How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security...
-
Upload
nguyennhan -
Category
Documents
-
view
217 -
download
0
Transcript of How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security...
![Page 1: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/1.jpg)
How Samsung Secures Your Wallet
&
How To Break It
HC Ma
Tencent’s Xuanwu Lab
http://xlab.tencent.com @XuanwuLab
![Page 2: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/2.jpg)
Who am I ?
• Security Researcher @
• hyperchemma#tencent.com
– Embedded Device Security
– Firmware Reverse-Engineering
– Fan of IoT
– Big Fan of
![Page 3: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/3.jpg)
Who am I ?
• Security Researcher @
• hyperchemma#tencent.com
– Embedded Device Security
– Firmware Reverse-Engineering
– Fan of IoT
– Big Fan of
![Page 4: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/4.jpg)
Agenda
• What’s SamsungPay
• SamsungPay Architecture
• Steal Money from SamsungPay?!
![Page 5: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/5.jpg)
What’s SamsungPay?
=
![Page 6: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/6.jpg)
What’s SamsungPay?
=Tokenization
Magnetic Card
![Page 7: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/7.jpg)
Magnetic Card & MST
• Magnetic Card:• Store data using magnetic particles;
• Physically 3 tracks on card;
• Track2 is the only one needed for payment;
• 6230744888888888888=2102777777777777;
• Card Skimmer;
• MST:• Magnetic Secure Transmission;
• Technology for simulating magnetic card;
• Use alternating magnetic field to transmit signal;
• Invented by LoopPay, bought by Samsung;
• Now ported to Samsungpay;
![Page 8: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/8.jpg)
Magnetic Card & MST
• Magnetic Card:• Store data using magnetic particles;
• Physically 3 tracks on card;
• Track2 is the only one needed for payment;
• 6230744888888888888=2102777777777777;
• Card Skimmer;
• MST:• Magnetic Secure Transmission;
• Technology for simulating magnetic card;
• Use alternating magnetic field to transmit signal;
• Invented by LoopPay, bought by Samsung;
• Now ported to Samsungpay;
![Page 9: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/9.jpg)
MST mechanism
![Page 10: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/10.jpg)
MST mechanism
However,
Anyone can
capture this
signal
![Page 11: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/11.jpg)
Tokenization
• Reliable solution for processing sensitive information;
• Mathematically inreversible;
• NO Sensitive data leaked;
• But Where to store?
![Page 12: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/12.jpg)
Secure Element
• Secure Element(SE) is a secure chip for securely hosting applications and their confidential and cryptographic data;
• SE has very high security level, and is the most essential part of mobile payment;
• Three types: UICC, MicroSD and Embedded SE;
![Page 13: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/13.jpg)
Secure Element
• Secure Element(SE) is a secure chip for securely hosting applications and their confidential and cryptographic data;
• SE has very high security level, and is the most essential part of mobile payment;
• Three types: UICC, MicroSD and Embedded SE;
![Page 14: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/14.jpg)
Applet
• An OS resides in SE;
• Applet is an application running upon the OS,
developed by Java;
• Compatible with JavaCard;
• Two methods required: install and process;
• Communicate with APDU;
• In CAP files forms;
• Confidential and cryptographic data for
generating token also reside in SE;
![Page 15: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/15.jpg)
More
Secure
More
Inte
rface
Applets running in SE
Trustlets For Payment
Drivers for devices and TrustZone
Libs for Comm and Crypto
SamsungPay Apps
SE
TrustZone
Android Kernel
Android Native
Android App
SamsungPay Architecture
![Page 16: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/16.jpg)
SamsungPayStub
•Pre-installed in official firmware released after
2016.03,located in /system/priv-app/SamsungPayStub;
•SamsungPay works fine without this;
•No payment function,just a stub;
•Download and install necessary App:
–SamsungPay Main App;
–SamsungPay Framework;
–TSM Serivce App;
![Page 17: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/17.jpg)
Main App & Framework
•Main App:
•Update package for
SamsungPayStub,shared the same
package name;
•Payment function,UI code and Card
Management code included;
•Save configuration in shared
preferences:common_preferences.x
ml and prov_preferences.xml;
•Save data in 8 SQLITE databases;
•Most data encrypted by private
algorithm (localefont);
•Framework:
•Provide service for communicating with
TrustZone;
•Trustlet bins are included in asset
directory;
![Page 18: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/18.jpg)
Main App & Framework
•Main App:
•Update package for
SamsungPayStub,shared the same
package name;
•Payment function,UI code and Card
Management code included;
•Save configuration in shared
preferences:common_preferences.x
ml and prov_preferences.xml;
•Save data in 8 SQLITE databases;
•Most data encrypted by private
algorithm (localefont);
•Framework:
•Provide service for communicating with
TrustZone;
•Trustlet bins are included in asset
directory;
![Page 19: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/19.jpg)
TSM Service
•A bridge between Bank and SamsungPay;
•Different for different region, in China, Provided and signed by China
UnionPay;
•Provide remote card management:
•Enrollment
•Download
•Update
•Revoke
•Delete
•Main App call service exported by TSM to achieve card management;
•Communicate with Service Provider web server.
![Page 20: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/20.jpg)
SKMS Agent
•Samsung Key Management Service Agent;
•Communicate with Samsung web server;
•Three versions:1.Pre-installed odex in /system/priv-app/SKMSAgent,obfuscated;
2.dalvik-cache odex in /dalvik-cache/, clear code;
3.Full apk Package bundled in some TSM install Package,obfuscated;
•Do SE initialization at very beginning phase;
•Collect SE information for every payment and
registration;
![Page 21: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/21.jpg)
Interface2Native
•Four methods for SamsungPay:
–nativeCreateTLCommunicationContext
–nativeDestroyTLCommunicationContext
–nativeProcessTACommand
–nativeGenerateDeviceCertificates
![Page 22: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/22.jpg)
Android App
![Page 23: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/23.jpg)
Android Native
•Few libs are involved in SamsungPay:
•libandroid_servers.so -> wrapper for all native service;
•libtlc_spay.so -> trustlet communication lib for samsungpay;
•libtlc_direct_comm.so-> lower communication lib;
•libMcClient.so -> MobiCore Client Lib;
•Daemon for communication:
•mcDriverDaemon -> daemon for talking to driver, by read,write and ioctl;
•Device interfaces:
•/dev/mobicore
•/dev/mobicore-user
•/dev/mst_ctrl
MobiCore Driveri
mst_drvi
![Page 24: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/24.jpg)
Android Kernel
•Drivers related to SamsungPay:
•MobiCore Driver ->
Interface for Userland;
•MobiCore Kernel Driver ->
Talk to TrustZone;
•mst_drv Driver ->
Control MST Device;
•Source Code Available;
![Page 25: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/25.jpg)
Android Kernel
•Drivers related to SamsungPay:
•MobiCore Driver ->
Interface for Userland;
•MobiCore Kernel Driver ->
Talk to TrustZone;
•mst_drv Driver ->
Control MST Device;
•Source Code Available;
Function CmdID Comments
turnonMST 1Used
turnoffMST 0
sendTrack1 2
UnusedsendTrack2 3
sendTrack3 6
sendTest 4 Used In Test APP
Escape 5
![Page 26: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/26.jpg)
TrustZone•OS is closed-source, MobiCore, developed by Giesecke & Devrient;
•Trustlets run in it, with MCLF format;
•Signed but NOT encrypted;
•Different payment use different trustlets:
;
•Trustlet entry accepts two arguments: tci and its length;
•tci points to WSM(World Shared Memory)
• After loaded, Trustlet does some initialization, then call
tlApiWaitNotification api wait notification from normal world;
•Accept commands from normal world:nativeProcessTACommand
![Page 27: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/27.jpg)
SE
•Hardware:
•SmartMX2-P61 family;
•Model: P61N1M3(maybe);
•Integrated into NFC controller
chip;
•SmartMX2 CPU, 90nm CMOS;
•ISA: Super Set of 80C51;
•Fame2 crypto coprocessor for
RSA/ECC;
•SBC crypto coprocessor for
DES/AES;
•Hardware(cont.):
•128KB E2PROM,1.2MB Flash,
34KB RAM;
•Five modes:
•Boot Mode;
•Test Mode;
•Firmware Mode;
•System Mode;
•User Mode;
•SPI interface for connecting
directly to SE;
•EAL6+;
![Page 28: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/28.jpg)
SE
![Page 29: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/29.jpg)
SE•Software:
•A Card OS inside, Regulated by
•Java Card runtime;
•Cryptographic and Hashing;
•Security Domain;
•Global Platform API;
•Card Life Cycle Models;
•Secure Channel;
![Page 30: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/30.jpg)
SE•Software:
•A Card OS inside, Regulated by
•Java Card runtime;
•Cryptographic and Hashing;
•Security Domain;
•Global Platform API;
•Card Life Cycle Models;
•Secure Channel;
•Isolated Environment for Running Applets
and Storing Data(keys ,config data), like
sandbox;
•Issuer Security Domain(ISD) own the top
privilege(Samsung);
•Supplementary Security Domains(SSD) for
Users, lower privilege;
•Cross Domains access is prohibited;
![Page 31: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/31.jpg)
SE•Software:
•A Card OS inside, Regulated by
•Java Card runtime;
•Cryptographic and Hashing;
•Security Domain;
•Global Platform API;
•Card Life Cycle Models;
•Secure Channel;
•Isolated Environment for Running Applets
and Storing Data(keys ,config data), like
sandbox;
•Issuer Security Domain(ISD) own the top
privilege(Samsung);
•Supplementary Security Domains(SSD) for
Users, lower privilege;
•Cross Domains access is prohibited;
•Built upon APDU;
•Negotiation and Authentication before
doing any operation;
•Session Keys are negotiated for every
connection;
•Traffic packets are encrypted by Session
Keys;
![Page 32: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/32.jpg)
In a word
•Many components in multi levels;
•Roughly 3 layers:
•Android;
•MobiCore(TrustZone);
•Applets and OS in SE;
•We focus mostly on the latter two;
![Page 33: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/33.jpg)
Steal Money from SamsungPay?!
Registration
PaymentRemote
Local
![Page 34: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/34.jpg)
Payment-Basic•Payment is the most frequently
used feature;
•Step for using SamsungPay:
•Select Card -> select one of virtual card
you registered in SamsungPay
•Authenticate -> password/fingerprint/iris
•Tap on POS -> stay phone close to
POS terminal;
•SamsungPay transmits NFC and
MST signal at the same time;
•We focus on both hardware and
software implementation of MST
transaction;
![Page 35: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/35.jpg)
Payment-Token Capture
•MST signal can be captured by coil;
•The energy of this signal is high enough to be captured from a
distance;
•Reported by 3 groups on BlackHat and USENIX;
![Page 36: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/36.jpg)
Payment-Token Capture
•Transmit Track2 Info Only;
•30 times in 30s for each payment;
![Page 37: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/37.jpg)
Payment-Token Analysis
•Different version was found in China;
•6 digits token instead of 3(documented in BH USA 2015);
•No internet or cellular required while generating tokens;
•Synchronized by sequence number;
6230745372011888888=21021010051295089
6230745372011888888=21021010061045672
6230745372011888888=21021010071577380
6230745372011888888=21021010081608599
6230745372011888888=21021010091744699
PAN
Const
BankID
Token
Sequence
![Page 38: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/38.jpg)
Payment-Token Analysis
•Different version was found in China;
•6 digits token instead of 3(documented in BH USA 2015);
•No internet or cellular required while generating tokens;
•Synchronized by sequence number;
6230745372011888888=21021010051295089
6230745372011888888=21021010061045672
6230745372011888888=21021010071577380
6230745372011888888=21021010081608599
6230745372011888888=21021010091744699
PAN
Const
BankID
Token
Sequence
PRG + Seed ?
![Page 39: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/39.jpg)
Payment-Token Generation
•Generating token securely is vital to mobile payment;
•Samsung uses layering model to minimize attacking
surface;
•Most work are done in TrustZone and SE;
•Two procedures involved, and each accepts one
argument from userland:
•StartPay(AID)
•transmitMSTData(ConfigData)
![Page 40: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/40.jpg)
Payment-Token Generation
StartPay
in
Trustlet
checkData
getAuth
convertData
openESEDevice
APDU_StartUseCard
checkPayMode
APDU_selectAID
APDU_getTrackData
![Page 41: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/41.jpg)
Payment-Token Generation
StartPay
in
Trustlet
checkData
getAuth
convertData
openESEDevice
APDU_StartUseCard
checkPayMode
APDU_selectAID
APDU_getTrackData
Ensure
authentication
complete
![Page 42: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/42.jpg)
Payment-Token Generation
StartPay
in
Trustlet
checkData
getAuth
convertData
openESEDevice
APDU_StartUseCard
checkPayMode
APDU_selectAID
APDU_getTrackData
String2hex
(AID)
Ensure
authentication
complete
![Page 43: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/43.jpg)
Payment-Token Generation
StartPay
in
Trustlet
checkData
getAuth
convertData
openESEDevice
APDU_StartUseCard
checkPayMode
APDU_selectAID
APDU_getTrackData
String2hex
(AID)
Ensure
authentication
complete
Through
SPI
![Page 44: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/44.jpg)
Payment-Token Generation
StartPay
in
Trustlet
checkData
getAuth
convertData
openESEDevice
APDU_StartUseCard
checkPayMode
APDU_selectAID
APDU_getTrackData
String2hex
(AID)
Ensure
authentication
complete
Is NFC or
MST mode?
Through
SPI
![Page 45: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/45.jpg)
Payment-Token Generation
StartPay
in
Trustlet
checkData
getAuth
convertData
openESEDevice
APDU_StartUseCard
checkPayMode
APDU_selectAID
APDU_getTrackData
Talk to SE
String2hex
(AID)
Ensure
authentication
complete
Is NFC or
MST mode?
Through
SPI
![Page 46: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/46.jpg)
Payment-Token Generation
CheckTrackData EncodeTrackData
Validate track data format and
charset by TrackNum
Select charset by TrackNum, and encode data to
signal(binary stream)
AdjustData Send2Device
Generate leading and tail
zeros, and connect to signal
above
Copy result to a shared memory.
transmitMSTData(ConfigData)
![Page 47: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/47.jpg)
Payment-Summary
•Token can be easily captured;
•Token is valid for transaction at that time;
•Invalid or expired if used;
•Synchronized by seqnum can be a problem;
•Algorithm is inside SE.Payment
![Page 48: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/48.jpg)
Payment-Summary
•Token can be easily captured;
•Token is valid for transaction at that time;
•Invalid or expired if used;
•Synchronized by seqnum can be a problem;
•Algorithm is inside SE.Payment
Can we get the algorithm and
generate valid token OFF the
phone?
![Page 49: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/49.jpg)
Registration-Guide
![Page 50: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/50.jpg)
Registration-Code
✓ Environment check while launch;
✓ Highly relied on KNOX;
✓ Check server certificate while using SSL;
✓ Encrypt Packets while transaction;
✓ Obfuscate dalvik code;
✓ Check Signature in native lib;
✓ Obfuscate native algorithm work flow;
![Page 51: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/51.jpg)
Registration-Code
✓ Environment check while launch;
✓ Highly relied on KNOX;
✓ Check server certificate while using SSL;
✓ Encrypt Packets while transaction;
✓ Obfuscate dalvik code;
✓ Check Signature in native lib;
✓ Obfuscate native algorithm work flow;
x Log all actions into logcat;
![Page 52: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/52.jpg)
Registration-Code
✓ Environment check while launch;
✓ Highly relied on KNOX;
✓ Check server certificate while using SSL;
✓ Encrypt Packets while transaction;
✓ Obfuscate dalvik code;
✓ Check Signature in native lib;
✓ Obfuscate native algorithm work flow;
x Log all actions into logcat;
x Even the decrypted https packets;
![Page 53: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/53.jpg)
Registration-Code
✓ Environment check while launch;
✓ Highly relied on KNOX;
✓ Check server certificate while using SSL;
✓ Encrypt Packets while transaction;
✓ Obfuscate dalvik code;
✓ Check Signature in native lib;
✓ Obfuscate native algorithm work flow;
x Log all actions into logcat;
x Even the decrypted https packets;
x Other information (Next Page);
![Page 54: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/54.jpg)
Registration-Code
getCard
IssuerInfo
Enroll
Card
Wait
Push
Request
OTP
Verify
OTP
Apply a virtual card for physical card, with your credentials
Collect Issuer info according to your card number
Wait for virtual card download info
Send the OTP back to bank to finish identification
Ask bank to send OTP to you, like cellphone, to identify
![Page 55: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/55.jpg)
Registration-Code
getCard
IssuerInfo
Enroll
Card
Wait
Push
Request
OTP
Verify
OTP
Apply a virtual card for physical card, with your credentials
Collect Issuer info according to your card number
Wait for virtual card download info
Send the OTP back to bank to finish identification
Ask bank to send OTP to you, like cellphone, to identify
![Page 56: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/56.jpg)
Registration-Code
getCard
IssuerInfo
Enroll
Card
Wait
Push
Request
OTP
Verify
OTP
Apply a virtual card for physical card, with your credentials
Collect Issuer info according to your card number
Wait for virtual card download info
Send the OTP back to bank to finish identification
Ask bank to send OTP to you, like cellphone, to identify
![Page 57: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/57.jpg)
Registration-Code
getCard
IssuerInfo
Enroll
Card
Wait
Push
Request
OTP
Verify
OTP
Apply a virtual card for physical card, with your credentials
Collect Issuer info according to your card number
Wait for virtual card download info
Send the OTP back to bank to finish identification
Ask bank to send OTP to you, like cellphone, to identify
![Page 58: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/58.jpg)
Registration-Code
Init Connection
![Page 59: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/59.jpg)
Registration-Code
Data from Push Msg
![Page 60: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/60.jpg)
Registration-Download
SE Initialization Virtual Card Applet Download
• Initial only ONCE, at the
first time of use;
• Done by SKMS(Samsung)
and TSM(Bank);
• New Supplementary
Security Domain(SSD)
Created;
• Download and Install
Applet of Virtual Card;
• Store corresponding data
to SE;
• Belong to New SSD;
• While Activated, the applet
can represent your
physical bank card;
![Page 61: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/61.jpg)
Registration-Download
SE Initialization Virtual Card Applet Download
• Initial only ONCE, at the
first time of use;
• Done by SKMS(Samsung)
and TSM(Bank);
• New Supplementary
Security Domain(SSD)
Created;
• Download and Install
Applet of Virtual Card;
• Store corresponding data
to SE;
• Belong to New SSD;
• While Activated, the applet
can represent your
physical bank card;•Whole process are protected by session
key and SSL
![Page 62: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/62.jpg)
Registration-Tips
③ Android 5.1.1 is vulnerable to
some root tools;
![Page 63: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/63.jpg)
Registration-Tips
③ Android 5.1.1 is vulnerable to
some root tools;
① Traffic packets for both
process are encrypted by
random session key, and
transferred through SSL;
![Page 64: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/64.jpg)
Registration-Tips
③ Android 5.1.1 is vulnerable to
some root tools;
② To learn more, packets
should be decrypted;
① Traffic packets for both
process are encrypted by
random session key, and
transferred through SSL;
![Page 65: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/65.jpg)
Registration-Tips
③ Android 5.1.1 is vulnerable to
some root tools;
② To learn more, packets
should be decrypted;③MITM for SSL does not work;
① Traffic packets for both
process are encrypted by
random session key, and
transferred through SSL;
![Page 66: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/66.jpg)
Registration-Tips
③ Android 5.1.1 is vulnerable to
some root tools;
④ Instead of cracking SSL, we
have to probe the internals;
② To learn more, packets
should be decrypted;③MITM for SSL does not work;
① Traffic packets for both
process are encrypted by
random session key, and
transferred through SSL;
![Page 67: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/67.jpg)
Registration-Tips
③ Android 5.1.1 is vulnerable to
some root tools;
④ Instead of cracking SSL, we
have to probe the internals;
② To learn more, packets
should be decrypted;③MITM for SSL does not work;
① Traffic packets for both
process are encrypted by
random session key, and
transferred through SSL;
Thus a secure root is must
![Page 68: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/68.jpg)
Registration-Tips
③ Android 5.1.1 is vulnerable to
some root tools;
④ Instead of cracking SSL, we
have to probe the internals;
② To learn more, packets
should be decrypted;③MITM for SSL does not work;
① Traffic packets for both
process are encrypted by
random session key, and
transferred through SSL;
Thus a secure root is must
①SamsungPay is launched
with Android 6.0.1;
![Page 69: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/69.jpg)
Registration-Tips
③ Android 5.1.1 is vulnerable to
some root tools;
④ Instead of cracking SSL, we
have to probe the internals;
② To learn more, packets
should be decrypted;③MITM for SSL does not work;
① Traffic packets for both
process are encrypted by
random session key, and
transferred through SSL;
Thus a secure root is must
② However SamsungPay works
fine on 5.1.1;
①SamsungPay is launched
with Android 6.0.1;
![Page 70: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/70.jpg)
Registration-Tips
③ Android 5.1.1 is vulnerable to
some root tools;
④ Instead of cracking SSL, we
have to probe the internals;
② To learn more, packets
should be decrypted;③MITM for SSL does not work;
① Traffic packets for both
process are encrypted by
random session key, and
transferred through SSL;
Thus a secure root is must
② However SamsungPay works
fine on 5.1.1;
①SamsungPay is launched
with Android 6.0.1;
③ Android 5.1.1 is vulnerable to
some root tools;
![Page 71: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/71.jpg)
Registration-Tips
③ Android 5.1.1 is vulnerable to
some root tools;
④ Instead of cracking SSL, we
have to probe the internals;
② To learn more, packets
should be decrypted;③MITM for SSL does not work;
① Traffic packets for both
process are encrypted by
random session key, and
transferred through SSL;
Thus a secure root is must
④ Root privilege can be gained
temporarily;
② However SamsungPay works
fine on 5.1.1;
①SamsungPay is launched
with Android 6.0.1;
③ Android 5.1.1 is vulnerable to
some root tools;
![Page 72: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/72.jpg)
Registration-Code
TSMService
SKMS
Agent
![Page 73: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/73.jpg)
Registration-Trick1TSMService
![Page 74: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/74.jpg)
Registration-Trick1TSMService
![Page 75: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/75.jpg)
Registration-Trick1
Jni_iDM=Jni_isDebugMode
TSMService
![Page 76: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/76.jpg)
Registration-Trick2SKMS Agent
![Page 77: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/77.jpg)
Registration-Trick2SKMS Agent
unmodifiable
![Page 78: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/78.jpg)
Registration-Trick2SKMS Agent
Return 0 unmodifiable
![Page 79: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/79.jpg)
Registration-Trick2
Return 0
![Page 80: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/80.jpg)
Registration-Trick2
Return 0
•SKMS Agent is a
pre-installed app,
Only odex exsit;
![Page 81: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/81.jpg)
Registration-Trick2
Return 0
•SKMS Agent is a
pre-installed app,
Only odex exsit;
•System will
execute the native
code in odex file
instead of dalvik
code;
![Page 82: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/82.jpg)
Registration-Trick2
Return 0
•SKMS Agent is a
pre-installed app,
Only odex exsit;
•System will
execute the native
code in odex file
instead of dalvik
code;
•Let’s modify
native code
directly;
![Page 83: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/83.jpg)
Registration-Trick2
Return 0
•SKMS Agent is a
pre-installed app,
Only odex exsit;
•System will
execute the native
code in odex file
instead of dalvik
code;
•Let’s modify
native code
directly;
![Page 84: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/84.jpg)
Registration-Trick2
![Page 85: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/85.jpg)
Registration-Trick2
• Dm-verity is enabled, we can’t change files on System partition;
![Page 86: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/86.jpg)
Registration-Trick2
• Dm-verity is enabled, we can’t change files on System partition;
• Files in dalvik-cache are also odex file;
![Page 87: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/87.jpg)
Registration-Trick2
• Dm-verity is enabled, we can’t change files on System partition;
• Files in dalvik-cache are also odex file;
• System will load dalvik-cache if odex not exist in app dir;
![Page 88: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/88.jpg)
Registration-Trick2
• Dm-verity is enabled, we can’t change files on System partition;
• Files in dalvik-cache are also odex file;
• System will load dalvik-cache if odex not exist in app dir;
• Remove odex will NOT trigger dm-verity;
![Page 89: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/89.jpg)
Registration-Trick2
• Dm-verity is enabled, we can’t change files on System partition;
• Files in dalvik-cache are also odex file;
• System will load dalvik-cache if odex not exist in app dir;
• Remove odex will NOT trigger dm-verity;
• NO integrity check for native code;
![Page 90: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/90.jpg)
Registration-strategy
•Enable packets log strategy:
•Modify odex native code;
•Rename to system@priv-
app@[email protected]@classes.dex
•Write to dalvik-cache directory;
•Remove original odex file under root privilege;
•Patch Applied!
![Page 91: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/91.jpg)
Registration-SE Operations7 Steps of Registration
–Create Supplementary Security Domain;
–Update Supplementary Security Domain keys;
–Install ARC-C Application;
–Personalize AMSD and Write SEID;
–Add Access Rules for CRS;
–Install CARDS Applet;
–Install Applet;
SE
Initialization
TSMService
SKMS Agent
Applet
Download
•All packets are transmitted through Secure Channel;
•3 keys involved: Keyisd, Keydefault and Keybank;
![Page 92: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/92.jpg)
Registration-SE Operations•Create Supplementary Security Domain:
•Done by SKMS Agent and Samsung Server;
•Use Keyisd to set up Secure Channel, encrypted by Triple DES;
•Only Samsung and SE know Keyisd;
•Working in privilege Security Domain—Issuer Security Domain;
•At the end of this stage, Keydefault is set for new domain;
![Page 93: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/93.jpg)
Registration-SE Operations
![Page 94: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/94.jpg)
Registration-SE Operations•Update Supplementary Security Domain keys:
•Update Keydefault with Keybank;
•Working in supplementary Security Domain;
•Install ARC-C Application:•ARA-C( Access Rule Application Client);
•Hardware-based Access Control Mechanism, allow specific android app to
access SE;
•Hash of certificate is written into;
•Personalize AMSD and Write SEID:
•AMSD(Authorized Mode Secured Domain, AMSD);
•Bank assigns an SEID for SE, and write it into SE;
![Page 95: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/95.jpg)
Registration-SE Operations•Add Access Rules for CRS:
•CRS(Contactless Registry Service)
•Application selection rules on the contactless interface(for NFC);
•Install CARDS Applet:
•Seems Core of Bank implementation,around 11K;
•After Installation, few initializaiton opertions are done by ISO7816
standard cmds instead of secure channel:
•CREATE FILE
•UPDATE BINARY
•GET CHALLENGE
•SET PIN
![Page 96: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/96.jpg)
Registration-SE Operations
•Install Applet:
•Applet for generating tokens, around 53K;
•Different cards may share the same blob, but different
data;
•The entity that trustlets comminucate with in TrustZone;
•The whole blob is encrypted, no more detail known
until one of the keys gained: Keyisd, Keydefault and
Keybank
![Page 97: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/97.jpg)
Registration-Summary
•All traffic packets are encrypted;
•Information leaks also exist;
•Tokens are generated inside SE by certain applet;
•Applets and their config data are stored through
Secure Channel, no plain text data exposed;
•Secure Channel is secured by cryptographic key;
Registration
![Page 98: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/98.jpg)
Registration-Summary
•All traffic packets are encrypted;
•Information leaks also exist;
•Tokens are generated inside SE by certain applet;
•Applets and their config data are stored through
Secure Channel, no plain text data exposed;
•Secure Channel is secured by cryptographic key;
Your WALLET is secured properly!
Registration
![Page 99: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/99.jpg)
Black Hat Sound Bytes
•We detailed all process of SamsungPay from userland to
TrustZone;
•Keyisd is critical for the whole payment system, once leak,
attacker can do whatever they want;
•Other two keys are also important to understand the
mechanism inside SE;
•SamsungPay will stay secure until these keys leaked/gained;
•Mistake and design faults are made by Samsung and 3rd
party developer;
![Page 100: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/100.jpg)
Acknowledgement
• My leader: tombkeeper
• reeseliu for drawing sketch and document translation
• rudywang, jacksonma,huimingliu
• All team members in Xuanwu Lab
![Page 101: How Samsung Secures Your Wallet & How To Break It · PDF fileWho am I ? • Security Researcher @ • hyperchemma#tencent.com –Embedded Device Security –Firmware Reverse-Engineering](https://reader033.fdocuments.net/reader033/viewer/2022051720/5a78e76f7f8b9a5a148d7565/html5/thumbnails/101.jpg)
Q&A