Inside .NET Smart Card Operating System

Explore the inner workings of .NET smart card operating systems in this 54-minute conference talk from 44CON Information Security Conference. Delve into reverse engineering techniques for analyzing smart card software without specialized hardware equipment. Learn about code reverse engineering of vendor SDKs and card-host communication analysis to document card application file formats and runtime bytecode instructions. Discover how to produce effective test cases targeting the .NET virtual machine on smart cards. Examine topics like smart card security models, application development, vulnerability research, and the "Hive Mod" tool for manipulating digital signatures. Compare manual testing to automated tools and consider real-world attack scenarios. Gain insights into vendor responses, additional vulnerabilities, and the broader landscape of multi-application smart card platforms.

Intro
What is a smart card?
Single Application Smart Cards
Did you know?
Example: SIM Tracker Applet
In The News...
Why?
Smart Card Firewall
NET smart card overview
NET smart card security model
Public Key Token
Code Access Security
Data Access Security
Card application development
How secure is .NET card?
Smart Card Vuln. research
"Hive Mod" Tool
NET Card Binary
Manipulating Digital Signature Header
Attack Demo Let's use the Hive Mod tool to test this vulnerability!
Manual testing vs. Hive Mod
Real World Attack?
Fiction or Real?
Vendor's Response
More Vulnerabilities...
Conclusions
Multi-application Smart Card Platforms