Abstract
We present in this paper a new approach to gain access to assets of a smart card. It is based on the concept of reference forgery and array extension. We characterize the metadata of the objects and we use a weakness in the system to retrieve these data. We are able to generate arbitrary but well formed references which allow us to execute self modifying Java program inside the card. This hostile program is able to dump the complete Non Volatile Memory (NVM) memory segment.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Barbu, G., Duc, G., Hoogvorst, P.: Java Card operand stack: fault attacks, combined attacks and countermeasures. In: Prouff [12], pp. 297–313
Barbu, G., Giraud, C., Guerin, V.: Embedded eavesdropping on Java Card. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 37–48. Springer, Heidelberg (2012). doi:10.1007/978-3-642-30436-1_4
Barbu, G., Hoogvorst, P., Duc, G.: Application-replay attack on Java Cards: when the garbage collector gets confused. In: Barthe, G., Livshits, B., Scandariato, R. (eds.) ESSoS 2012. LNCS, vol. 7159, pp. 1–13. Springer, Heidelberg (2012). doi:10.1007/978-3-642-28166-2_1
Barbu, G., Thiebeauld, H., Guerin, V.: Attacks on Java Card 3.0 combining fault and logical attacks. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 148–163. Springer, Heidelberg (2010). doi:10.1007/978-3-642-12510-2_11
Bouffard, G., Iguchi-Cartigny, J., Lanet, J.-L.: Combined software and hardware attacks on the Java Card control flow. In: Prouff [12], pp. 283–296
Bouffard, G., Lackner, M., Lanet, J.-L., Loinig, J.: Heap \(\ldots \) Hop! heap is also vulnerable. In: Joye, M., Moradi, A. (eds.) CARDIS 2014. LNCS, vol. 8968, pp. 18–31. Springer, Cham (2015). doi:10.1007/978-3-319-16763-3_2
Bouffard, G., Lanet, J.: Reversing the operating system of a Java based smart card. J. Comput. Virol. Hacking Tech. 10(4), 239–253 (2014)
Farhadi, M., Lanet, J.L.: Chronicle of a Java Card death. J. Comput. Virol. Hack. Tech., 1–15 (2016)
Faugeron, E.: Manipulating the frame information with an underflow attack. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 140–151. Springer, Heidelberg (2014). doi:10.1007/978-3-319-08302-5_10
Hubbers, E., Poll, E.: Transactions and non-atomic API calls in java card: specification ambiguity and strange implementation behaviours. University of Nijmegen, Technical report (2004)
Iguchi-Cartigny, J., Lanet, J.L.: Developing a Trojan applets in a smart card. J. Comput. Virol. 6(4), 343–351 (2010)
Prouff, E. (ed.): CARDIS 2011. LNCS, vol. 7079. Springer, Heidelberg (2011)
Razafindralambo, T., Bouffard, G., Lanet, J.-L.: A friendly framework for hidding fault enabled virus for Java based smartcard. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 122–128. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31540-4_10
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Mesbah, A., Regnaud, L., Lanet, JL., Mezghiche, M. (2017). The Hell Forgery. In: Lemke-Rust, K., Tunstall, M. (eds) Smart Card Research and Advanced Applications. CARDIS 2016. Lecture Notes in Computer Science(), vol 10146. Springer, Cham. https://doi.org/10.1007/978-3-319-54669-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-54669-8_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-54668-1
Online ISBN: 978-3-319-54669-8
eBook Packages: Computer ScienceComputer Science (R0)