Re: MUSCLE Disk encryption and more

[Christoph Plattner]

Ok, it's offtopic here, but I don't think, it is a good idea
to use such policy. Why to protect such thing ??

A good policy is to setup a box and to have a model earning
money on services not on the boxes or the system (linux).

The user can do what ever he/she wants to do, if the user
disconfigured the system, it his personal problem. Or it is
a good idea to do a protection (check) over the configuration.

But the user has to pay for services, C offers ...

With friendly regards
Christoph P.



Patrick Valsecchi wrote:
> 
> Hi
> 
> My company is working for another company (let call it C) that is going to
> provide Linux boxes to its customers. As C is going to give them free or for a
> small fee, C doesn't want the customers to use the boxes for another purpose
> that the one specified by C.
> 
> C doesn't want the user to be able to:
>   - run another kernel than the one S provides
>   - run executables that have not been signed by authorized developpers or that
> have been modified (signed executables)
>   - change or alter the dynamic libraries (signed .so files)
>   - have access to the binary of some executables (for avoiding reverse
> engineering)
>   - save a file and give the disk to a friend (encrypted files, but I need to
> be fast on read and write, here)
> 
> All that by using:
>   - a SmartCard
>   - a modified kernel
>   - a specialised hardware for encryption
>   - maybe a modified loader (lilo)
> 
> And that mustn't be just simple tricks, we must protect those boxes against
> very skilled hackers.
> 
> Is there existing projects on those subjects? Is anybody already worked on it?
> 
> Thanks for your help.
> 
> ---
>   -°) Patrick Valsecchi
>   /\\
>  _\_v
> ***
> Linux Smart Card Developers - M.U.S.C.L.E.
> (Movement for the Use of Smart Cards in a Linux Environment)
> http://www.linuxnet.com/smartcard/index.html
> ***

-- 
---
private:[EMAIL PROTECTED]
company:[EMAIL PROTECTED]
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE New to list, problems with PIN code ! ...

[Christoph Plattner]

I have spoken with Towitoko, and it seems to be a wrong
card in the the package. The label on the crad package
says CHIPCARD M2 (I2C EEPROM) card, and Towitoko says, that cards
using PINs are CHIPCARD M2P. The M2 type does not use any
PIN.

The information of the "000" as default PIN would be
helpful for me, but no chance any more to try it !!!
"000" is this always for new manufactured cards ?
Is it 0x00 0x00 0x00 binary or "000" = 0x30 0x30 0x30 ASCII ?

With friendly regards
Christoph

Carlos Prados wrote:
> 
> Hi,
> 
> > which includes 2 memory cards. Those two cards seems
> > to be of a different type:
> >  - 2Kbit I2C EEPROM Card (256 Byte, R/W)
> >   seems to be a 2-wire card
> >   (icc->type = 2)
> 
> If it's I2C, then it isn't 2-wire. If the Towitoko
> driver assigns '2' to the ICC type then it migth be an
> 2-wire card.
> 
> >  - 16Kbit I2C EEPROM Card (2048 Byte, R/W)
> >   seems to be a IC2 SHORT card
> >   (icc->type = 0)
> >
> > I don't know why these cards of different sizes are
> > also
> > of different types... ?
> >
> 
> Because of the protocol used to communicate with the
> card is diferent.
> 
> > But now to the problems:
> > The ATR of the 16Kb card is always empty (NULL
> > pointer,
> > as it is no 2-/3-wire card). Is this implementation
> > in the CT code correct ?
> >
> 
> Yes. I2C cards does not return ATR. So The driver
> leaves this data blank. The CT spec does not says
> nothing about this being incorrect, so I guess it's
> fine.
> 
> > And now the main problem:
> > -
> >
> > The 2Kbit card seem to need the PIN code, is this
> > correct
> 
> Yes, you need to enter a PIN. The cards that come with
> the beginers pack use to have PIN=000.
> 
> >(I cannot write on it, and I saw in the
> > code,
> > that on type==2 and 3 cards, the PIN entering is
> > always done.
> > I have not seen any PIN  (in the package, on the
> > card,
> > etc) So I don't know any key, and now the card
> > always
> > blocks PIN entering, as the retry counter is already
> > on '0'.
> 
> This is because somebody (I don't mean you ;-) entered
> a wrong PIN 3 times, or because the card is bad.
> 
> > Can I do here anything ?
> > I also want to contact TOWITOKO (german company),
> > the cards
> > and card reader are coming from.
> >
> 
> If the card is actually blocked, you cannot.
> 
> > Please help.
> > I will further study the code to understand the PIN
> > protocol
> > and PIN handling. I have not found the spec for the
> > security
> > (PIN) handling and protocol yet.
> >
> 
> I don't know of such specification. You just need to
> use the appropiate CT commands (see MKT specs) to send
> PIN, change PIN, etc.
> 
> __
> Do You Yahoo!?
> Spot the hottest trends in music, movies, and more.
> http://buzz.yahoo.com/
> ***
> Linux Smart Card Developers - M.U.S.C.L.E.
> (Movement for the Use of Smart Cards in a Linux Environment)
> http://www.linuxnet.com/smartcard/index.html
> ***

-- 
---
private:[EMAIL PROTECTED]
company:[EMAIL PROTECTED]
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***