --> 00:17:58,918 the class file, you then need to convert it to something that 320 00:17:58,918 --> 00:18:03,999 is compatible with JavaCard, and the STK includes a tool to do that. 321 00:18:04,250 --> 00:18:07,709 There's an application ID we mentioned earlier, that you can have multiple cards 322 00:18:07,709 --> 00:18:09,999 or multiple apps on a card. 323 00:18:09,999 --> 00:18:13,834 This is where you specify the ID that your app is going to use. 324 00:18:15,626 --> 00:18:20,542 A cap file is similar it's at the end of that, it creates a cap file which 325 00:18:20,542 --> 00:18:25,918 is similar to a jar file, it's a zip file of byte code and we have created make 326 00:18:25,918 --> 00:18:30,542 files and other scripts to make this all much easier so you don't have 327 00:18:30,542 --> 00:18:33,876 to remember any of these commands. 328 00:18:33,876 --> 00:18:35,626 You can just type make and it will go. 329 00:18:38,876 --> 00:18:42,709 One of the big questions that I had when I started this project was how do 330 00:18:42,709 --> 00:18:46,501 we actually communicate with the SIM cards physically? 331 00:18:46,709 --> 00:18:48,876 And I found that really there are two types 332 00:18:48,876 --> 00:18:51,999 of readers that you have to consider. 333 00:18:52,250 --> 00:18:56,792 The most common type is called PCSC, PC smart card API. 334 00:18:56,876 --> 00:19:01,292 These are usually designed to be used with a full sized smart card. 335 00:19:01,292 --> 00:19:02,792 So, you know, sometimes when you get a SIM card, 336 00:19:02,792 --> 00:19:06,209 it comes in a full sized card and you punch it out. 337 00:19:06,209 --> 00:19:07,999 What we usually do is we save that plastic housing 338 00:19:07,999 --> 00:19:10,375 and put a piece of tape on the back so we can put 339 00:19:10,375 --> 00:19:13,999 the SIM card in when we want to interface with it. 340 00:19:13,999 --> 00:19:16,751 These are the same type of readers that you would use 341 00:19:16,751 --> 00:19:21,083 for corporate log in and VPN access, anything like that. 342 00:19:21,292 --> 00:19:24,167 The other type of reader is a serial reader. 343 00:19:24,209 --> 00:19:26,626 These are usually smaller and are just the size 344 00:19:26,626 --> 00:19:29,125 of a standardized SIM card. 345 00:19:29,125 --> 00:19:32,501 They are also sold for backing up, like the contacts on your SIM card, 346 00:19:32,501 --> 00:19:35,999 but I don't think anybody does that anymore. 347 00:19:36,334 --> 00:19:38,999 They are cheap and easy to get. 348 00:19:38,999 --> 00:19:42,083 It doesn't matter which reader you get, but the PCSC readers are 349 00:19:42,083 --> 00:19:44,250 more compatibility. 350 00:19:44,250 --> 00:19:46,999 If you use any official software, commercial software, 351 00:19:46,999 --> 00:19:50,542 it's almost certainly built for that API and there's also 352 00:19:50,542 --> 00:19:53,751 an open source stack for PCSC that open source uses 353 00:19:53,751 --> 00:19:57,417 and I highly recommend getting one of those. 354 00:19:57,709 --> 00:20:02,334 The reader uses this one, which is $8 and it folds up nice and small. 355 00:20:02,334 --> 00:20:03,626 So it is very convenient. 356 00:20:05,000 --> 00:20:07,834 So at this point, we had written some horrible 357 00:20:07,834 --> 00:20:09,542 looking code. 358 00:20:09,542 --> 00:20:11,999 We had compiled it with the Java compiler. 359 00:20:11,999 --> 00:20:15,459 We converted it to this cap file and we felt like we had this thing ready 360 00:20:15,459 --> 00:20:16,918 to go. 361 00:20:16,918 --> 00:20:20,000 We had some SIM cards but we couldn't really get it to load. 362 00:20:20,459 --> 00:20:26,125 We found a lot of references to GPshell, which is GlobalPlatform shell. 363 00:20:26,125 --> 00:20:27,999 We couldn't get it work. 364 00:20:29,125 --> 00:20:34,000 Our SIM vendor, we asked them, hey, what software do they use? 365 00:20:34,000 --> 00:20:36,459 And they sent us back a screen shot of this very simple app 366 00:20:36,459 --> 00:20:39,918 with like choose your file, choose your reader, hit go and it 367 00:20:39,918 --> 00:20:41,417 will do it. 368 00:20:41,417 --> 00:20:43,959 We said, oh, great, can you send it to us? 369 00:20:43,959 --> 00:20:44,959 Oh, no. 370 00:20:45,083 --> 00:20:46,626 Is it available anywhere? 371 00:20:46,626 --> 00:20:47,626 No. 372 00:20:47,626 --> 00:20:48,626 No. 373 00:20:48,626 --> 00:20:49,626 No. 374 00:20:49,626 --> 00:20:50,209 And then eventually, they offered us, okay, for $600, we 375 00:20:50,209 --> 00:20:53,000 will send you this program that we didn't write and we don't own 376 00:20:53,000 --> 00:20:54,918 the copyright to. 377 00:20:54,999 --> 00:20:57,250 So we decided not to do that. 378 00:20:57,501 --> 00:21:00,125 And so we kept looking to see what else was out there 379 00:21:00,125 --> 00:21:02,999 and we had to start digging into a little more details 380 00:21:02,999 --> 00:21:07,876 on the communication protocols that are used to interface with smart cards. 381 00:21:07,999 --> 00:21:10,999 KARL KOSCHER: So this program they were trying 382 00:21:10,999 --> 00:21:14,709 to sell us was SIM Alliance Loader. 383 00:21:17,292 --> 00:21:21,751 SIM alliance had come out with v2 and it's basically 384 00:21:21,751 --> 00:21:27,083 an industry group which advocates for using apps on SIM cards and 385 00:21:27,083 --> 00:21:30,334 they have a bunch of tools. 386 00:21:30,792 --> 00:21:36,999 The SIM Alliance Loader is this crazy Windows Java app that 387 00:21:36,999 --> 00:21:41,167 is really intended for experts. 388 00:21:41,999 --> 00:21:45,459 It is you know, it's clearly designed for people who know what 389 00:21:45,459 --> 00:21:48,375 they are doing, which means not us. 390 00:21:48,375 --> 00:21:51,999 So we spent a lot of time figuring out how to actually configure 391 00:21:51,999 --> 00:21:56,626 the right to key boxes and settings to get our apps to actually load, 392 00:21:56,626 --> 00:22:00,999 but if you know what you are doing, and you are running Windows 393 00:22:00,999 --> 00:22:04,918 and you are willing to put up with the slowness, it takes 394 00:22:04,918 --> 00:22:09,209 like two minutes to load something on a SIM card and this program 395 00:22:09,209 --> 00:22:13,999 is available and it will load stuff on our SIM cards. 396 00:22:15,083 --> 00:22:20,999 But for a variety of reasons, we thought that using this suggesting 397 00:22:20,999 --> 00:22:26,209 this to the Toorcamp attendees was not an acceptable solution 398 00:22:26,209 --> 00:22:29,999 for loads apps on to SIM cards plus we had 399 00:22:29,999 --> 00:22:33,999 to prevision a thousand of these SIM cards and 400 00:22:33,999 --> 00:22:39,167 at two minutes a pop, it would take quite a while. 401 00:22:39,542 --> 00:22:41,626 So we wanted to come up with something faster 402 00:22:41,626 --> 00:22:43,667 and more portable. 403 00:22:43,999 --> 00:22:48,999 And thus, we started to delve into the world of GlobalPlatform. 404 00:22:49,292 --> 00:22:52,999 So what GlobalPlatform is, it's a standard for loading 405 00:22:52,999 --> 00:22:55,999 and managing apps on Java card. 406 00:22:57,334 --> 00:23:00,250 It defines the card manager app. 407 00:23:00,292 --> 00:23:04,918 This is the protocols and the commands used to install apps 408 00:23:04,918 --> 00:23:07,125 on the SIM card. 409 00:23:07,417 --> 00:23:13,167 It covers authentication for loading apps and encryption 410 00:23:13,167 --> 00:23:18,209 between the apps and off card party. 411 00:23:18,417 --> 00:23:21,999 It also talks about some of the off card responsibilities such 412 00:23:21,999 --> 00:23:26,209 as the issuer needs to verify apps that get put on there. 413 00:23:26,209 --> 00:23:29,959 And because of that, the issuer so there's a bunch 414 00:23:29,959 --> 00:23:35,542 of security domains that are defined by GlobalPlatform and basically 415 00:23:35,542 --> 00:23:40,584 the top level one is the issuer security domain. 416 00:23:43,083 --> 00:23:46,459 That's responsible for authorizing any code that gets 417 00:23:46,459 --> 00:23:48,918 loaded on to the card. 418 00:23:48,959 --> 00:23:52,999 And so in practice, this means that you can't load apps 419 00:23:52,999 --> 00:23:57,751 on to your own SIM cards, except a couple of days earlier 420 00:23:57,751 --> 00:24:01,083 at Black Hat, Karsten Nohl showed that 25% 421 00:24:01,083 --> 00:24:07,501 of SIM cards use have a I don't know, crypto bug, I guess you would call it, 422 00:24:07,501 --> 00:24:12,999 where you can actually that you can actually exploit to load stuff 423 00:24:12,999 --> 00:24:15,501 on to those cards. 424 00:24:15,667 --> 00:24:20,584 The way that worked is you you can sign these install 425 00:24:20,584 --> 00:24:26,375 commands with a desk key, and if that desk key is incorrect, it 426 00:24:26,375 --> 00:24:30,792 will send you back an error message. 427 00:24:30,876 --> 00:24:34,250 And sometimes those error messages are also signed. 428 00:24:34,334 --> 00:24:37,626 If you don't know the right key, you send random junk 429 00:24:37,626 --> 00:24:41,501 and you get back a signed error response. 430 00:24:41,501 --> 00:24:44,834 And because it's desk, you can brute force this and apparently 431 00:24:44,834 --> 00:24:47,584 he's able to do this with some rainbow tables 432 00:24:47,584 --> 00:24:49,999 and that's pretty cool. 433 00:24:51,834 --> 00:24:55,999 But so going back to GlobalPlatform, when you have 434 00:24:55,999 --> 00:25:00,209 a standard unprovisioned, unpersonalized JavaCard, 435 00:25:00,209 --> 00:25:06,083 the issuer security domain is the default app on the card. 436 00:25:06,083 --> 00:25:09,501 So you can just say, hey, install this and set all of these keys 437 00:25:09,501 --> 00:25:12,375 but accessing it on our SIM was much harder 438 00:25:12,375 --> 00:25:16,918 because the GSM SIM app was the default app and we couldn't select 439 00:25:16,918 --> 00:25:19,334 the GlobalPlatform app. 440 00:25:19,334 --> 00:25:23,918 It was totally inaccessible over the standard APDUs. 441 00:25:23,918 --> 00:25:27,918 So we wanted to figure out exactly how this operated. 442 00:25:28,999 --> 00:25:32,999 Brief bit about actually how stuff gets loaded on here. 443 00:25:32,999 --> 00:25:35,999 So installation is a two step process. 444 00:25:35,999 --> 00:25:40,999 You first load the binary, which is the install for load command, 445 00:25:40,999 --> 00:25:45,792 and then you need to instantiate that app by doing 446 00:25:45,792 --> 00:25:51,292 the install for install command, which basically you give it 447 00:25:51,292 --> 00:25:56,999 the application ID, both of the binary package that you sent 448 00:25:56,999 --> 00:26:01,999 to it, the application ID of the main class to use, and 449 00:26:01,999 --> 00:26:08,959 an application ID that you want assigned to the main instance. 450 00:26:08,999 --> 00:26:12,999 And the binary that you send to it, basically is just straight 451 00:26:12,999 --> 00:26:15,125 from this CAP file. 452 00:26:15,334 --> 00:26:18,125 You unzip the CAP file, concatenate everything, 453 00:26:18,125 --> 00:26:22,083 and shove it out the card, and that works. 454 00:26:23,501 --> 00:26:25,667 As a said, unfortunately this doesn't really work 455 00:26:25,667 --> 00:26:27,459 with our SIM cards. 456 00:26:27,542 --> 00:26:32,876 In fact, we found out the only way to actually talk to GlobalPlatform 457 00:26:32,876 --> 00:26:36,292 on our cards is through an over the air update 458 00:26:36,292 --> 00:26:39,959 mechanism, like over SMS packets. 459 00:26:40,083 --> 00:26:44,876 But fortunately, we didn't have to actually send these SMS packets. 460 00:26:44,876 --> 00:26:46,999 All we had to do was pretend that we were 461 00:26:46,999 --> 00:26:52,083 a phone and send it the right APUs to save incoming SMS was received 462 00:26:52,083 --> 00:26:55,250 and here's the installation. 463 00:26:55,292 --> 00:26:57,125 So what does that actually look like? 464 00:26:58,501 --> 00:27:00,999 Well, this is where it gets really complicated 465 00:27:00,999 --> 00:27:05,626 and this is where I spent many, many hours reverse engineering this. 466 00:27:05,876 --> 00:27:09,999 So at the top level, there's an APDU called cat envelope. 467 00:27:09,999 --> 00:27:14,375 And that's a way to deliver to the SIM toolkit some message, 468 00:27:14,375 --> 00:27:19,999 either an event it's typically an event, either an incoming SMS, or 469 00:27:19,999 --> 00:27:23,999 a menu selection or something else. 470 00:27:23,999 --> 00:27:29,167 Inside, that you have an event for an SMS point to point download. 471 00:27:29,334 --> 00:27:32,626 Inside that you say who sent it. 472 00:27:32,959 --> 00:27:35,999 Inside that you actually have the SMS message. 473 00:27:35,999 --> 00:27:39,417 Inside that you have a header and you have your user data, 474 00:27:39,417 --> 00:27:43,334 and the user data consists of a header and also the command 475 00:27:43,334 --> 00:27:47,876 and finally at the very bottom is APDU that actually gets delivered 476 00:27:47,876 --> 00:27:49,999 to GlobalPlatform. 477 00:27:50,083 --> 00:27:52,876 And so this tiny little (Laughter). 478 00:27:52,999 --> 00:27:56,626 this tiny little packet ends up being huge when sent 479 00:27:56,626 --> 00:27:59,167 over this mechanism. 480 00:27:59,417 --> 00:28:02,209 And this is, you know, the telecom way, just wrap everything 481 00:28:02,209 --> 00:28:04,626 in layers of complexity. 482 00:28:05,083 --> 00:28:10,999 But in case you missed it, I want to make something clear here. 483 00:28:10,999 --> 00:28:15,999 You can use this exact mechanism to send arbitrary APDUs 484 00:28:15,999 --> 00:28:20,999 to SIM cards through this SMS capability. 485 00:28:21,250 --> 00:28:25,167 One thing that came up is whether these cards use 486 00:28:25,167 --> 00:28:30,083 individualized keys or a single key and we don't actually know 487 00:28:30,083 --> 00:28:35,375 because we haven't tried this on any commercial SIMs. 488 00:28:38,792 --> 00:28:41,667 One reason they might not use individualized key 489 00:28:41,667 --> 00:28:45,209 is there's something called cell broadcast. 490 00:28:45,209 --> 00:28:47,584 And cell broadcast this is sort of variant 491 00:28:47,584 --> 00:28:52,999 on SMS that's mostly used these days for emergency alerts that are pushed 492 00:28:52,999 --> 00:28:54,999 to your phone. 493 00:28:54,999 --> 00:28:57,542 And so it's basically a broadcast SMS. 494 00:28:57,542 --> 00:29:01,375 And so carriers could actually use this to broadcast installation messages 495 00:29:01,375 --> 00:29:04,375 and push apps out to your phone. 496 00:29:04,751 --> 00:29:08,167 As I said, normally, you need to authenticate to do this. 497 00:29:08,209 --> 00:29:11,999 If you want to learn how to do it without authenticating or knowing 498 00:29:11,999 --> 00:29:15,999 the private keys, go to see Karsten Nohl's talk. 499 00:29:18,125 --> 00:29:22,209 So once we have reverse engineered how this actually worked, 500 00:29:22,209 --> 00:29:26,459 we wrote this Python script that works on OSX, Linux, Windows, 501 00:29:26,459 --> 00:29:29,083 it just works everywhere! 502 00:29:29,459 --> 00:29:32,999 And it's kind of easy to use. 503 00:29:33,542 --> 00:29:37,417 So load an application on the SIM card, all you have to do 504 00:29:37,417 --> 00:29:42,083 is just specify what interface you want, PCSC or serial and say dash l 505 00:29:42,083 --> 00:29:44,918 for load and it loads it. 506 00:29:45,292 --> 00:29:48,918 Instantiating is a different story. 507 00:29:48,918 --> 00:29:51,375 And this is this is all SIM toolkit's fault 508 00:29:51,375 --> 00:29:53,999 and JavaCard's fault. 509 00:29:54,999 --> 00:29:58,584 Basically you say I want to instantiate this. 510 00:30:01,876 --> 00:30:04,375 So the module ID is the application ID 511 00:30:04,375 --> 00:30:07,999 of the main class that you want to use. 512 00:30:07,999 --> 00:30:10,709 The instance AID is used for selection of that applet 513 00:30:10,709 --> 00:30:12,999 outside of SIM toolkit. 514 00:30:13,292 --> 00:30:19,501 You have to tell the installer that this is actually a SIM toolkit app 515 00:30:19,501 --> 00:30:25,375 and you want it to be registered and how many menu entries you want 516 00:30:25,375 --> 00:30:28,999 in that main application menu. 517 00:30:28,999 --> 00:30:34,083 You have to tell it how many characters your biggest entry is. 518 00:30:34,334 --> 00:30:38,792 You have to tell the card exactly how much memory you 519 00:30:38,792 --> 00:30:43,709 need, both in RAM to install the app and in the EEPROM 520 00:30:43,709 --> 00:30:49,250 to for all of the instance and the class variables. 521 00:30:49,459 --> 00:30:53,209 And you can you can specify more than is necessary, 522 00:30:53,209 --> 00:30:57,626 like we always specify hex 100 for 256 bytes. 523 00:30:58,083 --> 00:31:02,459 But this is sort of the way that cards manage their 524 00:31:02,459 --> 00:31:04,999 memory resources. 525 00:31:04,999 --> 00:31:06,999 And then, of course, you can also just list 526 00:31:06,999 --> 00:31:10,834 the applications on the card with dash t and there are a bunch 527 00:31:10,834 --> 00:31:14,417 of different commands that this app supports such as updating 528 00:31:14,417 --> 00:31:16,999 the phone book and uh oh. 529 00:31:16,999 --> 00:31:23,792 How these guys doing so far? 530 00:31:25,167 --> 00:31:27,250 (Applause) Okay. 531 00:31:28,918 --> 00:31:32,125 So the DEF CON experience includes a lot of different things but one of it 532 00:31:32,125 --> 00:31:34,667 is cutting edge technical talks. 533 00:31:34,667 --> 00:31:37,209 It is very hard to get accepted as a speaker. 534 00:31:37,584 --> 00:31:39,999 The bar is very, very high. 535 00:31:40,083 --> 00:31:41,834 This is their first time. 536 00:31:41,834 --> 00:31:43,584 So give them a big round of applause. 537 00:31:48,584 --> 00:31:51,751 (Applause) So obviously we have a little bit of a tradition. 538 00:31:51,751 --> 00:31:53,709 We will do a shot on stage with them. 539 00:31:55,918 --> 00:31:57,083 Here we go. 540 00:31:58,876 --> 00:32:00,959 Cheers, man! 541 00:32:02,542 --> 00:32:04,709 Cheers, gentlemen! 542 00:32:04,709 --> 00:32:05,709 Cheers! 543 00:32:10,999 --> 00:32:15,250 Now we will see if they can pick up their talk where they left off. 544 00:32:21,999 --> 00:32:23,999 (Laughter) KARL KOSCHER: All right, so how We have 545 00:32:23,999 --> 00:32:25,709 to do this shit all day. 546 00:32:25,709 --> 00:32:29,999 So KARL KOSCHER: How do I become a goon is my question. 547 00:32:30,999 --> 00:32:32,334 All right. 548 00:32:32,334 --> 00:32:34,751 So how do you know if this actually works? 549 00:32:35,083 --> 00:32:36,292 Well what? 550 00:32:36,292 --> 00:32:38,999 Oh, this is your slide. 551 00:32:38,999 --> 00:32:39,999 Okay. 552 00:32:40,083 --> 00:32:43,959 I'll apparently the shot already going to the head. 553 00:32:43,959 --> 00:32:47,417 So ERIC BUTLER: So after all of this work of going 554 00:32:47,417 --> 00:32:52,501 through the steps and learning the protocols on how to install it, 555 00:32:52,501 --> 00:32:57,292 we finally had something that appeared to succeed. 556 00:32:57,292 --> 00:33:00,667 What you can see on the left is our the same Python script also has that 557 00:33:00,667 --> 00:33:03,334 command to list applets and at the beginning we see 558 00:33:03,334 --> 00:33:05,292 the applet appears to be on the phone 559 00:33:05,292 --> 00:33:08,751 but how do you actually see if it's working? 560 00:33:08,792 --> 00:33:11,999 Most phones have some way to access a SIM menu that 561 00:33:11,999 --> 00:33:16,125 will only appear if the SIM card actually has a menu. 562 00:33:16,125 --> 00:33:19,083 So on the iPhone, you go into settings and go to phone and 563 00:33:19,083 --> 00:33:22,876 the SIM applications menu item will appear and on Android, it 564 00:33:22,876 --> 00:33:26,167 will appear in the Min application list. 565 00:33:27,542 --> 00:33:30,417 And from there, you see the menu of all the cards you have installed 566 00:33:30,417 --> 00:33:32,083 and can interact. 567 00:33:33,834 --> 00:33:37,375 Karl was saying one of the worst parts of this is writing 568 00:33:37,375 --> 00:33:42,999 the code and writing out strings but testing is actually pretty bad too. 569 00:33:42,999 --> 00:33:45,792 So you can imagine this flow is you turn off your phone, you take 570 00:33:45,792 --> 00:33:48,709 out the battery and take out the SIM card and you put 571 00:33:48,709 --> 00:33:52,209 the SIM card into your computer and you load SIM card and you put 572 00:33:52,209 --> 00:33:55,459 the battery back in and wait for the phone to boot and see 573 00:33:55,459 --> 00:34:00,083 if it worked and if it doesn't, you do the whole thing over again. 574 00:34:00,542 --> 00:34:03,083 And so we were trying to talk about if there was 575 00:34:03,083 --> 00:34:07,959 a way that we can do any better and sort of simplify this a little bit, or 576 00:34:07,959 --> 00:34:10,999 at least speed up the development. 577 00:34:12,209 --> 00:34:15,459 It turns out there's an open source, called SEEK, 578 00:34:15,459 --> 00:34:19,167 which provides smart card APIs for Android. 579 00:34:19,334 --> 00:34:23,375 This can be used for talking to the SIM card and SD cards that have 580 00:34:23,375 --> 00:34:27,667 secure elements inside of them, and they actually have patches 581 00:34:27,667 --> 00:34:30,209 to the Android emulator. 582 00:34:31,792 --> 00:34:33,792 We tried this out and it worked. 583 00:34:33,792 --> 00:34:35,292 So you can get a PCSC smart card reader, 584 00:34:35,292 --> 00:34:39,125 like we talked about before, and plug it into your computer 585 00:34:39,125 --> 00:34:42,626 and start the emulator, and you can talk to your SIM 586 00:34:42,626 --> 00:34:45,375 and test your apps that way without needing 587 00:34:45,375 --> 00:34:47,999 to constantly swap between a computer and 588 00:34:47,999 --> 00:34:50,083 between a phone. 589 00:34:50,292 --> 00:34:54,250 The SEEK project provides this only as patch files. 590 00:34:54,250 --> 00:34:56,999 We have gone through the double of building it and have binaries 591 00:34:56,999 --> 00:35:02,250 for the platforms and the website for the talk at the end has all of that. 592 00:35:03,209 --> 00:35:06,501 Another thing that we were wondering about could we use 593 00:35:06,501 --> 00:35:10,083 the phone KARL KOSCHER: This is my slide. 594 00:35:10,292 --> 00:35:14,417 Karma is a bitch. 595 00:35:15,999 --> 00:35:16,999 (Laughter). 596 00:35:17,250 --> 00:35:20,999 So one of the ideas that we also toyed around with is that, you know, 597 00:35:20,999 --> 00:35:24,459 since everyone has these phones, they already have these SIM 598 00:35:24,459 --> 00:35:26,209 card readers. 599 00:35:26,209 --> 00:35:29,292 Why can't we just use the phone for these readers? 600 00:35:29,667 --> 00:35:32,542 As it turns out, that most radio interfaces don't actually 601 00:35:32,542 --> 00:35:36,334 let you talk directly to the SIM and this is mostly a good thing, 602 00:35:36,334 --> 00:35:39,999 because if you are able to talk to the SIM, then you are able 603 00:35:39,999 --> 00:35:44,834 to authenticate to the network, and do all sorts of nasty things. 604 00:35:45,125 --> 00:35:51,792 But in Europe, particularly, there is this method called 605 00:35:51,792 --> 00:35:57,959 the Bluetooth remote access SIM or protocol. 606 00:35:57,959 --> 00:36:02,375 And basically what that is used for is your car will have 607 00:36:02,375 --> 00:36:08,167 a high powered GSM modem in it, for hands free calling but it uses 608 00:36:08,167 --> 00:36:14,334 the SIM in your cell phone to authenticate to the network. 609 00:36:14,334 --> 00:36:17,501 And this is very different than how it works in the US, because, you know, 610 00:36:17,501 --> 00:36:20,999 a lot of cell phones don't have SIM cards in the US. 611 00:36:21,209 --> 00:36:27,999 But this is one way to access the SIM over on your phone. 612 00:36:28,999 --> 00:36:33,501 We also toyed around with an idea of writing an app that would run 613 00:36:33,501 --> 00:36:39,667 on your phone and talk to this card and install apps and things like that. 614 00:36:39,667 --> 00:36:43,292 And to do that, we had to reverse engineer this Android app, 615 00:36:43,292 --> 00:36:47,209 the Android remote SIM access protocol. 616 00:36:47,999 --> 00:36:53,999 They had some weird crypto stuff in there that wasn't actually that secure. 617 00:36:53,999 --> 00:36:55,918 So we figured out how to break that. 618 00:36:55,999 --> 00:37:00,667 But we didn't actually get this up and running just yet. 619 00:37:00,999 --> 00:37:05,083 By the way, very bad idea to install this on your phone. 620 00:37:05,083 --> 00:37:10,459 It creates a socket that the radio interface uses that expose it's 621 00:37:10,459 --> 00:37:12,125 to apps. 622 00:37:13,999 --> 00:37:17,999 It CH mods it, to 666 or something. 623 00:37:17,999 --> 00:37:19,375 It's kind of crazy. 624 00:37:19,542 --> 00:37:22,999 So any app can do anything it wants. 625 00:37:25,751 --> 00:37:29,709 So you might think that STK apps are pretty limited, 626 00:37:29,709 --> 00:37:34,999 but we think that there's potential for awesomeness here. 627 00:37:34,999 --> 00:37:38,209 So one idea that we were talking about is having 628 00:37:38,209 --> 00:37:41,792 an SMS bot net because these SIM cards can actually 629 00:37:41,792 --> 00:37:46,999 communicate with the network, without the OS getting involved. 630 00:37:46,999 --> 00:37:49,209 It talks directly to the base band processor. 631 00:37:49,209 --> 00:37:51,626 So if it's able to bypass the authentication 632 00:37:51,626 --> 00:37:55,083 on SIM card it's could start prop indicating itself 633 00:37:55,083 --> 00:37:59,876 through the cell network and the plain application OS doesn't know 634 00:37:59,876 --> 00:38:01,999 what's going on. 635 00:38:02,167 --> 00:38:04,667 It might be interesting. 636 00:38:04,667 --> 00:38:09,292 One thing that we think would be really cool is to integrate Android apps 637 00:38:09,292 --> 00:38:13,999 with SIM apps, butting the SSH key so it's authenticates you 638 00:38:13,999 --> 00:38:17,709 to the server instead of something on your phone, 639 00:38:17,709 --> 00:38:22,292 or maybe securing your bit coin wallet security. 640 00:38:22,792 --> 00:38:24,250 What else? 641 00:38:24,250 --> 00:38:27,083 There are many opportunities here. 642 00:38:27,501 --> 00:38:30,626 But, of course, you know, we probably need carriers to get 643 00:38:30,626 --> 00:38:33,083 on board to do this securely. 644 00:38:33,083 --> 00:38:38,209 And then one other idea we had is making an android app that would let 645 00:38:38,209 --> 00:38:42,083 us push out the SMSs to someone else to load code 646 00:38:42,083 --> 00:38:45,292 on to their other SIM card. 647 00:38:47,250 --> 00:38:50,417 ERIC BUTLER: So earlier, I talked about my main motivation 648 00:38:50,417 --> 00:38:52,999 for getting involved with this was because everyone 649 00:38:52,999 --> 00:38:55,999 is walking around with these things and we don't know much 650 00:38:55,999 --> 00:38:59,709 about them and even though it's kind of obsolete, they are still widely, 651 00:38:59,709 --> 00:39:01,209 widely used. 652 00:39:01,626 --> 00:39:05,667 The same technology is used for a few different other things. 653 00:39:05,999 --> 00:39:10,792 There's a little bit newer protocol called SWP, single wire protocol, 654 00:39:10,792 --> 00:39:14,667 and this actually creates a direct connection between one 655 00:39:14,667 --> 00:39:19,083 of the unused pads on the SIM card and generally an NFC controller 656 00:39:19,083 --> 00:39:20,999 in a phone. 657 00:39:20,999 --> 00:39:23,999 And this is intended to allow NFC payments completely 658 00:39:23,999 --> 00:39:26,999 separate it allows you to do NFC payments 659 00:39:26,999 --> 00:39:30,125 without the phone being involved. 660 00:39:30,125 --> 00:39:33,999 So your SIM card can basically have equivalent to like a Mastercard or 661 00:39:33,999 --> 00:39:38,417 a Visa pay pass applet running on it and when you tap your phone, 662 00:39:38,417 --> 00:39:41,999 the NFC controller will talk to the SIM card directly 663 00:39:41,999 --> 00:39:47,709 and authenticate that payment without the OS being involved at all. 664 00:39:47,709 --> 00:39:48,751 And so the idea there is that it might be 665 00:39:48,751 --> 00:39:50,792 a little bit more secure. 666 00:39:50,792 --> 00:39:55,709 This is actually used by a company in the US called ISIS which has been 667 00:39:55,709 --> 00:40:00,999 doing a very, very slow rollout over the next year or so. 668 00:40:01,501 --> 00:40:04,918 This is a combination of the telcos and the banks and it's not clear that 669 00:40:04,918 --> 00:40:07,000 anyone cares about this. 670 00:40:07,000 --> 00:40:09,375 They are using SIM cards to power all of this. 671 00:40:09,375 --> 00:40:11,250 It's interesting to know how it works. 672 00:40:11,459 --> 00:40:15,999 I talked about how SIM cards and SIM apps were initially going 673 00:40:15,999 --> 00:40:20,626 to give control of this whole thing to the carriers. 674 00:40:20,626 --> 00:40:22,876 This is sort of a way that the carriers are trying to go back 675 00:40:22,876 --> 00:40:25,000 to those days by controlling this one little thing, 676 00:40:25,000 --> 00:40:26,959 payments, they can charge whatever fees 677 00:40:26,959 --> 00:40:28,292 they want. 678 00:40:28,292 --> 00:40:30,584 They control who can use it and how it works. 679 00:40:31,751 --> 00:40:36,334 Another technology that's quite similar is the secure element found 680 00:40:36,334 --> 00:40:38,999 in many Android phones. 681 00:40:38,999 --> 00:40:41,959 This is often part of the NFC controller. 682 00:40:41,999 --> 00:40:44,709 It's so it's similar to the SWP interface used 683 00:40:44,709 --> 00:40:49,167 with SIM cards but it's often just in one housing. 684 00:40:49,626 --> 00:40:53,999 And this is basically a little tiny SIM card inside your phone. 685 00:40:53,999 --> 00:40:55,792 It generally supports JavaCard. 686 00:40:55,999 --> 00:40:58,584 It might be based on GlobalPlatform, and so all the same sort 687 00:40:58,584 --> 00:41:01,167 of things we have talked about with how to write apps 688 00:41:01,167 --> 00:41:04,250 and how to interact with them is the statement for the thing 689 00:41:04,250 --> 00:41:05,999 in your phone. 690 00:41:05,999 --> 00:41:07,918 If you have one of these, you have two little computers 691 00:41:07,918 --> 00:41:10,667 in your pocket that you may not control. 692 00:41:11,083 --> 00:41:14,876 This is used by the ISIS competitor Google Wallet 693 00:41:14,876 --> 00:41:19,999 and that's how it does the secure credit card emulation. 694 00:41:19,999 --> 00:41:23,999 So we think that even if SIM cards are possibly a dead end 695 00:41:23,999 --> 00:41:28,417 for writing software and I think there's a lot of potential there, 696 00:41:28,417 --> 00:41:31,292 there's still a push by these manufacturers 697 00:41:31,292 --> 00:41:35,834 to keep this technology relevant and do new things. 698 00:41:35,834 --> 00:41:37,667 So it's not going away any time soon. 699 00:41:38,792 --> 00:41:41,999 We have hopefully made it easy to get started if you are interested 700 00:41:41,999 --> 00:41:44,667 and intrigued and I hope you are. 701 00:41:45,834 --> 00:41:48,999 It's very few hardware requirements. 702 00:41:48,999 --> 00:41:51,334 It's not an extensive thing to get started on. 703 00:41:51,334 --> 00:41:52,999 The readers are usually less than $20 and it will work 704 00:41:52,999 --> 00:41:55,209 with pretty much any phone. 705 00:41:55,209 --> 00:41:57,999 We have some extra SIM cards and we don't have anything official set 706 00:41:57,999 --> 00:41:59,417 up, but we hope to do some EF we hope 707 00:41:59,417 --> 00:42:01,709 to do some EFF donations for it. 708 00:42:04,083 --> 00:42:08,584 As I mentioned, it was quite difficult for us to even get mid sized quantities 709 00:42:08,584 --> 00:42:10,083 of these. 710 00:42:12,167 --> 00:42:15,999 We put up a we can side for the talk with these slides, 711 00:42:15,999 --> 00:42:18,834 a lot more technical info. 712 00:42:18,834 --> 00:42:21,375 All of our code, our make files, our Python scripts and the binaries 713 00:42:21,375 --> 00:42:24,083 for the batched Android system and a whole lot more 714 00:42:24,083 --> 00:42:27,999 and here's information on how to get in touch with us. 715 00:42:28,375 --> 00:42:29,999 Thank you for coming and I hope you 716 00:42:29,999 --> 00:42:32,667 will join us on hacking on SIM cards.