lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Dec 2008 11:42:29 +0100 From: "Jeroen van Beek" <jeroen@...lab.nl> To: <full-disclosure@...ts.grok.org.uk>, <bugtraq@...urityfocus.com> Subject: ANNOUNCE - eCL0WN released: clone ePassports with your phone Hi, I'm pleased to announce the release of eCL0WN. Introduction ============ eCL0WN is an ePassport utility for Nokia NFC phones that allows you to read and clone your ePassport's chip content. The following functionality is implemented in the current release (build 20081216): * Read passport data using a given authentication key. * View passport details including the JPEG picture. * Write passport data to an emulator chip. * Write passport data to a microSD card (= insecure!). Supported devices ================= eCL0WN is tested on the Nokia 6131 NFC and Nokia 6212 NFC. Download ======== You can download eCL0WN - including pointers to other relevant information - at <http://www.dexlab.nl/>. Details ======= eCL0WN reads BAC-protected ePassport files EF.COM, EF.SOD, EF.DG1 and EF.DG2. If present, the optional files EF.DG11, EF.DG12, EF.DG13 and EF.DG15 will also be read. Retrieved data can be written to an ePassport emulator. Before writing files to the emulator all Active Authentication (AA) related, Extended Access Control (EAC) related and unknown files (if any) are removed from index EF.COM. This allows one to bypass AA and EAC checks of inspection systems vulnerable to downgrade-attacks. Note that eCL0WN does not comply with ICAO Doc 9303 at all. Please do not use it to check authenticity or integrity of machine readable travel documents. Future work =========== * Add support for viewing JPEG-2000 pictures, used in e.g. German and Dutch ePassports. Happy cl0wning! -- Jeroen van Beek _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists