Reverse engineering Java Card and vulnerability exploitation: a shortcut to ROM

Secure elements store and manipulate assets in a secure way. The most attractive assets are the cryptographic keys stored into the memory that can be used to provide secure services to a system. For this reason, secure elements are prone to attacks. But retrieving assets inside such a highly secure device is a challenging task. This paper presents the process we used to gain access to the assets in the particular case of Java Card secure element. In a Java Card, the assets are stored securely, i.e., respecting confidentiality and integrity attributes. Only the native layers can manipulate these sensitive objects. Thus, the Java interpreter, the API and the run time act as a firewall between the assets and the Java applications that one can load into the device. Finding a vulnerability into this piece of software is of a prime importance. Finding a vulnerability into a software is often not enough to develop a complete exploit. Here, we demonstrate at the end that a Java Card applet can call the hidden native functions used to decipher the secure container that encapsulates a key. Some previous attacks have shown the ability to get access to the application code area. But the Java Card intermediate byte code detected in the dumps has shown several differences with regard to the specification, which prevents the reverse engineering of the applicative code. Thus, to avoid the execution of shell code by a hostile applet, a part of the byte code stored into the card is unknown. The transformation is done on-the-fly during the upload of an application. We present in this article a new approach for reversing the unknown instruction set of the intermediate byte code which in turn has led to reverse engineering of the Java classes of the attacked card. We discovered during the reverse that some method calls have an unusual signature. Without having access to the native code, we have inferred the semantics of the called methods and their calling convention. These methods have access to the assets of the card without being restricted by security mechanisms like the firewall. We exploit this knowledge to set up a new attack that provides a full access to the cryptographic material and allows to reset the state of the card to the initial configuration. We demonstrate the ability to call these methods at the Java level in an application to retrieve sensitive assets whatever the protections are. Then, we suggest several possibilities to mitigate these attacks.

[1]  Guillaume Barbu,et al.  On the security of Java Card platforms against hardware attacks. (De la sécurité des plateformes Java Card face aux attaques matérielles) , 2012 .

[2]  Jean-Louis Lanet,et al.  The Hell Forgery - Self Modifying Codes Shoot Again , 2016, CARDIS.

[3]  Ulrik Pagh Schultz,et al.  Java bytecode compression for low-end embedded systems , 2000, TOPL.

[4]  Guillaume Barbu,et al.  Attacks on Java Card 3.0 Combining Fault and Logical Attacks , 2010, CARDIS.

[5]  Jean-Louis Lanet,et al.  Memory Forensics of a Java Card Dump , 2014, CARDIS.

[6]  Jean-Louis Lanet,et al.  Combined Software and Hardware Attacks on the Java Card Control Flow , 2011, CARDIS.

[7]  Nicolas Courtois,et al.  The Dark Side of Security by Obscurity - and Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime , 2009, SECRYPT.

[8]  Jean-Louis Lanet,et al.  Developing a Trojan applets in a smart card , 2010, Journal in Computer Virology.

[9]  Jean-Louis Lanet,et al.  Reverse engineering a Java Card memory management algorithm , 2017, Comput. Secur..

[10]  Jean-Louis Lanet,et al.  Paper Tigers: An Endless Fight , 2016, SECITC.

[11]  Rolf Rolles,et al.  Unpacking Virtualization Obfuscators , 2009, WOOT.

[12]  Jean-Louis Lanet,et al.  Hop ! Heap is also Vulnerable , 2015 .

[13]  Jean-Louis Lanet,et al.  The Hell Forgery, Polymorphic Codes Shoot Again , 2016 .

[14]  Jean-Louis Lanet,et al.  Subverting Byte Code Linker service to characterize Java Card API , 2012 .

[15]  Jean-Louis Lanet,et al.  Chronicle of a Java Card death , 2017, Journal of Computer Virology and Hacking Techniques.

[16]  Jean-Louis Lanet,et al.  Reversing the operating system of a Java based smart card , 2014, Journal of Computer Virology and Hacking Techniques.

[17]  Julien Lancia,et al.  Java Card Virtual Machine Compromising from a Bytecode Verified Applet , 2015, CARDIS.

[18]  Jean-Louis Lanet,et al.  Heap ... Hop! Heap Is Also Vulnerable , 2014, CARDIS.

[19]  Gilles Grimaud,et al.  Practical Java Card bytecode compression 1 , 2002 .

[20]  Jean-Louis Lanet,et al.  A Dynamic Syntax Interpretation for Java Based Smart Card to Mitigate Logical Attacks , 2012, SNDS.

[21]  Gregory R. Andrews,et al.  Disassembly of executable code revisited , 2002, Ninth Working Conference on Reverse Engineering, 2002. Proceedings..

[22]  Erik Poll,et al.  Logical Attacks on Secured Containers of the Java Card Platform , 2016, CARDIS.