lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 15 Mar 2011 20:50:21 +0530
From: Bipin Gautam <bipin.gautam@...il.com>
To: itpolicy-np <itpolicy-np@...ai.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Lesson: Physical tamering against -- Paper based
 ( Ntc, NCELL like... ) Scratched off Card.

Disclaimer: With balance-transfer option around this hack can be
misused to ROB... real CASH in thousands(as balance-transfered for
cash), nevertheless this demonstration is just meant as information AS
lock-picking information (googleing?) is to doing actual burglary!


With liberty comes responsibility....... and while Information is
Innocent and its upto the perceivers how they use/misuse......


Demonstration from Tv (Fast forward to, 12.45minutes.... to jump to
the news. Video is mislead, trick undisclosed) :
http://canadanepal.net/youtube.php?v=BkAStXIX0hY


Original Discussion
:https://groups.google.com/group/nepsecure/t/da9d5c2409137ff7

Solution : https://groups.google.com/group/nepsecure/msg/ed67aaa042799576
Screenshot: https://nepsecure.googlegroups.com/attach/ed67aaa042799576/Nepal+Telecom+Scratched+Card+Hack.JPG


Migration:
If i remember older NTC recharge cards came as plastic card, which
could have already migrated from this loophole.

While... my cause was not to contribute to global warming, or rely on
a do-not-talk;do-not-know dodo..... defense..... and printing PIN Code
over paper is still a greener choice, NTC, NCELL etc... could also use
a small plastic slip instead (rectangular, opaque) to print the PIN
code over it and slip it in in-between the paper to minimize plastic
use.

Alternatively, the edges of the Hard-paper recharge cards can be
PRODUCED strong "razor thin" on the edges, and gradually thicker on
the centre (like a pyramid top to hold PIN) with a safe margin. I
think, its better to use just fine tearaway paper no plastic
lamination on the top... (with few breakable bands... like alu-plus (o
& x criss-cross game) to conceal the number in inbetween.

Affected: (though the papers are < .4 -.5 mm)
It is difficult to tamper and re-master the water-marked scratch-off
coting (With telecom name printed on it).

[Difficulty]
Simple -- NTC 500-1000 Rs recharge card (because: good hardcover over
pink plastic lamination)
Medium : Other NTC recharge chards of any value, still thick paper...
blade can easily slip through to slice it carefully.
Though, NCELL recharge cards have thinner papers (guess ~1/3 mm?) the
paper are strong, fibrous... so doable.

Thanks,
-bipin

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ