{"id":1091,"date":"2010-06-08T11:10:00","date_gmt":"2010-06-08T11:10:00","guid":{"rendered":"http:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/"},"modified":"2010-06-08T11:10:00","modified_gmt":"2010-06-08T11:10:00","slug":"aktualne-postrehy-z-bezpecnostnej-komunity","status":"publish","type":"post","link":"https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/","title":{"rendered":"Aktu\u00e1lne postrehy z bezpe\u010dnostnej komunity"},"content":{"rendered":"

1. S nieko\u013ekomesa\u010dn\u00fdm me\u0161kan\u00edm kone\u010dne vy\u0161iel nov\u00fd prielom \u010d\u00edslo 25<\/a>, odpor\u00fa\u010dam ho pre\u010d\u00edta\u0165 od za\u010diatku do konca.<\/p>\n

2.\u00a0Kamar\u00e1t Vid (Martin Mocko) zverejnil zauj\u00edmav\u00fa prezent\u00e1ciu o copy protection, odpor\u00fa\u010dam pre\u010d\u00edta\u0165<\/a> alebo vidie\u0165 na\u017eivo<\/a><\/p>\n

3. Zverejnen\u00fd proof-of-concept kr\u00e1de\u017ee identity<\/a> v mestskej kni\u017enici cez OpenCard. Hne\u010f po zhliadnut\u00ed videa mi napadlo, \u017ee bu\u010f doty\u010dn\u00ed determinovali pr\u00edslu\u0161n\u00e9 k\u013e\u00fa\u010de pre dan\u00fd sektor vyu\u017e\u00edvan\u00fd kni\u017enicou (pou\u017eili „default“, alebo ich nejako inak „uh\u00e1dli“), alebo jednoducho len determinovali UID danej karty, na ktor\u00fd je jednozna\u010dne namapovan\u00e1 identita pou\u017e\u00edvate\u013ea mestskej kni\u017enice a ten potom odemulovali.<\/p>\n

Po pre\u010d\u00edtan\u00ed prezent\u00e1cie Tom\u00e1\u0161a Rosu<\/a> i\u0161lo o ten druh\u00fd pr\u00edpad, teda z\u00edskanie UID pomocou vysokofrekven\u010dnej RFID \u010d\u00edta\u010dky a emul\u00e1cie pomocou ich PicNic vyvinut\u00e9ho prostriedku.\u00a0Najabsurdnej\u0161ie na celej situ\u00e1cii je, \u017ee UID sa d\u00e1 z\u00edska\u0165 aj jednoduch\u0161\u00edm sp\u00f4sobom – pre\u010d\u00edtan\u00edm z papierov\u00e9ho \u00fa\u010dtu, kde ho m\u00e1te pekne vytla\u010den\u00fd po zaplaten\u00ed nejak\u00e9ho tovaru va\u0161ou OpenCard kartou.<\/p>\n

Samozrejme probl\u00e9m je prim\u00e1rne v blbej implement\u00e1cii danej karty, kedy identita pou\u017e\u00edvate\u013ea je zviazen\u00e1 so statick\u00fdm identifik\u00e1torom ako UID, ktor\u00fd sa da jednoducho na\u010d\u00edta\u0165, resp. z\u00edska\u0165 in\u00fdm sp\u00f4sobom a n\u00e1sledne odemulova\u0165. To je probl\u00e9m v\u0161etk\u00fdch Mifare kariet, od Ultralight po DESFire.<\/p>\n

Je preto \u00faplne nevyhnutn\u00e9, aby v\u0161etky aplik\u00e1cie, ktor\u00e9 „identifikuj\u00fa“ pou\u017e\u00edvate\u013ea v\u00fdhradne na z\u00e1klade UID karty (pr\u00edpad v\u0161etk\u00fdch Mifare kariet), bu\u010f overovali dal\u0161ie „autentifika\u010dn\u00e9“ \u00fadaje na karte ako napr\u00edklad jeho za\u0161ifrovan\u00fd hash (ktor\u00fd bude za\u0161ifrovan\u00fd aj k\u013e\u00fa\u010dom dod\u00e1vate\u013ea rie\u0161enia) ulo\u017een\u00fd na nejakom \u0161ifrovanom bloku Mifare DESFire karty. Alebo cel\u00fd tento identifik\u00e1tor pou\u017e\u00edvate\u013ea za\u0161ifrovali k\u013e\u00fa\u010dom dod\u00e1vate\u013ea a bezpe\u010dne ulo\u017eili do nejak\u00e9ho \u0161ifrovan\u00e9ho bloku karty Mifare DESFire. Zviazanie s verejne dostupn\u00fdm UID nie je dobr\u00fd n\u00e1pad, lebo v s\u00fa\u010dasnej dobe UID ide v\u017edy odemulova\u0165 (bu\u010f pomocou Proxmark\u00a03, NFC telef\u00f3nu, \u010di in\u00e9ho prostriedku).<\/p>\n

Ist\u00fd „workaround“ predstavuj\u00fa „RFID shieldy“, teda ochrann\u00e9 obaly, ktor\u00e9 zabr\u00e1nia pr\u00edpadn\u00e9mu skimmingu (a vytvoria nad kartou jednoduch\u00fa faradayovu klietku). Samozrejme nez\u00e1brania tomu, \u017ee dan\u00fd pou\u017e\u00edvate\u013e si zabudne na stole svoj papierov\u00fd \u00fa\u010det z obedu s jeho vytla\u010den\u00fdm UID \ud83d\ude42<\/p>\n

4. Chyst\u00e1me sa prenaja\u0165 ve\u013ek\u00fd mobiln\u00fd karav\u00e1n a \u00eds\u0165 na geek hackersk\u00fd kemp<\/a> do Holandska. U\u017e teraz sa v\u0161etci te\u0161\u00edme…<\/p>\n","protected":false},"excerpt":{"rendered":"

1. S nieko\u013ekomesa\u010dn\u00fdm me\u0161kan\u00edm kone\u010dne vy\u0161iel nov\u00fd prielom \u010d\u00edslo 25, odpor\u00fa\u010dam ho pre\u010d\u00edta\u0165 od za\u010diatku do konca. 2.\u00a0Kamar\u00e1t Vid (Martin Mocko) zverejnil zauj\u00edmav\u00fa prezent\u00e1ciu o copy protection, odpor\u00fa\u010dam pre\u010d\u00edta\u0165 alebo vidie\u0165 na\u017eivo 3. Zverejnen\u00fd proof-of-concept kr\u00e1de\u017ee identity v mestskej kni\u017enici cez OpenCard. Hne\u010f po zhliadnut\u00ed videa mi napadlo, \u017ee bu\u010f doty\u010dn\u00ed determinovali pr\u00edslu\u0161n\u00e9 k\u013e\u00fa\u010de pre […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[12],"tags":[310,311,312,313,266,314,315],"class_list":["post-1091","post","type-post","status-publish","format-standard","hentry","category-uncategorized-cs","tag-desfire-cs","tag-eth0-cs","tag-kradez-identity-cs","tag-martin-mocko-cs","tag-mifare-cs","tag-prielom-cs","tag-tomas-rosa-cs"],"yoast_head":"\nAktu\u00e1lne postrehy z bezpe\u010dnostnej komunity - Nethemba<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/\" \/>\n<meta property=\"og:locale\" content=\"cs_CZ\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Aktu\u00e1lne postrehy z bezpe\u010dnostnej komunity - Nethemba\" \/>\n<meta property=\"og:description\" content=\"1. S nieko\u013ekomesa\u010dn\u00fdm me\u0161kan\u00edm kone\u010dne vy\u0161iel nov\u00fd prielom \u010d\u00edslo 25, odpor\u00fa\u010dam ho pre\u010d\u00edta\u0165 od za\u010diatku do konca. 2.\u00a0Kamar\u00e1t Vid (Martin Mocko) zverejnil zauj\u00edmav\u00fa prezent\u00e1ciu o copy protection, odpor\u00fa\u010dam pre\u010d\u00edta\u0165 alebo vidie\u0165 na\u017eivo 3. Zverejnen\u00fd proof-of-concept kr\u00e1de\u017ee identity v mestskej kni\u017enici cez OpenCard. Hne\u010f po zhliadnut\u00ed videa mi napadlo, \u017ee bu\u010f doty\u010dn\u00ed determinovali pr\u00edslu\u0161n\u00e9 k\u013e\u00fa\u010de pre […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/\" \/>\n<meta property=\"og:site_name\" content=\"Nethemba\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/nethemba\" \/>\n<meta property=\"article:published_time\" content=\"2010-06-08T11:10:00+00:00\" \/>\n<meta name=\"author\" content=\"Pavol Lupt\u00e1k\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@nethemba\" \/>\n<meta name=\"twitter:site\" content=\"@nethemba\" \/>\n<meta name=\"twitter:label1\" content=\"Napsal(a)\" \/>\n\t<meta name=\"twitter:data1\" content=\"Pavol Lupt\u00e1k\" \/>\n\t<meta name=\"twitter:label2\" content=\"Odhadovan\u00e1 doba \u010dten\u00ed\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minuty\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/\"},\"author\":{\"name\":\"Pavol Lupt\u00e1k\",\"@id\":\"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234\"},\"headline\":\"Aktu\u00e1lne postrehy z bezpe\u010dnostnej komunity\",\"datePublished\":\"2010-06-08T11:10:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/\"},\"wordCount\":448,\"commentCount\":0,\"keywords\":[\"desfire\",\"eth0\",\"kr\u00e1de\u017e identity\",\"martin mocko\",\"mifare\",\"prielom\",\"tom\u00e1\u0161 rosa\"],\"articleSection\":[\"Uncategorized @cs\"],\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/\",\"url\":\"https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/\",\"name\":\"Aktu\u00e1lne postrehy z bezpe\u010dnostnej komunity - Nethemba\",\"isPartOf\":{\"@id\":\"https:\/\/nethemba.com\/de\/#website\"},\"datePublished\":\"2010-06-08T11:10:00+00:00\",\"author\":{\"@id\":\"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234\"},\"breadcrumb\":{\"@id\":\"https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/#breadcrumb\"},\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/nethemba.com\/cs\/home-new-2025\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Aktu\u00e1lne postrehy z bezpe\u010dnostnej komunity\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/nethemba.com\/de\/#website\",\"url\":\"https:\/\/nethemba.com\/de\/\",\"name\":\"Nethemba\",\"description\":\"We care about your security\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/nethemba.com\/de\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"cs\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234\",\"name\":\"Pavol Lupt\u00e1k\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"cs\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"caption\":\"Pavol Lupt\u00e1k\"},\"sameAs\":[\"https:\/\/www.nethemba.com\/\"],\"url\":\"https:\/\/nethemba.com\/cs\/author\/nethemba-admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Aktu\u00e1lne postrehy z bezpe\u010dnostnej komunity - Nethemba","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/","og_locale":"cs_CZ","og_type":"article","og_title":"Aktu\u00e1lne postrehy z bezpe\u010dnostnej komunity - Nethemba","og_description":"1. S nieko\u013ekomesa\u010dn\u00fdm me\u0161kan\u00edm kone\u010dne vy\u0161iel nov\u00fd prielom \u010d\u00edslo 25, odpor\u00fa\u010dam ho pre\u010d\u00edta\u0165 od za\u010diatku do konca. 2.\u00a0Kamar\u00e1t Vid (Martin Mocko) zverejnil zauj\u00edmav\u00fa prezent\u00e1ciu o copy protection, odpor\u00fa\u010dam pre\u010d\u00edta\u0165 alebo vidie\u0165 na\u017eivo 3. Zverejnen\u00fd proof-of-concept kr\u00e1de\u017ee identity v mestskej kni\u017enici cez OpenCard. Hne\u010f po zhliadnut\u00ed videa mi napadlo, \u017ee bu\u010f doty\u010dn\u00ed determinovali pr\u00edslu\u0161n\u00e9 k\u013e\u00fa\u010de pre […]","og_url":"https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/","og_site_name":"Nethemba","article_publisher":"https:\/\/www.facebook.com\/nethemba","article_published_time":"2010-06-08T11:10:00+00:00","author":"Pavol Lupt\u00e1k","twitter_card":"summary_large_image","twitter_creator":"@nethemba","twitter_site":"@nethemba","twitter_misc":{"Napsal(a)":"Pavol Lupt\u00e1k","Odhadovan\u00e1 doba \u010dten\u00ed":"2 minuty"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/#article","isPartOf":{"@id":"https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/"},"author":{"name":"Pavol Lupt\u00e1k","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"headline":"Aktu\u00e1lne postrehy z bezpe\u010dnostnej komunity","datePublished":"2010-06-08T11:10:00+00:00","mainEntityOfPage":{"@id":"https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/"},"wordCount":448,"commentCount":0,"keywords":["desfire","eth0","kr\u00e1de\u017e identity","martin mocko","mifare","prielom","tom\u00e1\u0161 rosa"],"articleSection":["Uncategorized @cs"],"inLanguage":"cs","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/","url":"https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/","name":"Aktu\u00e1lne postrehy z bezpe\u010dnostnej komunity - Nethemba","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/#website"},"datePublished":"2010-06-08T11:10:00+00:00","author":{"@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"breadcrumb":{"@id":"https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/#breadcrumb"},"inLanguage":"cs","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/nethemba.com\/cs\/aktualne-postrehy-z-bezpecnostnej-komunity\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nethemba.com\/cs\/home-new-2025\/"},{"@type":"ListItem","position":2,"name":"Aktu\u00e1lne postrehy z bezpe\u010dnostnej komunity"}]},{"@type":"WebSite","@id":"https:\/\/nethemba.com\/de\/#website","url":"https:\/\/nethemba.com\/de\/","name":"Nethemba","description":"We care about your security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nethemba.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"cs"},{"@type":"Person","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234","name":"Pavol Lupt\u00e1k","image":{"@type":"ImageObject","inLanguage":"cs","@id":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","caption":"Pavol Lupt\u00e1k"},"sameAs":["https:\/\/www.nethemba.com\/"],"url":"https:\/\/nethemba.com\/cs\/author\/nethemba-admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/posts\/1091","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/comments?post=1091"}],"version-history":[{"count":0,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/posts\/1091\/revisions"}],"wp:attachment":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/media?parent=1091"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/categories?post=1091"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/tags?post=1091"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}