I want to play with a new IC on the Proxmark3. Any suggestions?
Currently I have the typical iclass, mifare classic/ultralight, desfire, ntag, t5577, and indala. What are some other tags that are interesting?
1 Like
I you want to jump into the deep end, pick up a J3R180 test card and get into JavaCard applet development, we publish most of our Apex applets open source at GitHub - DangerousThings/flexsecure-applets: Collection of JavaCard applets for the FlexSecure, as well as build and testing scripts, and documentation. .
5 Likes
I almost bought one the other day. I want to get a flexSecure, but have been hesistant about learning Java. C# has kind of become my recent priority. I may just say screw it and buy one anyway.
I see Python on the Github. Can I use that for programming the card in any manner?
On a side note, it looks like there are some dead links/folders @ flexsecure-applets/applets at master · DangerousThings/flexsecure-applets · GitHub
3 Likes
In my opinion the kind of embedded Java dialect you use for smartcards (i.e JavaCard) is more like C than Desktop Java or C#. There is no
- Standard framework (well, there is one, the Javacard one - but not the Desktop one you are used to)
- Strings
- Heap (at least you should not use it)
- Memory deallocation
In addition, the max. 4K of RAM make for a nice engineering challenge and means your code should run in constant memory.
No, you are required to use JavaCard, or I guess you could in theory use any other language that compiles down to the embedded JVM globalplatform / JCOP runtime, but there are no other compilers that I know of.
If you enter into contractual agreements / NDAs with the chip manufacturer NXP, they can provide you with an API to run raw assembly or C on the chip in form of extension modules. However I would not recommend doing that, as the JVM gives you a lot of runtime safety. (and also getting these NDAs is hard).
I do however use Python for almost all code which deals with smartcards and runs on the PC, because the Python smartcard API is nice to use and I like Python.
Not dead, but private. These contain non-public applets.
If you want to begin learning JavaCard, start with the jcardsim emulator and the vsmartcard reader emulators, then you can actually debug your code instead of cursing at a piece of unresponsive silicon.
4 Likes
That is cool!
3 Likes
This sounds interesting. What would the bare minimum materials needed if I wanted to play with this stuff as well. I don’t have an apex (yet) but I have a proxmark 3 easy. What cards would you recommend for physical tests?
DT sells test cards: https://dangerousthings.com/product/j3r180-test-card/ , but any NXP P71 card in OP_READY state with GlobalPlatform default test keys installed is fine.
In addition, you need a PC/SC compliant USB reader to interface the card with your PC. I recommend the ACS ACR1252U for NFC , or any cheap contact-only reader (since the test card also has gold pads, the implants obviously can only do NFC) like the ACS ACR40U.
On your PC, you need drivers for the reader of your choice - for Windows, those are usually downloaded manually or automatically found, on Linux they are provided by the pcsc-lite and ccid projects.
To actually manage the applets on the card, Use GlobalPlatformPro (nice CLI) or GPShell (batch scripting). To compile applets, use the Oracle JavaCard SDK, Java 8, and ant-javacard (or Maven). To interface the applets on the card, use the PCSC tool or library on your PC of your liking, I use Python3’s pyscard API.
If you want to deploy applets to the FIdesmo-based Apex platform instead of just the testcards or the FlexSecure (which is an open Javacard), you also need to install the fdsm tool to push applets (instead of GlobalPlatformPro, since Fidesmo manages the admin keys), and you need to petition Fidesmo for a developer account. Alternatively VivoKey can work with you to publish applets for the platform if it is something useful.
2 Likes
Awesome thanks. This is a bunch of info I’ll have to check out once I get home
4 Likes