Folks,
This is a quick and dirty release to try and get some feedback on
e-passports.
From the CHANGES:
v0.n:
add CLONE mode to 'unique.py'
make 'mrpkey.py' more intelligent about reading passport contents:
read all data groups
extract image from CBEFF block in EF.DG2
extract public key certificate from EF.SOD (requires openssl
installation)
add asn.1 field length encoding rules
add 'sod.py' tool for brute force finding of certificates in
EF_SOD.BIN (requires openssl installation)
New release can be downloaded from http://rfidiot.org
Since I only have a couple of passports for testing it would be useful
to hear from those who have foreign passports if my new code works
better (should now extract any country's images/data without tweaking),
or if I've totally broken it!
The other major enhancement is extraction of public key certificates
from the Security Object. Contents can be quite revealing and I'll post
all the ones I've got on the website. Please send me any that you manage
to extract.
Here is example output of the extraction process on a UK passport:
Reading: EF.SOD Document Security Object
File Length: 1925
Reading: 00000
Stored in /tmp/EF_SOD.BIN
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1119353116 (0x42b7f91c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=gb, O=UKKPA, CN=Country Signing Authority
Validity
Not Before: May 22 12:43:30 2006 GMT
Not After : Sep 21 01:13:30 2017 GMT
Subject: C=gb, O=ukps, OU=london, CN=Document Signing Key 35
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:b8:00:3e:3d:b3:19:fe:b0:91:3a:4a:87:55:b1:
59:46:ec:b4:8d:91:9a:e9:c4:b3:29:a0:1a:ce:bc:
7a:21:16:87:42:83:79:fe:62:19:ba:db:41:60:68:
0b:25:17:b8:f5:59:e4:15:af:30:cf:f4:fe:c7:5e:
0e:27:42:8a:63:ba:3e:16:53:77:ba:23:df:68:fe:
45:1c:08:e2:6e:99:c9:12:00:fa:61:a0:3b:3c:a6:
c1:46:42:d7:88:64:5f:6c:d3:9d:e9:95:5b:95:eb:
be:e2:3c:60:48:e6:48:af:0a:62:55:4b:7e:91:90:
de:ad:61:f1:83:27:67:b1:31:15:8e:53:0d:b0:f7:
a4:7d:24:9d:20:5d:b6:1c:ea:a7:25:f5:a4:ea:40:
78:32:10:07:9c:51:bb:3a:2a:e2:b6:b9:38:26:5d:
73:46:3b:2b:3b:28:ef:dc:52:79:a1:d7:ed:d7:5f:
72:18:13:86:a9:a2:99:8f:38:6a:f0:ff:63:8d:7e:
76:c6:b2:cc:dd:bb:ff:21:34:d4:b1:7a:aa:59:1d:
fa:4f:32:8a:c9:cb:ac:e8:d4:2c:6a:5c:8c:5b:fe:
12:6b:fa:1a:ca:d3:27:99:b6:94:d2:57:cd:0a:d1:
b1:49:2c:54:d1:3e:bd:04:07:75:32:00:86:13:90:
16:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Private Key Usage Period:
Not Before: May 22 13:13:30 2006 GMT, Not After: Aug 24
13:13:30 2006 GMT
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
DirName:/C=gb/O=UKKPA/CN=Country Signing Authority/CN=CRL1
X509v3 Authority Key Identifier:
keyid:3B:34:6F:4A:F5:6C:7F:8C:C4:C6:46:5F:F8:24:F8:30:9A:D2:18:C0
X509v3 Subject Key Identifier:
BC:9E:2A:37:08:C6:B3:C4:12:A1:E8:BF:69:44:C1:76:0F:95:43:C5
Signature Algorithm: sha256WithRSAEncryption
42:60:0c:94:d7:ce:0e:a6:8d:2d:7c:1a:c2:6d:e6:be:7c:94:
14:2a:68:27:c2:93:c5:51:8e:77:f2:79:91:1f:5e:27:b6:85:
7d:78:40:7c:f4:0f:00:34:fa:31:49:f0:72:05:d1:32:3d:89:
33:82:32:85:86:8e:cd:55:ff:35:62:17:ff:c5:82:15:73:ba:
13:df:a8:d6:c6:06:08:98:44:bc:10:d8:7d:b3:59:a5:3e:06:
e4:e3:81:fd:7e:60:87:02:ae:15:f9:50:5f:8d:7f:32:d3:eb:
d4:ec:42:2f:e8:54:c4:16:85:75:a8:7b:15:3d:66:34:ff:d9:
cc:57:ed:89:36:d9:32:ab:4b:74:4f:14:64:47:a5:9e:68:09:
07:21:33:d3:e8:8f:34:1c:e7:c5:c0:41:32:2a:a7:d0:19:0b:
b9:6f:18:7c:fb:06:5b:57:66:c4:38:fc:1a:02:38:84:5e:1f:
c3:c7:d6:74:4b:a3:c5:e0:91:11:5e:c0:0f:a9:ff:37:b0:7b:
60:ec:f0:5d:4b:02:ee:f4:e5:48:ca:06:0d:fb:68:cc:03:b1:
fd:a6:86:26:27:bf:e1:5a:06:a9:60:88:b5:73:5b:0c:c0:e7:
58:59:e8:9c:3d:5f:b9:31:c1:79:7e:4f:b2:27:8d:c6:d0:21:
64:df:2c:5d:0b:db:af:1f:b2:ee:d5:b3:90:b1:b0:cd:a6:6a:
69:b5:a6:6a:02:d7:f1:ce:26:18:33:f7:c7:15:c8:61:93:8a:
29:3a:49:71:0d:c2:88:76:2f:c0:79:7e:d6:92:60:2f:5b:14:
e6:fd:d8:98:a5:93:71:7d:55:45:a3:63:d8:f2:be:97:76:5b:
c3:70:14:8c:c4:e2:fc:a9:22:2a:7e:d9:a1:0a:47:48:fc:f9:
36:b7:c6:02:f7:2b:26:07:2c:02:9d:27:e3:3f:03:24:be:79:
d7:21:f4:b1:07:e2:76:f2:e5:54:ff:8b:f0:cf:87:2c:fb:5c:
f6:ce:10:3d:ce:76:fb:86:87:0c:4b:86:55:83:85:1b:59:50:
08:46:53:87:a0:37:60:02:66:38:34:25:a0:3b:7d:d5:de:0d:
75:71:a5:eb:ae:de:a3:5e:ef:41:19:13:fb:60:46:b5:b8:a4:
d9:15:c0:e7:e7:64:f0:41:d6:69:9e:14:97:6f:4f:7a:d4:14:
52:39:66:64:ae:a3:ef:67:46:cf:f2:4f:34:55:f3:04:2d:48:
98:ab:2d:de:b3:da:7c:a0:62:df:16:d6:ff:0f:da:fa:22:9a:
f0:5e:96:63:28:c9:50:dd:92:1c:fd:07:56:c6:58:bf:a2:85:
41:bf:b9:6b:f5:8d:94:1e
-----BEGIN CERTIFICATE-----
MIIE9DCCAtygAwIBAgIEQrf5HDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJn
YjEOMAwGA1UEChMFVUtLUEExIjAgBgNVBAMTGUNvdW50cnkgU2lnbmluZyBBdXRo
b3JpdHkwHhcNMDYwNTIyMTI0MzMwWhcNMTcwOTIxMDExMzMwWjBPMQswCQYDVQQG
EwJnYjENMAsGA1UEChMEdWtwczEPMA0GA1UECxMGbG9uZG9uMSAwHgYDVQQDExdE
b2N1bWVudCBTaWduaW5nIEtleSAzNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBALgAPj2zGf6wkTpKh1WxWUbstI2RmunEsymgGs68eiEWh0KDef5iGbrb
QWBoCyUXuPVZ5BWvMM/0/sdeDidCimO6PhZTd7oj32j+RRwI4m6ZyRIA+mGgOzym
wUZC14hkX2zTnemVW5XrvuI8YEjmSK8KYlVLfpGQ3q1h8YMnZ7ExFY5TDbD3pH0k
nSBdthzqpyX1pOpAeDIQB5xRuzoq4ra5OCZdc0Y7Kzso79xSeaHX7ddfchgThqmi
mY84avD/Y41+dsayzN27/yE01LF6qlkd+k8yisnLrOjULGpcjFv+Emv6GsrTJ5m2
lNJXzQrRsUksVNE+vQQHdTIAhhOQFq0CAwEAAaOB5TCB4jArBgNVHRAEJDAigA8y
MDA2MDUyMjEzMTMzMFqBDzIwMDYwODI0MTMxMzMwWjAOBgNVHQ8BAf8EBAMCB4Aw
YwYDVR0fBFwwWjBYoFagVKRSMFAxCzAJBgNVBAYTAmdiMQ4wDAYDVQQKEwVVS0tQ
QTEiMCAGA1UEAxMZQ291bnRyeSBTaWduaW5nIEF1dGhvcml0eTENMAsGA1UEAxME
Q1JMMTAfBgNVHSMEGDAWgBQ7NG9K9Wx/jMTGRl/4JPgwmtIYwDAdBgNVHQ4EFgQU
vJ4qNwjGs8QSoei/aUTBdg+VQ8UwDQYJKoZIhvcNAQELBQADggIBAEJgDJTXzg6m
jS18GsJt5r58lBQqaCfCk8VRjnfyeZEfXie2hX14QHz0DwA0+jFJ8HIF0TI9iTOC
MoWGjs1V/zViF//FghVzuhPfqNbGBgiYRLwQ2H2zWaU+BuTjgf1+YIcCrhX5UF+N
fzLT69TsQi/oVMQWhXWoexU9ZjT/2cxX7Yk22TKrS3RPFGRHpZ5oCQchM9PojzQc
58XAQTIqp9AZC7lvGHz7BltXZsQ4/BoCOIReH8PH1nRLo8XgkRFewA+p/zewe2Ds
8F1LAu705UjKBg37aMwDsf2mhiYnv+FaBqlgiLVzWwzA51hZ6Jw9X7kxwXl+T7In
jcbQIWTfLF0L268fsu7Vs5CxsM2mamm1pmoC1/HOJhgz98cVyGGTiik6SXENwoh2
L8B5ftaSYC9bFOb92Jilk3F9VUWjY9jyvpd2W8NwFIzE4vypIip+2aEKR0j8+Ta3
xgL3KyYHLAKdJ+M/AyS+edch9LEH4nby5VT/i/DPhyz7XPbOED3OdvuGhwxLhlWD
hRtZUAhGU4egN2ACZjg0JaA7fdXeDXVxpeuu3qNe70EZE/tgRrW4pNkVwOfnZPBB
1mmeFJdvT3rUFFI5ZmSuo+9nRs/yTzRV8wQtSJirLd6z2nygYt8W1v8P2voimvBe
lmMoyVDdkhz9B1bGWL+ihUG/uWv1jZQe
-----END CERTIFICATE-----
enjoy,
Adam
--
Adam Laurie Tel: +44 (0) 1304 814800
The Bunker Secure Hosting Ltd. Fax: +44 (0) 1304 814899
Ash Radar Station
Marshborough Road
Sandwich mailto:[EMAIL PROTECTED]
Kent
CT13 0PL
UNITED KINGDOM PGP key on keyservers
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
