Atmel CryptoMemory based smart cards are deemed to be some of the most secure on the market, boasting a proprietary 64-bit mutual authentication protocol, attempts counter, encrypted checksums, anti-tearing counter measures, and more. Yet none of these features are useful when the system implementation is flawed.
Communications were sniffed, protocols were analyzed, configuration memory was dumped, and an elegant hardware man-in-the-middle attack was developed. From start to finish, we will show you how concepts learned from an introductory computer security class were used to bypass the security measures on a Cryptomemory based stored value smart card laundry system, with suggestions on how things can improve.