Memory Forensics of a Java Card Dump

  • Jean-Louis Lanet
  • Guillaume Bouffard
  • Rokia Lamrani
  • Ranim Chakra
  • Afef Mestiri
  • Mohammed Monsif
  • Abdellatif Fandi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8968)


Nowadays several papers have shown the ability to dump the EEPROM area of several Java Cards leading to the disclosure of already loaded applet and data structure of the card. Such a reverse engineering process is costly and prone to errors. Currently there are no tools available to help the process. We propose here an approach to find in the raw data obtained after a dump, the area containing the code and the data. Then, once the code area has been identified, we propose to rebuilt the original binary Cap file in order to be able to obtain the source code of the applet stored in the card.


Java card Memory forensics Reverse engineering Disassembler Index of coincidence 

Supplementary material


  1. 1.
    Aumüller, C., Bier, P., Hofreiter, P., Fischer, W., Seifert, J.P.: Fault attacks on RSA with CRT: concrete results and practical countermeasures. IACR Cryptol. ePrint Arch. 2002, 73 (2002)Google Scholar
  2. 2.
    Barbu, G.: On the security of Java Card platforms against hardware attacks. Ph.D. thesis, TÉLÉCOM ParisTech (2012)Google Scholar
  3. 3.
    Barbu, G., Thiebeauld, H., Guerin, V.: Attacks on java card 3.0 combining fault and logical attacks. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 148–163. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  4. 4.
    Bouffard, G., Iguchi-Cartigny, J., Lanet, J.-L.: Combined software and hardware attacks on the java card control flow. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 283–296. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  5. 5.
    Dolan-Gavitt, B.: Forensic analysis of the windows registry in memory. Digit. Invest. 5, 26–32 (2008)CrossRefGoogle Scholar
  6. 6.
    Friedman, W.F.: The Index of Coincidence and Its Applications in Cryptography. Aegean Park Press, Laguna Hills (1922) Google Scholar
  7. 7.
    Hamadouche, S., Bouffard, G., Lanet, J.L., Dorsemaine, B., Nouhant, B., Magloire, A., Reygnaud, A.: Subverting byte code linker service to characterize java card API. In: Seventh Conference on Network and Information Systems Security (SAR-SSI), pp. 75–81, 22–25 May 2012.
  8. 8.
    Hemme, L.: A differential fault attack against early rounds of (Triple-)DES. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 254–267. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  9. 9.
    Hex Rays: IDA Pro Disassembler and DebuggerGoogle Scholar
  10. 10.
    Klein, T.: All your private keys are belong to us. Technical report, trapkit (Feb 2006)Google Scholar
  11. 11.
    Lancia, J.: Java card combined attacks with localization-agnostic fault injection. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 31–45. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  12. 12.
    Oracle: Java Card 3 Platform, Virtual Machine Specification, Classic Edition 3.0.0. Oracle (September 2011)Google Scholar
  13. 13.
    Peikari, C., Chuvakin, A.: Security Warrior - Know Your Enemy. O’Reilly, Sebastopol (2004) Google Scholar
  14. 14.
    Piret, G., Quisquater, J.-J.: A differential fault attack technique against spn structures, with application to the AES and KHAZAD. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  15. 15.
    Platform: Card Specification v2.2. (March 2006)Google Scholar
  16. 16.
    Razafindralambo, T., Bouffard, G., Thampi, B.N., Lanet, J.-L.: A dynamic syntax interpretation for java based smart card to mitigate logical attacks. In: Thampi, S.M., Zomaya, A.Y., Strufe, T., Alcaraz Calero, J.M., Thomas, T. (eds.) SNDS 2012. CCIS, vol. 335, pp. 185–194. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  17. 17.
    Schuster, A.: Searching for processes and threads in microsoft windows memory dumps. Digit. Invest. 3(Supplement–1), 10–16 (2006)CrossRefGoogle Scholar
  18. 18.
    Walters, A., Petroni, N.: Integrating volatile memory forensics into the digital investigation process. In: Blackhat Hat DC (2007)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Jean-Louis Lanet
    • 1
  • Guillaume Bouffard
    • 2
    • 3
  • Rokia Lamrani
    • 3
  • Ranim Chakra
    • 3
  • Afef Mestiri
    • 3
  • Mohammed Monsif
    • 3
  • Abdellatif Fandi
    • 3
  1. 1.LHS PECINRIARennesFrance
  2. 2.Agence Nationale de la Sécurité des Systèmes D’InformationsParis 07 SPFrance
  3. 3.University of LimogesLimogesFrance

Personalised recommendations