lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000e01ceceb9$7c4f3380$74ed9a80$@nl>
Date: Tue, 22 Oct 2013 01:58:48 +0200
From: "Jeroen van Beek" <jeroen@...lab.nl>
To: <full-disclosure@...ts.grok.org.uk>
Subject: [ANNOUNCE] eCL0WN for Android v1.0 released

Hi,

I'm pleased to *finally* announce the release of eCL0WN for Android v1.0.

Introduction
============
eCL0WN is an Android ePassport utility for NFC-enabled phones that allows you to read and clone your ePassport's chip content. The following functionality is implemented in the current release:

- Read passport data using a given authentication key (if needed).
- View passport details including the JPEG picture.
- Write passport data to an emulator chip.
- Write passport data to internal storage (not very secure).

Supported devices
=================
eCL0WN requires an NFC-enabled phone running Android 2.3+.

Details
=======
eCL0WN reads ePassport files EF.COM, EF.SOD, EF.DG1 and EF.DG2. If present, the optional files EF.DG7, EF.DG11, EF.DG12, EF.DG13 and EF.DG15 will also be read. Retrieved data can be written to an ePassport emulator. Use Dexlab's epassport_emulator-v1.02 (or higher) as the target device. You need a JCOP card and a PC to prepare the emulator. Please refer to <http://dexlab.nl/downloads.html#emulator> for more details. Before writing files to the emulator all Active Authentication (AA) related, Extended Access Control (EAC) related and unknown files (if any) are  removed from index EF.COM. This allows one to bypass AA and EAC checks of inspection systems vulnerable to downgrade-attacks.

Note that eCL0WN does not comply with ICAO Doc 9303 at all. Please do not use it to check authenticity or integrity of machine readable travel documents.

Known problems
==============
ePassport chips typically comply with the ISO/IEC 14443 A or B standard. The A standard is widely used in at least Western Europe and the US. The B standard is widely used in at least Asia. Antenna quality of some NFC-enabled Android devices is very poor (e.g. the Google Nexus S). If this is the case for your phone you won't be able to communicate with ISO/IEC 14443 type B ePassport chips. This is NOT an eCL0WN bug, this is a hardware problem.

Contact
=======
Jeroen van Beek @ jeroen [at] dexlab [dot] nl

Download
========
You can download the latest version of eCL0WN for Android in the Google Play Store <https://play.google.com/store/apps/details?id=dexlab.eCL0WN>.


Happy cl0wning!

--
Jeroen van Beek

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ