New blog

•29/09/2010 • Leave a Comment

I’ve set up a new blog, with a new domain, so from now on this blog will no longer be updated.

I hope you like all the information, but if you need to contact me, you can at

peter@lavamunky.com

or just catch my new blog: http://www.lavamunky.com

The importance of Twitter to an information security newcomer

•31/05/2010 • Leave a Comment

I’ll be the first to admit I’m very new to this field but will try my hardest to forge a career within industry with the general term ‘information security’.

I’ve been on twitter for a fair while now but I’ve found it practically invaluable with first of all finding people within the industry and secondly finding information on new things happening in the industry.

I recently saw this in a video presented by Marisa Fagan (@dewzi) on what you should be trying to do in order to get into the industry (found here) and she also keeps reiterating the importance of having a blog and being on twitter. And I will admit now that even though I subscribed to a fair few blogs etc, until I started to find security people on twitter, I was barely scratching the surface of the new things that are constantly being discovered and exploited.

If you too are just trying to get into this industry, whether you’re at university like myself or just interested from moving from another area of computing, I urge you to join twitter as it’s the best resource I’ve found for integrating with the (generally nice and helpful) people in the information security community.

Communicating between a phone & Java Card emulator

•31/05/2010 • Leave a Comment

This is just the building blocks to running your own applications, and here I will be using code free on the internet and with the samples included with the Java Card installation.

I will also be using the setup used as shown in this post here.

So to start off with we want to create a new Project in Netbeans and select ‘Java ME’ and ‘Mobile Application’ from the right hand side.

From here make sure the ‘Set as Main Project’ box is ticked and the ‘Create Hello MIDlet’ box is unticked. And that the Emulator platform is Sun Java Wireless Toolkit. It’s also best to make sure the Device Configuration is CLDC-1.1 and the Device Profile is MIDP-2.1. Though 2.0 should do fine as well.

Now you need to create a new MIDlet Now call this APDUMIDlet and copy in the APDUMIDlet class from here.

Now you can either follow the instructions at the top of that website, or you can follow on to find out how to compile and run your own Java Card program.

First you need to change the package name at the top to whatever yours is called. Then go down to the first initialised variable, kPurseSlot0.

private final String kPurseSlot0 = "apdu:0;target=a0.00.00.00.62.03.01.0c.02.01";

The apdu slot can stay the same at 0 (which refers to port 9025 from last post), but for ease we will change the target to

target=01.02.03.04.05.06.07.08.09.00.01

Then you want to comment out the next 2 lines so that they look like

//private final String kPurseSlot1 = "apdu:1;target=a0.00.00.00.62.03.01.0c.02.01";
//private final String kWalletSlot0 = "apdu:0;target=a0.00.00.00.62.03.01.0c.06.01";

And also the lines referring to these further down should be commented out

/*
setProgress("Opening purse slot 1");
mPurseConnection1 = (APDUConnection)Connector.open(kPurseSlot1);
setProgress("Opening wallet slot 0");
mWalletConnection = (APDUConnection)Connector.open(kWalletSlot0);
*/

And then again comment out the code that has these  Connections doing anything

/*setProgress("Exchanging APDUs with wallet");
      for (int i = 0; i < kWalletAPDUs.length; i++) {
        byte[] apdu = kWalletAPDUs[i];
        byte[] response = mWalletConnection.exchangeAPDU(apdu);
        // Process response.
      }
      
      setProgress("Closing wallet");
      mWalletConnection.close();

      setProgress("Exchanging APDUs with purse slot 1");
      for (int i = 0; i < kPurseAPDUs.length; i++) {
        byte[] apdu = kPurseAPDUs[i];
        byte[] response = mPurseConnection1.exchangeAPDU(apdu);
        // Process response.
      }
      
      setProgress("Closing purse slot 1");
      mPurseConnection1.close();

And again the 2 try statements for closing the Connections need to be commented out

//try { mPurseConnection1.close(); } catch (Throwable t) {}
//try { mWalletConnection.close(); } catch (Throwable t) {}

Now the code is fine for our purposes. As there is only connections on the one slot and we are simply trying to have programs where the programs communicate.

We are going to be using HelloWorld program that simply takes in bytes and returns them.

This can be found within the Java Card installation directories. All you need to do is open this in your preferred editor and change the package name to the same as your Java ME package name. Then save this to a new directory, for instance:

%USER%\newProg\

(%USER% being your home directory. It is often a system variable in Windows, %USERPROFILE% also used)

How to compile and run in a lot of detail is explained here. But for everyone else who doesn’t want too much detail, here is the much shorter version (comments :

So your HelloWorld.java program is in this file (above) and now you need to create a new folder in here with the same package name you have. For example using the package name ‘prototype’ you would do

mkdir prototype

Now you need to compile the program like this

javac -g -d prototype -classpath “.;%JC_HOME%\lib\api.jar” HelloWorld.java

using the package prototype and program file HelloWorld.java. And now you need to convert the Java Card applet into a .cap file by doing

converter -applet 0×01:0×02:0×03:0×04:0×05:0×06:0×07:0×08:0×09:0×00:0×00 prototype.HelloWorld -classdir prototype -exportpath %JC_HOME%\api_export_files prototype 0×01:0×02:0×03:0×04:0×05:0×06:0×07:0×08:0×09:0×00 1.0

This has the unique ID for this applet (which is what the Java ME program connects to) which is why we changed target to 01.02.03.04.05.06.06.08.09.00.01 earlier.

And you have to put the -classdir parameter of where the .class file is (inside the prototype folder we created earlier). Then we use the say the export path (always the same) and state the package name, the package unique ID (I’ve just used the same as the Applet ID except leaving off the final byte 0x01). And the Major Version.Minor Version (if you don’t understand just put 1.0 every time).

Now the scripts have to be generated from the .cap file which is what will go onto the Java card.

scriptgen -o HelloWorld.scr prototype\prototype\javacard\protoytpe.cap

if you look at your file system, it creates directories in a strange way so instead of your .cap file just being in prototype/javacard/prototype.cap it will have created another inside the folder you already created. But if you don’t create the folder before you cannot create the .cap file (thus the hacky process of creating a folder)

Now you will have a script called HelloWorld.scr. Open this in your preferred editor and you need to make some changes for this. First of all add a line to the top of the script and just put in:

powerup;

Now you need to add in a line of bytes which will always be the same:

0×00 0xA4 0×04 0×00 0×09 0xa0 0×00 0×00 0×00 0×62 0×03 0×01 0×08 0×01 0x7F;

Now you need to add lines which will create and select the Applet (I often put in comments to remind me):

// create Applet

0×80 0xB8 0×00 0×00 0x0d 0x0b 0×01 0×02 0×03 0×04 0×05 0×6 0×07 0×08 0×09 0×00 0×01 0×00 0x7F;

// Select Applet

0×00 0xa4 0×04 0×00 0x0b 0×01 0×02 0×03 0×04 0×05 0×6 0×07 0×08 0×09 0×00 0×01 0x7F;

Now you can see the 2 part in italic are exactly the same. This is also the Applet ID (AID). The 0x0b is the length of the AID in hexadecimal. And in the create applet command it also has an extra 0x00 after the AID and before 0x7F. This means the length (before the AID in the create applet command) there is another byte 0x0d which is length here. Then you simply need to add at the end:

powerdown;

And open up a terminal window and type

start cref -o HelloWorld.eeprom

which will open a new terminal window and run the command, then in the first window type

apdutool HelloWorld.scr

and this will show a big print out. This is the debugging of everything, and all you have to look at is the last 2 returned bytes of each line (looking at the last 4 lines will suffice)

if SW1: 90 and SW2: 00 then it is fine, and has gone onto the card correctly and is ready to be run. Type

start cref -e -p 9025 -i HelloWorld.eeprom

And leave this running. Now go back to netbeans and run the program. Click through the emulator and it will work.

You can also look at the network monitor to see the bytes being sent back and forth.

The phone emulator screen should say something like this:

The output of the 2 programs communicating

And you can see the bytes sent in the APDU tab of the network monitor:

Bytes sent between card and emulator

As you can see it has the right target and it’s first establishing a connection to the card. And the different bytes being sent back and forth, where the arrow going left to right is phone to smart card and vice versa.

This is a good way to find out errors occurring in your own programs.

If you have any problems or another question, feel free to comment.

Installing Java Card (Windows)

•24/05/2010 • 2 Comments

Originally there was going to be a video to show the process of actually installing Java Card along with everything else to get an application running but due to the fact that I couldn’t upload it to youtube (after major editing it was still 40 minutes long), I have decided to put it in a series of blog posts.

The first blog (this one) will be of physically installing Java Card and netbeans onto Windows. (There will probably also be another for Linux – not supported for Mac OS).

The second will be simply running a program to get the 2 bits of software communicating with each other in a program.

Just a note beforehand though, I am using Java Card 2.2.1, though the newest release is 3.0.2. This has a lot more features but couldn’t get it working for the purposes I needed (communicating with a J2ME phone application). I also tried using Java Card 2.2.2, but also due to the requirements I needed for my project I couldn’t use this. So all these posts will be using Java Card 2.2.1, and using newer versions may not work the same.

But onto the real installation:

Step 1: Install Java SDK 1.3

Now you may be asking “Why do I have to use such an old SDK like 1.3?” (Well if you’re not you should be).

This is because Java Card 2.2.1 and Sun’s Wireless Toolkit do not work with any newer version, otherwise they would have been used, since Java SDK 1.3 isn’t even supported anymore. (In fact I think 1.4 isn’t supported anymore, thus really showing its age).

Now you need to go to here to download the old SDK.

This is where you download Java SDK 1.3

Now simply click on “DOWNLOAD” beneath SDK to take you to another page where you can download the file.

Save the file to where ever you want and then you have to do a normal installation EXCEPT when you decide where to save the program, change it to a new folder where there are NO spaces in the entire directory.

So where it is usually saved to somewhere like C:\Program Files\j2sdk1.3\ you want it saved to a directory such as C:\jdk1.3\ or C:\Java\ as you can see here:

You need to save the SDK to a directory with no spaces

If yours has spaces, just go to browse then C:\ and save it there, or (preferably) create a new folder and save it in there, which in this instance is jdk1.3_20 this is for a reason that I will go into detail later.

Step 2: Install Java Card

The Java Card development kit we want (2.2.1) can be found here. You need to to go to the bottom of the page and click on Java Card Development Kit 2.2.1

We are using Java Card 2.2.1

From here you go to another page, choose Windows from the drop down box and download the .zip file.

Then extract this, again to a directory with no spaces in. And it’s probably best not to have it in the same folder as the Java, but something easy to locate, for example C:\JavaCard221\

In these files you will see a file called bin. This is the file that has all the batch files that Java Card uses.

Now you need to make the variables to be used by Java Card and the wireless toolkit, and you for general ease.

To do this go to Start -> My Computer then as you can see here it will be on the left and click on “View System information” (in Windows XP home for Vista or 7 just type in “system information” or “system properties” without quotes into the start menu search box)

This will then take you to another screen. You need to click on the “advanced” tab at the top

You need to click on the "advanced" tab

Then in the advanced tab you need to click the “environment variables” button. This will make this screen appear:

Now to change the environment variables

Now you need to click the bottom “New” button of the 2 onscreen. Then create an environment variable with name JAVA_HOME (must to be capitals and with an underscore) and variable value C:\Java\jdk1.3 or where ever you installed Java SDK 1.3. Make sure to NOT put a \ at the end. Then click OK. Now you also need to make another variable, named JC_HOME (must be exact again) with variable value of the directory where you extracted the Java Card zip to.

You can check both these are here as they will be in the list of System Variables. Now you need to scroll down this list until you find a variable called Path. Click Edit.

If there is not a ; at the end of the value, then add one. Now you need to leave what is in the value as it is and add to the end of path

%JAVA_HOME%; %JAVA_HOME%\bin; %JC_HOME%; %JC_HOME%\bin;

then click OK. And click OK on the environment variables box, and OK on the system properties box.

To check this has worked, go to start -> run and put in cmd and click OK

Start -> run cmd

This will then open a command prompt window. And check that the path variables are set by typing dir %JAVA_HOME% and hitting enter. It should show something like this:

You can see that it says “Directory of ” and then the folder you set the variable to. If it just appeared with something like “variable not found” or “unknown command” then close the command prompt window and go back to the section about environment variables and make sure they have all been done correctly. It’s also best to do dir %JC_HOME% as well to make sure there are no errors.

NOTE: If you just want to install the Java Card toolkit, you are now done. For all the rest that need to communicate with an emulator carry on to the next step.

Step 3: Installing Sun’s Java Wireless Toolkit

I was using the Java Wireless Toolkit 2.5.2 for CLDC, which can be downloaded from here.

Just scroll down and there’s a link to download it, again choosing Windows from the drop down box and download the file. This can just be installed to a directory with no spaces and there are no variables that have to be created for this. The wireless toolkit has some handy utilities I used though they could just be used directly from netbeans, but either way the wireless toolkit has to be installed. So now onto….

Step 4: Installing netbeans

The version you need for this is Netbeans 6.7.1, and a version that can work with Java ME. This is because the newer versions don’t work with versions of Java Card this old, but the wireless toolkit doesn’t work with newer versions of Java Card, so until the wireless toolkit is updated, you have to use all these old versions of everything else.

But back to the installing netbeans. The link is here. You need to choose a version that supports Java ME

You can see only the Java and All editions supports Java ME

Clearly only 2 versions, Java and All technologies bundles, support Java ME. So download one of these (best to just download All if you think you might need it again for C/C++ or something).

Then do a normal Windows install like any other program, netbeans can even be installed to the ‘Program Files’ folder. Except you can do a customised installation if you don’t want to install things like the enterprise server bundles.

Once all this is installed you may have to go to new project and create a Java ME project to simply initialise J2ME on netbeans. But after this is done go to Tools (at the top) -> Java Platforms and the Java Platform manager will appear and if Sun Java Wireless Toolkit isn’t in the J2ME folder, you need to click on “Add Platform…” at the bottom, then click on “Java ME MIDP Platform emulator” as Platform type

Click the one second from the top

And then it will search for all Java ME platforms. When the directory for the wireless toolkit appears, make sure there is a tick next to it and click next and install.

Now you need to double click Sun Java Wireless toolkit in the left hand column of the Java Platform Manager and go to the Tools & Extensions tab here and click on “Open Preferences”

Go to tools & extensions then click open preferences

In Preferences you can choose which phone you want the emulator to look like. Then click Monitor in the left column and make sure “Enable Network Monitor” is checked as shown here:

Make sure you enable network monitoring

This will enable you to clearly see communication between the emulators to see for errors or just out of curiousity.

Now go to SATSA (on the left) and make sure slots 0 and 1 are 9025 and 9026 respectively.

And now everything is installed and ready to make a program (Next post) =D

Java Card APDU format

•28/03/2010 • 2 Comments

My last post, about Java Card (the reason I’ve been so busy of late – spending 3 times as much work on my team project as most others, including many nights sleep lost) basically didn’t go over very well the whole format of the commands that you have to put into your script.

This will be base knowledge you will need to know if you are going to be programming java Card and any program which may be interacting with some java card program.

(By the way, if you hadn’t already looked, APDU stands for Application Protocol Data Unit)

Basically the bytes are set up in the format:

CLA INS P1 P2 Lc Datafield Le

CLA: Class byte – this often refers to the actual application

INS: instruction byte – indicates the instruction code associated with the one in the java card program.

P1 & P2 – parameters-  if needed for certain things, for instance with verification on a mobile phone, you can have a PIN and then a PUK if locked out. Having the same INS byte and a different parameter would make sense.

Lc- says how many bytes in the data field of the APDU command.

Le- the expected Lc of the response APDU command.

This is pretty easy stuff but you just have to remember it. But it will mean people who don’t know this will give you strange looks if you just tell them about it.

There is probably a lot you need to learn in a (more often than not) short space of time, and I know it sucks, but just get on with it.

I’m just trying to lend some help in this not too well documented programming language, and I personally had a lot of problems just setting up the environments with 2 postgraduates at hand for quite a while.

Hopefully I should be uploading a video soon of setting it up/running a quick program.

I’ve already made the video, but sound/text needs to be added, but it will be in depth, so will be around 20/30 mins long

Anyway, again, if you have any questions, just submit a comment.

Lavamunky