I want to post in this blog what I did at NorthSec 2013 which is a hacking competition that took place in Montreal in April 2013 (www.nsec.io). It is a 3 day event, so I’ll use multiple entries. I wanted to start with the smart card challenge track which I attacked on Saturday at around 11:30 AM.
After some initial hacking, we found a page which told us to go ask for a smart card at the front desk. It also contained the basic description of 3 Java Card applets, as well as the convoluted procedure to change the PIN on the smart card, a link to download the binaries for one of the applet and a link to some more instructions to help with this track.
The additional instructions indicated that there were several flags (competition points) to be obtained in this track and listed what the flags were in order for us to know what to submit when we got it (most other tracks used text strings that contained the word “flag” or some obvious hint, but in this track, they were mostly hex strings).
The first flag mentioned was the card model, I knew from previous work with smart card that this was usually available in the ATR (answer to reset). After downloading a few tools to communicate with smart cards, I could read the ATR and find the card model. It was “J2A080” and I tried submitting that but it failed. I then tried a LOT of permutations, adding the manufacturer and various bits of information that I could find in the datasheet but it always failed. After about 30 minutes I tried submitting in “4A3241303830” and it worked (it was my first flag in this track, I did not yet know that most flags were hex string…).
Alright, I had my first points! This entry is already a bit long, so I’ll continue with the second flag in the next one!