Our wallets are filling up with SIM and RFID cards that contain hidden information. Using our latest project, the Bus Pirate universal serial interface. we can dump the memory from many common smart cards. In today’s How-to, we show you how to interface common smart cards. and walk you through the data stored on a FedEx Kinko’s prepaid value card .
The FedEx Kinko’s prepaid card is actually a SLE4442 smart card. There’s nothing secret about the SLE4442, it’s completely documented in the datasheet (PDF), and you can buy blank cards on the web .
The card is openly readable, we’ll be able to look at the contents without any sort of malicious intrusion. It’s protected from writes by a three byte password, with a ‘three strikes you’re out’ policy that renders the card useless after
three failed password attempts.
Due to its wide-spread use, in Kinko’s and other capacities, the SLE4442 has been the target of several high-profile hacks. At the ’06 Toorcon, [bunnie] and [Chris Tarnovsky ] hosted a discussion on the card. [Chris] examined the silicon die and suggested that shorting a trace might defeat the security measures. You can see high-resolution images of the die on his site. [Strom Carlson ] went right to the source and snooped the password with a logic analyzer. as documented in his famous ’06 Defcon presentation. The card even makes appearances in artwork .
We’re not planning on maliciously intruding on the card. but we can still look at the contents and demonstrate how to interface arbitrary protocols with our latest project, the Bus Pirate .
Connecting to the SLE4442