Cracking Smart CardsTeaching Assistant Setup InstructionsOverview:This lab will require a couple of stations to be configured for the students to use. Each station will be configured the same, and students will sign up for a time to complete the lab.Hardware Requirements:OS: Windows XPSoftware Required:- XtremeHU (http://www.interesting-devices.com/)- WinExplorer (http://www.intersting-devices.com/)Hardware:- 1 Glitching ATR Analyzer (per station)- 1 DirecTV period 3 Smart Card (per station)- 1 9-pin Serial cable (per station)- 1 9V Power Supply (per station)Setup:- Install XtremeHU and WinExplorer. Just accept all the defaults during the install.- Connect Glitching ATR Analyzer to serial port with serial cable. Apply power to Analyzer using 9V power supply.- Open XtremeHU- Click Card, Check Card InfoExpected Results: Shows Reset Complete then ATR: 3F7F1325… followed by card information.This confirms that communication between the software and the card reader is working properly.- Place the files original.bin, program.bin and corrupted.bin on the desktop.- Execute Card, Write, Current EPROM, With Normal Glitching. Give the process several seconds to execute and an EPROM write complete should be received.- Click Card, Check Card Info and verify that the Card ID has changed.Cracking Smart CardsStudent LabGroup Number:_______Member Names: ______________________ ________________________________Date Assigned: TBDDate Due: TBDLast Edited: Monday, January 14, 2019Please read the entire lab and any extra materials carefully before starting. Be sure to start early enough so that you will have time to complete the lab. Answer ALL questions in the Answer Sheet and be sure you turn in ALL materials listed in the Turn-in Checklist on or before the Date Due.Goal: This lab will introduce smart cards, their vulnerabilities, and how to control them.Summary: This lab is divided into four major parts. Part 1 will be performing various analyses of information that can be gained by interfacing with the smart card. Part 2 will forcefully extract information from the smart card and modify it. Part 3 will repair a damaged EPROM and restore the damaged smartcard to working condition. Part4 will perform reconnaissance on smart cards to obtain public data from the patent office.Background: Smart cards have been used by the satellite TV industry for many years and are starting to find their way into credit cards, ID cards, and other applications. Knowing smart cards’ limitations and vulnerabilities is key to maintaining secure use of these devices.Lab Scenario: WinExplorer and XtremeHU have been installed on some of the lab computers. A card reader has been provided for your use in this lab. In this lab you will use the card reader to passively examine data on the card, as well as forcefully extract and overwrite sensitive data on the card. For this lab the only operating system you will use is a windows XP machine.The card reader you will be using is an ISO7816 smart card reader with an Atmel ATS9213 AVR chip added. The purpose of this chip is to control the clock and voltage lines going to the card such that the card can be controlled (forcefully) by the reader. Appendix A is a commented disassembly of the smart card’s EPROM.All information contained in this lab is widely available on the internet. All programs and code was obtained from www.interesting-devices.com.Page 11.0 Analyzing Basic Smart Card information1.1 Check to make sure the serial cable is connected to the ATR Analyzer (card reader) and that the ATR Analyzer is plugged into AC power.1.2 Insert the smart card into the reader with the gold contacts facing downward (i.e. logo facing upward).1.3 On the Windows XP machine open XtremeHU and execute Card, Check Card InfoQUESTION 1.1: What kind of information do you see from the card?1.4 Note: At this point we have only read from the card. We have not modified or written anything to the card. The information we have obtained merely tells us the status of the card and does not divulge any secure information (i.e. account information, program package information, card keys) stored on the card. This type of test is performed by the TV receiver each time the card is inserted or the unit is powered up to determine if the card is operating correctly.2.0 Forcefully Extracting Secure Information from the Card2.1 Now we will coerce the card into giving up its private data. This will be done by sending a series of voltage variations and fast clock pulses knownas glitches to the card. Glitches alter instruction execution on the card allowing one to gain control of the card. This is typically done by stack / buffer overruns.2.2 Inside XtremeHU, click Card, Read Card. Allow this process to run to completion. You should see a screen of hex values when it is finished. This may take several attempts as using glitches to read a card is not a precise science.2.3 Scroll through the EPROM data to get a concept of the amount of data on the card. Screenshot #1 – Take a screenshot of the EPROM image.2.4 At this point we have forced the card to reveal its contents. This process isknown as dumping a card. Also note that we have still not written or modified anything on the card.2.5 Execute File, Open. Choose the file program.bin from the Desktop. A new EPROM image should open in the window.2.6 This image will be written to the card. If this image were a copy of an active card, writing it to a new card would allow us all the accesses of the card we copied it from (i.e. in TV we would have the same programming package (channels) as the person whose card we copied).2.7 Execute Card, Write, Current EPROM, With Normal Glitching. Give the process several seconds to execute and an EPROM write complete should be received.2.8 Click Card, Check Card Info.Page 2QUESTION 2.1: What is different about this information from the last time we ran this command?3.0 Repairing a Corrupted EPROM3.1 In this section we will corrupt the card so that it will not function properly and then return it to normal functionality. This is how glitching was originally developed: to repair corrupted EPROMs that happened during hashes.3.2 Execute Card, Write, Current EPROM, With Normal Glitching. Give the process several seconds to execute and an EPROM write complete should be received.3.3 Click Card, Check Card Info.QUESTION 3.1: What is different about this information from the last time we ran this command? 3.4