Home Tutorials Random About

[Import]Understanding JCOP: memory dump Search … Search

Posted on September 4, 2017 - September 10, 2017 by Kamil (aka. v3l0c1r4pt0r)

Tags

Aero Android assembly C cmake Delphi

NOTE: This post was imported from my previous blog – v3l0c1r4pt0r.tk. It was originally published on 8th February
2017. Dreamspark electronics English
FAT FAT32 FM Gingerbread GNU Radio GRC
Some time ago I was struggling with JCOP smart card. The one I received as it turned out was not pre-personalized, which
means some interesting features (like setting encryption keys and PIN) was still unlocked. Because documentation and all
hacking hardware JavaCard
the usual helpers (StackOverflow) were not very useful (well, ok, there was no publicly available documentation at all), I JCOP kanał 14 LCD library Linux pinout PKI
started very deep search on Google, which finished with full success. I was able to make dump of whole memory available polski programming Python radio Raspberry Pi
during pre-personalization.
Reverse Engineering router
Since it is not something that could be found online, here you have screenshot of it, colored a bit with help of my hdcb RTL-SDR SDC SDM SDR smart card

program. Without documentation it might not be very useful, but in some emergency situation, maybe somebody will need it. software tor tty UART wifi Windows
X.509 Xperia Pro

Recent Posts
> OpenRISC 1000 support integrated
into radare2
> Playing with GF-07 GPS device
> Hacking Android’s Bluetooth
application to receive any file (outside
whitelist)
> How Android smartphone is spying
on you?
> LKV373A: radare2 plugin for easier
reverse engineering of OpenRISC
1000 (or1k)

Recent Comments
> Fernando Vianel on New VCI+A-BT
(DS150E) ST-Link pinout
> Sergey on Playing with GF-07 GPS
device
> Sergey on Playing with GF-07 GPS
device
> Kamil (aka. v3l0c1r4pt0r) on Playing
with GF-07 GPS device
> Sergey on Playing with GF-07 GPS
device

Categories
> News
> Random
> Reversing LKV373A
> Setting up new v3 Hidden Service
with ultimate security
> Tutorials
> Uncategorized
> Understanding JCOP

Links
> Anonimg3
> Me @ github
> LKV373A Wiki
> DevTomek

Archives
JCOP memory dump made at the very beginning of pre-personalization
> December 2019
Small explanation: first address, I was able to read was 0xC000F0, first address with read error after configuration area was > November 2019
0xC09600. I know that, despite of lack of privileges some data is placed there. > October 2019
> August 2019
There are three configurations: cold start (0xc00123-0xc00145), warm start (0xc00146-0xc00168) and contactless > July 2019
(0xc00169-at least 0xc0016f). Description of coding of the individual fields is outside of the scope of this article. I hope, I will > February 2019
describe them in future. > November 2018
> October 2018
Next time, I will try to describe the process of pre-personalization, that is making not pre-personalized card, easy to get from > June 2018
usual sources of cheap electronics, able to receive and run applets. > May 2018
> March 2018
Update: Next part of this tutorial can be found under this link. > February 2018
> January 2018
> December 2017
> November 2017
Posted in Tutorials, Understanding JCOP Tagged electronics, English, hacking, hardware, JavaCard, JCOP, Reverse
> September 2017
Engineering, smart card

Meta
[Import]Wget with SSL/TLS support for Android
> Log in
[Import]Hacking Vasco translator through binary SMS > Entries feed
> Comments feed
> WordPress.org
Leave a Reply

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

Website

Post Comment

Proudly powered by WordPress | Theme: micro, developed by DevriX.