0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/172 Thanks! 1 00:00:14,100 --> 00:00:16,229 Here I am, Matteo Cholera, 2 00:00:16,230 --> 00:00:17,909 the first one of the tool, Matteo. 3 00:00:17,910 --> 00:00:20,039 We share the same first name. 4 00:00:20,040 --> 00:00:22,379 And he is Matteo DeCaro, 5 00:00:22,380 --> 00:00:24,659 and we are presenting these talks to show 6 00:00:24,660 --> 00:00:27,089 you how to build a safe and FC 7 00:00:27,090 --> 00:00:28,320 validating system. 8 00:00:31,320 --> 00:00:33,599 So who 9 00:00:33,600 --> 00:00:35,849 you are, as I 10 00:00:35,850 --> 00:00:38,039 told you before, I am Laura. 11 00:00:38,040 --> 00:00:40,199 Here you can find all my 12 00:00:40,200 --> 00:00:41,939 all the details about my name, my 13 00:00:41,940 --> 00:00:44,999 Twitter. And the same as him, so 14 00:00:45,000 --> 00:00:47,519 I debit on his nickname. 15 00:00:47,520 --> 00:00:48,929 Twitter email. 16 00:00:48,930 --> 00:00:51,359 We are both students and 17 00:00:51,360 --> 00:00:53,579 we are. I'm studying electronics 18 00:00:53,580 --> 00:00:55,799 engineering at the Polytechnic of 19 00:00:55,800 --> 00:00:57,899 Turin and the know if someone of 20 00:00:57,900 --> 00:00:59,969 you knows and 21 00:00:59,970 --> 00:01:02,609 he's studying computer engineering. 22 00:01:02,610 --> 00:01:04,689 But his employer, too at a 23 00:01:04,690 --> 00:01:06,119 cellular network. 24 00:01:06,120 --> 00:01:08,609 If he is a security company 25 00:01:08,610 --> 00:01:10,769 and don't ask me 26 00:01:10,770 --> 00:01:12,959 anything about the numbers after my 27 00:01:12,960 --> 00:01:13,960 ego, 28 00:01:16,020 --> 00:01:18,239 then so what are we dealing 29 00:01:18,240 --> 00:01:19,240 with today? 30 00:01:20,260 --> 00:01:22,979 MIF ultralight thugs. 31 00:01:22,980 --> 00:01:24,939 What are those thugs? 32 00:01:24,940 --> 00:01:26,789 They are designed to work at a target 33 00:01:26,790 --> 00:01:28,979 frequency of thirteen point fifty 34 00:01:28,980 --> 00:01:31,139 six megahertz, and they are designed 35 00:01:31,140 --> 00:01:33,539 by Annex B semiconductors. 36 00:01:33,540 --> 00:01:35,489 As you can see, there is the logo on the 37 00:01:35,490 --> 00:01:36,629 bottom of the slide, 38 00:01:38,190 --> 00:01:40,799 and we are also using 39 00:01:40,800 --> 00:01:43,079 an NFC shield by either 40 00:01:43,080 --> 00:01:45,539 fruit because later 41 00:01:45,540 --> 00:01:48,329 we will show you a test 42 00:01:48,330 --> 00:01:50,819 using those shield because 43 00:01:50,820 --> 00:01:52,230 it is our stamping machine. 44 00:01:55,530 --> 00:01:57,809 So I will show you some facts 45 00:01:57,810 --> 00:02:00,329 and figures about me or ultralight. 46 00:02:01,440 --> 00:02:03,449 How is it composed, for example? 47 00:02:03,450 --> 00:02:04,829 This is the structure of 48 00:02:05,960 --> 00:02:07,439 re-authorized tag. 49 00:02:07,440 --> 00:02:09,508 It is from memory 50 00:02:09,509 --> 00:02:11,799 of 512 bits, 51 00:02:11,800 --> 00:02:13,859 so 64 bytes and they 52 00:02:13,860 --> 00:02:16,889 are arranged in 16 pages. 53 00:02:16,890 --> 00:02:19,019 And here 54 00:02:19,020 --> 00:02:20,819 we will look more in the tail. 55 00:02:20,820 --> 00:02:23,249 And as you can see, the first block 56 00:02:23,250 --> 00:02:25,919 of 10 bytes is 57 00:02:25,920 --> 00:02:28,139 of the first seven 58 00:02:28,140 --> 00:02:30,299 are a number or serial number, 59 00:02:30,300 --> 00:02:32,379 and there is another byte call 60 00:02:32,380 --> 00:02:34,529 internal. The internal is something like 61 00:02:34,530 --> 00:02:36,659 a constant and 62 00:02:36,660 --> 00:02:39,059 depends on the next B 63 00:02:39,060 --> 00:02:40,259 manufacturer. 64 00:02:40,260 --> 00:02:42,449 While the serial number is something 65 00:02:42,450 --> 00:02:45,179 that makes unique each tag, 66 00:02:45,180 --> 00:02:47,639 so each mystery will try to tag 67 00:02:47,640 --> 00:02:50,399 as its own UI the 68 00:02:50,400 --> 00:02:52,469 number. And there are two check 69 00:02:52,470 --> 00:02:54,569 bytes that they are a 70 00:02:54,570 --> 00:02:56,939 result of XOR operation, 71 00:02:56,940 --> 00:02:59,049 but it is not so important. 72 00:02:59,050 --> 00:03:01,799 So they are programed by the manufacturer 73 00:03:01,800 --> 00:03:04,049 and they are read only, so you can't 74 00:03:04,050 --> 00:03:05,639 actually change that field. 75 00:03:07,830 --> 00:03:09,899 Then after this 76 00:03:09,900 --> 00:03:12,029 section, there is a very important 77 00:03:12,030 --> 00:03:13,710 section that is the lock byte. 78 00:03:14,760 --> 00:03:16,859 They are just two bytes 79 00:03:16,860 --> 00:03:19,019 and as you can see, each square 80 00:03:19,020 --> 00:03:21,299 is a single bit, and 81 00:03:21,300 --> 00:03:23,519 those numbers stand for 82 00:03:23,520 --> 00:03:25,619 the number of the page of 83 00:03:25,620 --> 00:03:26,699 the whole ticket. 84 00:03:26,700 --> 00:03:28,919 You can make a read-only, so if 85 00:03:28,920 --> 00:03:31,109 you actually change, you 86 00:03:31,110 --> 00:03:33,419 turn one bit from zero to one 87 00:03:33,420 --> 00:03:34,739 of those log bytes. 88 00:03:34,740 --> 00:03:37,019 You can make a page of the 89 00:03:37,020 --> 00:03:38,999 whole Typekit read only. 90 00:03:39,000 --> 00:03:41,819 And as you can see, there are three 91 00:03:41,820 --> 00:03:43,110 squares which 92 00:03:44,460 --> 00:03:46,559 they have a b o, and 93 00:03:46,560 --> 00:03:49,049 those are used for making 94 00:03:49,050 --> 00:03:52,049 Read-Only the lock beat itself. 95 00:03:52,050 --> 00:03:53,050 So 96 00:03:54,360 --> 00:03:56,849 we will see later how this 97 00:03:56,850 --> 00:03:59,699 could be important in case of 98 00:03:59,700 --> 00:04:00,700 a lock attack. 99 00:04:03,090 --> 00:04:05,259 OK, then OK, bytes can be 100 00:04:05,260 --> 00:04:07,259 edited as you want. 101 00:04:07,260 --> 00:04:08,219 Why that? 102 00:04:08,220 --> 00:04:10,289 Because if 103 00:04:10,290 --> 00:04:12,389 you are going to write something 104 00:04:12,390 --> 00:04:14,879 on those bytes, they are simply 105 00:04:14,880 --> 00:04:16,409 what are you going to write? 106 00:04:16,410 --> 00:04:18,659 Is Bitwise stored? 107 00:04:18,660 --> 00:04:21,148 So if you have a bit 108 00:04:21,149 --> 00:04:23,309 already in state one, you can't 109 00:04:23,310 --> 00:04:24,929 turn back in to zero. 110 00:04:24,930 --> 00:04:28,049 So if you lock a page, it will be 111 00:04:28,050 --> 00:04:29,519 locked forever. 112 00:04:33,110 --> 00:04:35,899 Then there is the most important 113 00:04:35,900 --> 00:04:38,119 sector, I think, in the in the whole 114 00:04:38,120 --> 00:04:41,029 ticket that is the OTB. 115 00:04:41,030 --> 00:04:43,729 It is made of four bytes 116 00:04:43,730 --> 00:04:45,889 and by default they are set 117 00:04:45,890 --> 00:04:48,139 to zero or set to zero. 118 00:04:48,140 --> 00:04:51,019 And it is the only security function. 119 00:04:51,020 --> 00:04:53,329 And if they were used right thugs, 120 00:04:53,330 --> 00:04:55,489 as if you want 121 00:04:55,490 --> 00:04:57,919 to write on the OTP, it's something like 122 00:04:57,920 --> 00:04:59,989 the log bytes. So you have two 123 00:04:59,990 --> 00:05:02,239 or bitwise all the data 124 00:05:02,240 --> 00:05:03,559 you want to write. 125 00:05:03,560 --> 00:05:04,819 And just a note. 126 00:05:04,820 --> 00:05:06,859 It stands for one time programable, not 127 00:05:06,860 --> 00:05:09,249 one time password and 128 00:05:09,250 --> 00:05:11,869 the other in the transportation 129 00:05:11,870 --> 00:05:14,239 system. It is used for storing 130 00:05:14,240 --> 00:05:16,789 the number of lights, right, Celeste? 131 00:05:16,790 --> 00:05:17,899 Why this? 132 00:05:17,900 --> 00:05:19,969 Because if you 133 00:05:19,970 --> 00:05:22,099 consider this section and 134 00:05:22,100 --> 00:05:24,499 if you know that you can 135 00:05:24,500 --> 00:05:26,809 only or the data you want to write 136 00:05:26,810 --> 00:05:29,779 on, you can actually only decrease 137 00:05:29,780 --> 00:05:32,419 the number of zeros of the bits 138 00:05:32,420 --> 00:05:33,469 in this section. 139 00:05:33,470 --> 00:05:36,259 So if it is 140 00:05:36,260 --> 00:05:38,299 by default, you have four bytes or set to 141 00:05:38,300 --> 00:05:40,459 zero. If you want to write data 142 00:05:40,460 --> 00:05:43,039 underneath, you are actually decreasing 143 00:05:43,040 --> 00:05:44,959 the number of zeros. 144 00:05:44,960 --> 00:05:47,149 Speaking about the bits 145 00:05:47,150 --> 00:05:49,219 and why 146 00:05:49,220 --> 00:05:51,789 it is useful for the multiple right 147 00:05:51,790 --> 00:05:53,899 because you are decreasing and 148 00:05:53,900 --> 00:05:55,490 so you can use it for 149 00:05:56,720 --> 00:05:58,789 storing a limited quantity on 150 00:05:58,790 --> 00:05:59,719 it. 151 00:05:59,720 --> 00:06:01,699 As you can see, the number of zero is 152 00:06:01,700 --> 00:06:03,829 decreasing while you are writing 153 00:06:03,830 --> 00:06:04,830 on it. 154 00:06:05,810 --> 00:06:08,119 Then we are looking to the section 155 00:06:08,120 --> 00:06:10,189 of data. Data is the way it 156 00:06:10,190 --> 00:06:11,509 the sector. 157 00:06:11,510 --> 00:06:13,579 You can read and write on it as you 158 00:06:13,580 --> 00:06:14,580 want. 159 00:06:15,050 --> 00:06:17,209 If, of course, the pages 160 00:06:17,210 --> 00:06:19,579 are not locked and 161 00:06:19,580 --> 00:06:22,009 so there are 12 pages, 48 bytes 162 00:06:22,010 --> 00:06:23,010 were to write on. 163 00:06:25,010 --> 00:06:27,679 But um, 164 00:06:27,680 --> 00:06:29,329 where we can? 165 00:06:29,330 --> 00:06:30,330 OK. 166 00:06:30,800 --> 00:06:31,800 Sorry. 167 00:06:32,840 --> 00:06:34,069 OK. 168 00:06:34,070 --> 00:06:35,869 As regards the transportation system 169 00:06:35,870 --> 00:06:37,999 application, you can 170 00:06:38,000 --> 00:06:40,069 you can find here, for example, 171 00:06:40,070 --> 00:06:41,269 the time of the last stamp, 172 00:06:42,740 --> 00:06:44,309 for example, the validation, the 173 00:06:44,310 --> 00:06:47,059 validator Machine ID or 174 00:06:47,060 --> 00:06:49,399 information about the bus line 175 00:06:49,400 --> 00:06:50,899 down on the ground stop. 176 00:06:50,900 --> 00:06:53,809 They can be stored here because it is 177 00:06:53,810 --> 00:06:56,719 readable and the sector, 178 00:06:56,720 --> 00:06:58,879 so it stores a 179 00:06:58,880 --> 00:06:59,880 lot of information. 180 00:07:01,070 --> 00:07:03,409 So, um, some pros and cons 181 00:07:03,410 --> 00:07:05,300 of using like thugs. 182 00:07:07,360 --> 00:07:09,639 Of course, one of the pros is 183 00:07:09,640 --> 00:07:11,979 that it's cheap and it is really 184 00:07:11,980 --> 00:07:14,109 cheap, so if you think about 185 00:07:14,110 --> 00:07:17,289 using for a transportation system, 186 00:07:17,290 --> 00:07:19,389 you have to buy a lot to make, for 187 00:07:19,390 --> 00:07:21,579 example, the multiple ride tickets and 188 00:07:21,580 --> 00:07:23,259 distribute to everyone. 189 00:07:23,260 --> 00:07:25,509 So if it is cheap, I 190 00:07:25,510 --> 00:07:27,189 will personally buy them. 191 00:07:27,190 --> 00:07:29,259 But the other point is 192 00:07:29,260 --> 00:07:31,239 the possibility of creating limited 193 00:07:31,240 --> 00:07:33,609 tickets. So if I want to make 194 00:07:33,610 --> 00:07:34,959 15 rides, take it. 195 00:07:36,280 --> 00:07:38,379 It expires after 15 rides 196 00:07:38,380 --> 00:07:40,509 because the rights are stored in the 197 00:07:40,510 --> 00:07:42,969 OTP. And so, as I told you before, 198 00:07:42,970 --> 00:07:45,129 when you turn all the bits to one, 199 00:07:45,130 --> 00:07:46,329 it is. 200 00:07:46,330 --> 00:07:48,219 You can't do anything more. 201 00:07:48,220 --> 00:07:50,889 And so your ticket is expired. 202 00:07:50,890 --> 00:07:53,259 And so it is good for a transportation 203 00:07:53,260 --> 00:07:54,219 system. 204 00:07:54,220 --> 00:07:57,099 But what the cons 205 00:07:57,100 --> 00:07:59,170 there is no hardware encryption, so 206 00:08:00,670 --> 00:08:02,799 you have to implement a system if 207 00:08:02,800 --> 00:08:04,839 you want to make some encryption to 208 00:08:04,840 --> 00:08:06,369 encrypt your data. 209 00:08:06,370 --> 00:08:09,159 And another con is that 210 00:08:09,160 --> 00:08:11,769 it is not widely implemented, 211 00:08:11,770 --> 00:08:13,899 usually on public 212 00:08:13,900 --> 00:08:15,969 transportation system, so it 213 00:08:15,970 --> 00:08:18,069 could be vulnerable to one of 214 00:08:18,070 --> 00:08:19,209 those attacks. 215 00:08:19,210 --> 00:08:21,279 The rest at the dark lock, a dark 216 00:08:21,280 --> 00:08:23,439 time attack or replay attack, and I will 217 00:08:23,440 --> 00:08:24,440 explain, you know? 218 00:08:25,600 --> 00:08:27,609 So what about those kind of 219 00:08:27,610 --> 00:08:28,610 vulnerabilities? 220 00:08:31,150 --> 00:08:33,908 First one, the rest of that, 221 00:08:33,909 --> 00:08:37,149 it was published in 2011 222 00:08:37,150 --> 00:08:39,969 and expected in San Francisco, 223 00:08:39,970 --> 00:08:42,219 and it works if the rides are stored 224 00:08:42,220 --> 00:08:43,298 in the data sector. 225 00:08:43,299 --> 00:08:46,179 So they are not stored in the OTP 226 00:08:46,180 --> 00:08:49,179 sector, the one I was telling you 227 00:08:49,180 --> 00:08:51,399 before. But in the data sector they want, 228 00:08:51,400 --> 00:08:53,499 which is readable and write about 229 00:08:53,500 --> 00:08:55,450 as you prefer, let's say. 230 00:08:56,980 --> 00:08:58,449 So how to proceed? 231 00:08:58,450 --> 00:09:00,789 Just dump fresh Typekit. 232 00:09:00,790 --> 00:09:03,069 Then when it is expired, you 233 00:09:03,070 --> 00:09:05,049 just write the previous dump on your 234 00:09:05,050 --> 00:09:06,050 ticket. 235 00:09:06,730 --> 00:09:08,379 The data sector is right, the both. 236 00:09:08,380 --> 00:09:09,939 So you can actually write to the same 237 00:09:09,940 --> 00:09:12,249 number of rights you have when it was 238 00:09:12,250 --> 00:09:13,419 new and fresh. 239 00:09:13,420 --> 00:09:15,659 And so just have fun with your 240 00:09:15,660 --> 00:09:18,159 take it. So it is very easy, 241 00:09:18,160 --> 00:09:20,469 but it is hardly a pliable as 242 00:09:20,470 --> 00:09:22,029 it is very well known. 243 00:09:22,030 --> 00:09:24,189 Exploit Tariq Ali speaking. 244 00:09:24,190 --> 00:09:25,190 And 245 00:09:26,860 --> 00:09:28,989 so it is very simple and this 246 00:09:28,990 --> 00:09:29,990 exploit. 247 00:09:30,940 --> 00:09:33,459 This one, the Lock stock, it 248 00:09:33,460 --> 00:09:36,009 has been published in 2013, 249 00:09:36,010 --> 00:09:38,379 so this year and it works 250 00:09:38,380 --> 00:09:40,839 fine if the stamp machine does not check 251 00:09:40,840 --> 00:09:43,029 that a bit of the OTB. 252 00:09:43,030 --> 00:09:45,279 So if their rights are stored 253 00:09:45,280 --> 00:09:46,449 on the RTP sector, 254 00:09:48,010 --> 00:09:50,049 you just have to turn the beat of 255 00:09:51,100 --> 00:09:53,289 Read-Only of the OTB from zero 256 00:09:53,290 --> 00:09:55,419 to one and make it read only. 257 00:09:55,420 --> 00:09:57,489 So stamping machine just 258 00:09:57,490 --> 00:10:00,039 tries to stamp it, but it fails, 259 00:10:00,040 --> 00:10:02,139 and so you will have the same number of 260 00:10:02,140 --> 00:10:03,129 rights left. 261 00:10:03,130 --> 00:10:05,049 So have fun with the IRA because for 262 00:10:05,050 --> 00:10:06,399 life. 263 00:10:06,400 --> 00:10:09,009 And so this is a quick summary. 264 00:10:09,010 --> 00:10:11,619 The stamp machine checks if the 265 00:10:11,620 --> 00:10:13,089 ticket as being stamped. 266 00:10:13,090 --> 00:10:15,159 I don't know, let's say, 90 minutes ago 267 00:10:15,160 --> 00:10:17,349 or a hundred, it depends on the 268 00:10:17,350 --> 00:10:19,329 transportation system. 269 00:10:19,330 --> 00:10:21,429 Then if no, the ticket 270 00:10:21,430 --> 00:10:23,169 is still valid. 271 00:10:23,170 --> 00:10:24,159 Well, yes. 272 00:10:24,160 --> 00:10:26,379 So it is older than that 273 00:10:26,380 --> 00:10:28,719 minutes. And so that machine 274 00:10:28,720 --> 00:10:29,799 tries to stamp that they get 275 00:10:31,030 --> 00:10:33,009 it checks if there are rights left. 276 00:10:33,010 --> 00:10:34,839 No, your ticket is useless. 277 00:10:34,840 --> 00:10:35,859 OK. Yes. 278 00:10:35,860 --> 00:10:37,749 OK. There are rights left, so let's stamp 279 00:10:37,750 --> 00:10:38,950 it. But 280 00:10:40,690 --> 00:10:42,309 it's right that the time stamp right. 281 00:10:42,310 --> 00:10:44,679 Other stuff. And when he tries to 282 00:10:44,680 --> 00:10:46,809 validate and write, the new number of 283 00:10:46,810 --> 00:10:48,279 rights fail. 284 00:10:48,280 --> 00:10:50,559 So there is no feedback way, 285 00:10:50,560 --> 00:10:52,959 and the machine does not know if 286 00:10:52,960 --> 00:10:55,599 it has a stamp that is good or not. 287 00:10:55,600 --> 00:10:57,369 And so you win. 288 00:10:57,370 --> 00:10:59,499 But do not forget 289 00:10:59,500 --> 00:11:01,539 to take one write off because if you have 290 00:11:01,540 --> 00:11:04,209 a five right multiple, 291 00:11:04,210 --> 00:11:05,649 if you have a multiple write ticket with 292 00:11:05,650 --> 00:11:07,839 five rides, you have to take 293 00:11:07,840 --> 00:11:09,939 one off before doing this 294 00:11:09,940 --> 00:11:12,129 procedure because it's not 295 00:11:12,130 --> 00:11:14,109 a good idea to have a fight, writes 296 00:11:14,110 --> 00:11:17,079 Typekit. And still favor over the last 297 00:11:17,080 --> 00:11:18,309 five rights left. 298 00:11:18,310 --> 00:11:20,559 So there is something missing. 299 00:11:20,560 --> 00:11:22,090 So then I forgot this passage. 300 00:11:24,670 --> 00:11:27,369 OK. And this is the time of the stealing 301 00:11:27,370 --> 00:11:29,439 this year and assume you 302 00:11:29,440 --> 00:11:31,869 know where the time of the last stamp 303 00:11:31,870 --> 00:11:34,179 is stored and 304 00:11:34,180 --> 00:11:36,249 the this timestamp is 305 00:11:36,250 --> 00:11:37,719 not encrypted. 306 00:11:37,720 --> 00:11:39,789 So you know, it is in the data 307 00:11:39,790 --> 00:11:42,039 sector and the data sector in readable 308 00:11:42,040 --> 00:11:43,029 and rewritable. 309 00:11:43,030 --> 00:11:45,249 So if you know how to write 310 00:11:45,250 --> 00:11:47,499 the data in that sector, 311 00:11:47,500 --> 00:11:49,629 you can just write by 312 00:11:49,630 --> 00:11:51,039 yourself. 313 00:11:51,040 --> 00:11:53,199 The actual time in the same way. 314 00:11:53,200 --> 00:11:55,569 And so you can invalidate your ticket 315 00:11:55,570 --> 00:11:57,729 without touching the 316 00:11:57,730 --> 00:12:00,069 number of right, the left. 317 00:12:00,070 --> 00:12:02,349 Um, it doesn't change. 318 00:12:02,350 --> 00:12:04,239 And so you are doing this time machine 319 00:12:04,240 --> 00:12:06,459 work, so you have a ticket that you can 320 00:12:06,460 --> 00:12:08,199 stamp whenever you want. 321 00:12:08,200 --> 00:12:10,629 And this is very good 322 00:12:10,630 --> 00:12:12,699 and you are always 323 00:12:12,700 --> 00:12:13,779 a validated ticket. 324 00:12:15,970 --> 00:12:18,039 The last attack just to 325 00:12:18,040 --> 00:12:20,469 our concept because we never applied it, 326 00:12:20,470 --> 00:12:22,779 but assumed that the timestamp 327 00:12:22,780 --> 00:12:24,879 is encrypted and they 328 00:12:24,880 --> 00:12:25,839 are not. 329 00:12:25,840 --> 00:12:27,549 They are used the non universal 330 00:12:27,550 --> 00:12:30,009 parameters. So everything 331 00:12:30,010 --> 00:12:32,109 that is not unique for the thing, 332 00:12:32,110 --> 00:12:34,359 just a key, for example, for Encrypt Your 333 00:12:34,360 --> 00:12:35,360 Ticket, 334 00:12:36,520 --> 00:12:39,249 for example, just use the alias 335 00:12:39,250 --> 00:12:41,319 with a timestamp and the using 336 00:12:41,320 --> 00:12:42,320 a key. You know, 337 00:12:43,600 --> 00:12:45,429 the point is that you can replay the 338 00:12:45,430 --> 00:12:47,139 encrypted timestamp on several tickets. 339 00:12:47,140 --> 00:12:49,479 So if you are, if there are four people 340 00:12:49,480 --> 00:12:51,709 taking that bus, you can just 341 00:12:51,710 --> 00:12:54,039 tap one and share 342 00:12:54,040 --> 00:12:56,139 the result with the other tickets, and it 343 00:12:56,140 --> 00:12:58,509 will still be valid for the 344 00:12:58,510 --> 00:13:00,799 all for tickets. 345 00:13:00,800 --> 00:13:02,739 So it could be 346 00:13:04,210 --> 00:13:06,279 an attack if you don't use 347 00:13:06,280 --> 00:13:08,019 the unique vocal parameters for the 348 00:13:08,020 --> 00:13:09,020 tickets. 349 00:13:09,960 --> 00:13:12,539 So let's come to the conclusion 350 00:13:12,540 --> 00:13:15,569 and of this theoretical part. 351 00:13:15,570 --> 00:13:16,979 And so you have to fix those 352 00:13:16,980 --> 00:13:19,199 vulnerabilities and fix the reset 353 00:13:19,200 --> 00:13:21,389 attack, so rides must not be 354 00:13:21,390 --> 00:13:23,489 stored in that sector as 355 00:13:23,490 --> 00:13:25,139 they could be vulnerable for us at the 356 00:13:25,140 --> 00:13:26,140 back. 357 00:13:27,040 --> 00:13:29,369 Then you have to check the state 358 00:13:29,370 --> 00:13:32,129 of the local beat of the OTP 359 00:13:32,130 --> 00:13:34,439 and in case 360 00:13:34,440 --> 00:13:36,929 not to fall in the 361 00:13:36,930 --> 00:13:38,459 lock attack case. 362 00:13:38,460 --> 00:13:40,709 So to avoid it, you'll have to 363 00:13:40,710 --> 00:13:42,839 check if the Lockerbie state of the 364 00:13:42,840 --> 00:13:44,039 OTB is one of the zero 365 00:13:45,150 --> 00:13:47,009 then to fix the time attack. 366 00:13:47,010 --> 00:13:49,649 You have to encrypt, of course, the 367 00:13:49,650 --> 00:13:51,809 time stamp and to fix 368 00:13:51,810 --> 00:13:53,069 the replay attack. 369 00:13:53,070 --> 00:13:55,469 You have to use a universal 370 00:13:55,470 --> 00:13:58,649 ticket to take, for example, the UIDAI. 371 00:13:58,650 --> 00:13:59,759 That is, you need to call for each 372 00:13:59,760 --> 00:14:00,929 ticket. 373 00:14:00,930 --> 00:14:02,999 And so then 374 00:14:03,000 --> 00:14:05,129 um, he will go on 375 00:14:05,130 --> 00:14:06,929 and explain you the sample, the. 376 00:14:08,620 --> 00:14:09,620 Hello. 377 00:14:16,120 --> 00:14:18,369 OK. And we also 378 00:14:18,370 --> 00:14:20,359 create a sample lib with 379 00:14:21,940 --> 00:14:24,849 which fix all the vulnerabilities with we 380 00:14:24,850 --> 00:14:27,219 find this year there 381 00:14:27,220 --> 00:14:29,439 are a lot of the 382 00:14:29,440 --> 00:14:30,440 sample lib. 383 00:14:32,750 --> 00:14:35,119 OK. Uh, it's just a simple 384 00:14:35,120 --> 00:14:37,309 sample, and that 385 00:14:37,310 --> 00:14:39,619 means that it's not the final year 386 00:14:39,620 --> 00:14:42,229 each vendors should modify it 387 00:14:42,230 --> 00:14:44,779 and use for his own 388 00:14:44,780 --> 00:14:46,909 system because it's very 389 00:14:46,910 --> 00:14:47,899 simple. 390 00:14:47,900 --> 00:14:49,999 OK, these are the functions which 391 00:14:50,000 --> 00:14:52,459 you can find her sample lib. 392 00:14:52,460 --> 00:14:54,589 There is the encryption we use 393 00:14:54,590 --> 00:14:56,659 ice divider, 394 00:14:56,660 --> 00:14:57,679 not them, which 395 00:14:58,850 --> 00:15:01,429 just checks if the ticket is still valid 396 00:15:01,430 --> 00:15:03,679 or not ought to be checks. 397 00:15:03,680 --> 00:15:05,989 If it checks only the 398 00:15:05,990 --> 00:15:08,149 OTP sector is 399 00:15:08,150 --> 00:15:10,009 readable and right about or only read 400 00:15:10,010 --> 00:15:12,109 only the power function is a 401 00:15:12,110 --> 00:15:13,559 power function. 402 00:15:13,560 --> 00:15:15,799 Uh, the one in motto I don't didn't 403 00:15:15,800 --> 00:15:16,800 like it. 404 00:15:17,330 --> 00:15:19,429 Uh, rides 405 00:15:19,430 --> 00:15:21,559 check, check the number of rides left on 406 00:15:21,560 --> 00:15:23,629 the ticket and remove right to remove 407 00:15:23,630 --> 00:15:24,630 the rides. 408 00:15:25,190 --> 00:15:27,139 Um, OK. 409 00:15:27,140 --> 00:15:29,359 These are the basic function for 410 00:15:29,360 --> 00:15:31,639 every secured ticket ticketing system 411 00:15:31,640 --> 00:15:33,439 because and they are not enough. 412 00:15:33,440 --> 00:15:34,519 You will see this later. 413 00:15:36,350 --> 00:15:38,319 It's not. Uh, yes, 414 00:15:41,330 --> 00:15:42,559 this late, OK? 415 00:15:42,560 --> 00:15:44,269 They encrypt the i's function. 416 00:15:44,270 --> 00:15:47,209 Uh, it doesn't require a result. 417 00:15:47,210 --> 00:15:48,210 All right. 418 00:15:48,890 --> 00:15:51,019 In which will be written the 419 00:15:51,020 --> 00:15:53,149 timestamp encrypted, 420 00:15:53,150 --> 00:15:55,309 we use the Unix timestamp 421 00:15:55,310 --> 00:15:57,439 divided by 60 422 00:15:57,440 --> 00:15:59,509 to get the means because usually you 423 00:15:59,510 --> 00:16:01,939 have like 90 100 minutes 424 00:16:01,940 --> 00:16:04,309 of video for each decode and you stamp 425 00:16:04,310 --> 00:16:05,310 it. 426 00:16:05,930 --> 00:16:08,119 Uh, the encryption is ice, uh, 427 00:16:08,120 --> 00:16:09,490 one hundred and twenty eight. 428 00:16:11,710 --> 00:16:14,019 Just some bitcoin 429 00:16:14,020 --> 00:16:15,250 from Silk Road. 430 00:16:16,550 --> 00:16:18,609 And, yes, we buy the 431 00:16:18,610 --> 00:16:19,929 folder is a very strong key 432 00:16:20,950 --> 00:16:23,199 for encryption. You can change it 433 00:16:23,200 --> 00:16:24,339 now. 434 00:16:24,340 --> 00:16:26,489 You can change and 435 00:16:26,490 --> 00:16:28,389 you use also the UID to prevent the 436 00:16:28,390 --> 00:16:29,889 replay attack. 437 00:16:29,890 --> 00:16:32,379 So we just encrypt the timestamp, 438 00:16:32,380 --> 00:16:34,509 plus the UID with the 439 00:16:34,510 --> 00:16:36,639 strong key of a zero one two 440 00:16:36,640 --> 00:16:38,739 three four five six seven and 441 00:16:38,740 --> 00:16:39,740 so on. 442 00:16:40,330 --> 00:16:41,330 Valid or not, 443 00:16:42,400 --> 00:16:44,710 it read, it reads the 444 00:16:45,900 --> 00:16:48,009 the sector from the etiqueta 445 00:16:48,010 --> 00:16:50,499 and check if it's under 100 446 00:16:50,500 --> 00:16:52,689 minutes. This is just fine, but you can 447 00:16:52,690 --> 00:16:55,509 change it as you prefer. 448 00:16:55,510 --> 00:16:57,889 Um, it use the same function of before 449 00:16:57,890 --> 00:16:59,950 to list the 128 the 450 00:17:01,600 --> 00:17:03,069 OTP check. 451 00:17:03,070 --> 00:17:04,929 What did you OTP check is a fundamental 452 00:17:04,930 --> 00:17:07,149 function because the lock attacker is 453 00:17:07,150 --> 00:17:08,259 very, very 454 00:17:09,369 --> 00:17:11,469 useful in almost all cities. 455 00:17:11,470 --> 00:17:13,989 I found it there was 456 00:17:13,990 --> 00:17:15,549 a lock attack in Turin. 457 00:17:15,550 --> 00:17:17,390 If you watch our talk, 458 00:17:18,910 --> 00:17:20,499 there is a lock attack in 459 00:17:22,510 --> 00:17:24,789 Florence, I think, and 460 00:17:24,790 --> 00:17:27,099 also in several other cities in the U.S. 461 00:17:28,119 --> 00:17:30,369 I don't didn't check in German try. 462 00:17:32,750 --> 00:17:34,069 Uh, OK. 463 00:17:34,070 --> 00:17:35,899 Just check if the Autopilot bit is set to 464 00:17:35,900 --> 00:17:38,359 one, is it so it returns 465 00:17:38,360 --> 00:17:40,459 to zero if 466 00:17:40,460 --> 00:17:42,259 it's set to zero zero turns one. 467 00:17:45,090 --> 00:17:47,219 These are just the sample 468 00:17:47,220 --> 00:17:48,220 function. 469 00:17:54,120 --> 00:17:55,019 Which is double. 470 00:17:55,020 --> 00:17:56,020 I don't know why. 471 00:17:57,480 --> 00:17:59,489 OK. Yes, in the sample. 472 00:17:59,490 --> 00:18:01,769 I just use the size of the TV sector. 473 00:18:01,770 --> 00:18:03,899 So just show bytes 474 00:18:03,900 --> 00:18:04,900 so you can have a 475 00:18:06,300 --> 00:18:08,609 maximum 16 writes per ticket. 476 00:18:08,610 --> 00:18:10,769 You can easily change it to get 477 00:18:10,770 --> 00:18:12,359 through right. 478 00:18:12,360 --> 00:18:14,010 Depends on your needed 479 00:18:15,780 --> 00:18:17,329 remove rights. Remove rights. 480 00:18:19,200 --> 00:18:21,659 Just change your OTP sector to 481 00:18:21,660 --> 00:18:23,769 from zero to one. 482 00:18:23,770 --> 00:18:26,459 It means that if you have six rights, 483 00:18:26,460 --> 00:18:27,779 you can have 15. 484 00:18:27,780 --> 00:18:29,249 Just turning one. 485 00:18:29,250 --> 00:18:32,359 Yes. Just turning one zero to one. 486 00:18:32,360 --> 00:18:34,799 And that's then it to check 487 00:18:34,800 --> 00:18:36,989 the number of zeros left to see 488 00:18:36,990 --> 00:18:37,990 the number of rights left. 489 00:18:41,230 --> 00:18:43,689 OK, you need to use the ATP function 490 00:18:43,690 --> 00:18:45,819 check because it's not included in the 491 00:18:45,820 --> 00:18:47,619 move, right? So use of. 492 00:18:50,270 --> 00:18:52,369 Yes, the image of him before. 493 00:18:52,370 --> 00:18:54,439 Let me see if I have a favorite 494 00:18:54,440 --> 00:18:56,599 favored time find writes at 495 00:18:56,600 --> 00:18:59,569 you have always five writes, then 496 00:18:59,570 --> 00:19:01,339 if they control your ticket, they say, 497 00:19:01,340 --> 00:19:02,869 OK, it's stupid, but you have five, 498 00:19:02,870 --> 00:19:04,280 right? That's not good. 499 00:19:05,810 --> 00:19:06,810 That's up in it. 500 00:19:07,850 --> 00:19:08,850 Yeah. 501 00:19:09,680 --> 00:19:10,699 OK. Why? 502 00:19:10,700 --> 00:19:13,150 It's not really, really secure to sleep. 503 00:19:14,450 --> 00:19:16,609 There is some problems with the 504 00:19:16,610 --> 00:19:18,019 NFC in general 505 00:19:19,040 --> 00:19:20,040 and the ultralight. 506 00:19:21,830 --> 00:19:23,149 All the security features are on the 507 00:19:23,150 --> 00:19:25,699 ticket, so you rely all the trust 508 00:19:25,700 --> 00:19:26,629 on the client. 509 00:19:26,630 --> 00:19:28,279 That's usually not so good. 510 00:19:29,360 --> 00:19:31,639 RFID frequency could be jam, so 511 00:19:31,640 --> 00:19:33,829 you can stop all the 512 00:19:33,830 --> 00:19:36,049 validation of your 513 00:19:36,050 --> 00:19:38,389 bass or whatever you want. 514 00:19:38,390 --> 00:19:40,609 And for four 515 00:19:40,610 --> 00:19:42,889 company, you can type a statistics or 516 00:19:42,890 --> 00:19:45,379 something very useful for marketing and 517 00:19:45,380 --> 00:19:46,380 blah blah blah. 518 00:19:47,540 --> 00:19:49,789 This could be enough secure 519 00:19:49,790 --> 00:19:51,999 for little transportation systems or 520 00:19:52,000 --> 00:19:54,419 only bus or something like that, like 521 00:19:54,420 --> 00:19:56,929 the little town like mine. 522 00:19:56,930 --> 00:19:59,359 But if you have a big transportation 523 00:19:59,360 --> 00:20:01,759 system like here in Hamburg or in Turin 524 00:20:01,760 --> 00:20:04,279 or Milan or whatever, 525 00:20:04,280 --> 00:20:06,020 you should use an online database, 526 00:20:07,520 --> 00:20:09,949 online database and Frobisher between all 527 00:20:09,950 --> 00:20:11,030 the stamping machines 528 00:20:12,230 --> 00:20:14,359 here, you should write that you would of 529 00:20:14,360 --> 00:20:16,579 somebody gets so you can check 530 00:20:16,580 --> 00:20:18,769 if someone use the ticket 531 00:20:18,770 --> 00:20:20,839 more than you should 532 00:20:21,890 --> 00:20:23,569 the right left for each ticket. 533 00:20:23,570 --> 00:20:25,639 So you always know how many 534 00:20:25,640 --> 00:20:27,739 rights are left on the ticket. 535 00:20:27,740 --> 00:20:30,409 You can blacklist the tickets for 536 00:20:30,410 --> 00:20:31,940 Akari with the ticket or 537 00:20:33,050 --> 00:20:35,149 update the encryption key for the 538 00:20:35,150 --> 00:20:37,279 stamping machine. So if someone stole 539 00:20:37,280 --> 00:20:39,389 you a stamping machine to reverse 540 00:20:39,390 --> 00:20:41,569 the file more, you can update 541 00:20:41,570 --> 00:20:43,759 a key and say Good 542 00:20:43,760 --> 00:20:45,859 bye to this machine and 543 00:20:45,860 --> 00:20:48,019 you have company stats which are 544 00:20:48,020 --> 00:20:49,489 quite useful. 545 00:20:49,490 --> 00:20:52,039 Now I show you the little example 546 00:20:52,040 --> 00:20:53,659 of a sample lib. 547 00:20:53,660 --> 00:20:56,389 Using this is just an Arduino one 548 00:20:56,390 --> 00:20:58,460 with other fruit and fizzy shield. 549 00:20:59,570 --> 00:21:02,359 If you want to replicate our results, 550 00:21:02,360 --> 00:21:04,699 we will update the sample label. 551 00:21:04,700 --> 00:21:07,369 The sketch of our adrenal 552 00:21:07,370 --> 00:21:09,529 and also the other fruit labor 553 00:21:09,530 --> 00:21:12,199 with some feature to work with 554 00:21:12,200 --> 00:21:13,609 with me favorites, right? 555 00:21:13,610 --> 00:21:15,859 Because it usually works only or mi 556 00:21:15,860 --> 00:21:17,089 plastic. 557 00:21:17,090 --> 00:21:18,170 Don't use me focus. 558 00:21:19,610 --> 00:21:20,610 OK. 559 00:21:21,120 --> 00:21:23,519 Just a second. I don't like Windows. 560 00:21:23,520 --> 00:21:24,520 How does it work? 561 00:21:28,200 --> 00:21:29,200 She's. 562 00:21:31,240 --> 00:21:32,240 OK. 563 00:21:33,160 --> 00:21:34,160 Are we? 564 00:21:35,780 --> 00:21:36,890 Do you see no. 565 00:21:45,820 --> 00:21:46,869 Now you see, no. 566 00:21:48,020 --> 00:21:49,020 And this. 567 00:21:53,550 --> 00:21:54,550 OK. 568 00:21:56,290 --> 00:21:57,789 Open, this means open. 569 00:21:59,540 --> 00:22:02,519 Let's try with the first example. 570 00:22:02,520 --> 00:22:04,769 Which is on the 571 00:22:04,770 --> 00:22:05,770 bend, right? 572 00:22:08,400 --> 00:22:09,400 Should be this one. 573 00:22:11,770 --> 00:22:12,910 Uh, oh, shit. 574 00:22:14,260 --> 00:22:15,260 OK. 575 00:22:16,600 --> 00:22:18,759 Those eyes leave the time and 576 00:22:18,760 --> 00:22:20,919 basically, oh yes, the base64 577 00:22:20,920 --> 00:22:23,079 is just to encode the result of 578 00:22:23,080 --> 00:22:24,459 encryption. 579 00:22:24,460 --> 00:22:26,439 I would like to thank you everybody who 580 00:22:26,440 --> 00:22:28,509 developed these libs because I use them 581 00:22:28,510 --> 00:22:29,650 and patch something 582 00:22:31,090 --> 00:22:32,589 and I don't like. 583 00:22:32,590 --> 00:22:34,929 I don't like to congratulate with the one 584 00:22:34,930 --> 00:22:36,739 who create might met. 585 00:22:36,740 --> 00:22:37,740 Dot H. 586 00:22:38,610 --> 00:22:40,229 Bad delivers for our doing. 587 00:22:41,310 --> 00:22:42,310 OK, let's try. 588 00:22:45,300 --> 00:22:47,459 This is a blank 589 00:22:47,460 --> 00:22:48,609 me favorite writing it. 590 00:22:49,710 --> 00:22:51,219 Just bow first. 591 00:22:51,220 --> 00:22:52,220 The long of. 592 00:22:56,090 --> 00:22:57,090 I hope that works. 593 00:23:08,740 --> 00:23:09,740 Yes. 594 00:23:15,920 --> 00:23:17,370 To be OK. 595 00:23:19,340 --> 00:23:21,889 If I throw it out, 596 00:23:21,890 --> 00:23:24,019 the ticket is still valid because 597 00:23:24,020 --> 00:23:25,879 I just dump it before you give me another 598 00:23:25,880 --> 00:23:26,880 ticket. 599 00:23:28,790 --> 00:23:29,790 I don't know. 600 00:23:30,790 --> 00:23:33,229 Thematic, this is our transport 601 00:23:33,230 --> 00:23:34,230 safety ticket. 602 00:23:35,510 --> 00:23:37,099 Don't look at it. I don't know if there 603 00:23:37,100 --> 00:23:38,360 are some rides left me. 604 00:23:39,830 --> 00:23:41,809 They still worried you could. 605 00:23:44,810 --> 00:23:47,779 It gave me a blank Typekit 606 00:23:47,780 --> 00:23:48,780 done. 607 00:23:50,830 --> 00:23:51,830 Jesus. 608 00:23:56,760 --> 00:23:58,829 The last minute issues. 609 00:24:03,470 --> 00:24:04,470 Jesus. 610 00:24:05,260 --> 00:24:06,260 Just a second, please. 611 00:24:26,220 --> 00:24:27,220 What? 612 00:24:33,100 --> 00:24:34,100 I8. 613 00:24:40,110 --> 00:24:41,769 Oh, OK. 614 00:24:41,770 --> 00:24:42,770 That's right. 615 00:24:43,890 --> 00:24:46,499 OK, now it was 616 00:24:46,500 --> 00:24:47,500 and. 617 00:24:52,390 --> 00:24:54,799 As you can see it, just check if 618 00:24:54,800 --> 00:24:56,919 you saw me fail to write ticket 619 00:24:56,920 --> 00:24:59,289 the number of rights left, remove 620 00:24:59,290 --> 00:25:01,719 a right and stop the ticket. 621 00:25:01,720 --> 00:25:03,969 If you look at the look 622 00:25:03,970 --> 00:25:06,039 at the function, first 623 00:25:06,040 --> 00:25:08,199 of all. Oh, OK, 624 00:25:09,490 --> 00:25:10,749 these rules, OK? 625 00:25:10,750 --> 00:25:12,969 First of all, it checks if it valid 626 00:25:12,970 --> 00:25:15,339 or not, theoretically, then 627 00:25:15,340 --> 00:25:16,299 it checks the OTP. 628 00:25:16,300 --> 00:25:18,279 If you are to be, is rewritable, if not, 629 00:25:18,280 --> 00:25:20,439 exit, then check the number 630 00:25:20,440 --> 00:25:21,609 of rights left. 631 00:25:21,610 --> 00:25:23,739 If it's bigger than zero, it's 632 00:25:23,740 --> 00:25:25,899 gone and then it 633 00:25:25,900 --> 00:25:28,119 removed right. And then the 634 00:25:28,120 --> 00:25:30,459 the the timestamp. 635 00:25:30,460 --> 00:25:32,529 Now just a final example to 636 00:25:32,530 --> 00:25:34,089 read what is written on the ticket. 637 00:25:35,200 --> 00:25:36,200 He also. 638 00:25:38,680 --> 00:25:39,680 I can't. 639 00:25:53,820 --> 00:25:54,549 OK. 640 00:25:54,550 --> 00:25:56,309 Just just to read all the pages on the 641 00:25:56,310 --> 00:25:57,310 record. 642 00:26:10,840 --> 00:26:12,939 As you can see, your trip now is 643 00:26:12,940 --> 00:26:14,979 not zero zero zero zero zero zero zero 644 00:26:14,980 --> 00:26:17,329 zero zero zero zero zero zero eight 645 00:26:17,330 --> 00:26:18,789 zero zero zero. 646 00:26:18,790 --> 00:26:20,889 If you transform it in binary, 647 00:26:20,890 --> 00:26:23,769 there is one zero zero zero zero zero. 648 00:26:23,770 --> 00:26:26,379 Then there is the encrypted timestamp 649 00:26:26,380 --> 00:26:28,519 encoded in base64, divided by 650 00:26:28,520 --> 00:26:30,609 two for performance 651 00:26:30,610 --> 00:26:32,919 stuff and just 652 00:26:32,920 --> 00:26:34,509 one last thing. 653 00:26:34,510 --> 00:26:36,520 If you use an Arduino, you should have 654 00:26:37,720 --> 00:26:40,239 a clock because Arduino 655 00:26:40,240 --> 00:26:42,189 doesn't have a real time clock. 656 00:26:42,190 --> 00:26:44,559 If you and if you unplug it 657 00:26:44,560 --> 00:26:46,539 and plug it again, it was at the 658 00:26:46,540 --> 00:26:47,739 timestamp. 659 00:26:47,740 --> 00:26:49,959 So that's the only problem 660 00:26:49,960 --> 00:26:52,119 with Arduino and the soul 661 00:26:52,120 --> 00:26:53,169 if you have any questions. 662 00:26:53,170 --> 00:26:55,269 Oh yes, just 663 00:26:55,270 --> 00:26:56,880 oh yeah, the. 664 00:26:59,570 --> 00:27:00,570 OK. OK. 665 00:27:02,430 --> 00:27:04,499 And so 666 00:27:04,500 --> 00:27:05,219 if you 667 00:27:05,220 --> 00:27:08,189 appreciated our work, we love bitcoin 668 00:27:08,190 --> 00:27:09,190 and the 669 00:27:10,590 --> 00:27:12,689 donations are accepted if you want to 670 00:27:12,690 --> 00:27:14,849 implement those libraries. 671 00:27:14,850 --> 00:27:17,009 And I don't know, you want to 672 00:27:17,010 --> 00:27:18,749 make a small donation, please 673 00:27:18,750 --> 00:27:20,879 also not donation launch. 674 00:27:20,880 --> 00:27:23,459 Yeah, it's breakfast 675 00:27:23,460 --> 00:27:24,059 and 676 00:27:24,060 --> 00:27:25,019 everything is good. 677 00:27:25,020 --> 00:27:27,149 And and just let us know if 678 00:27:27,150 --> 00:27:30,119 you find any bugs exploited 679 00:27:30,120 --> 00:27:32,459 and something you want to come to next 680 00:27:32,460 --> 00:27:34,379 see to exploit our labor. 681 00:27:34,380 --> 00:27:35,380 Anything? 682 00:27:36,090 --> 00:27:37,090 OK, thank you. 683 00:27:42,640 --> 00:27:44,019 Thank you very much, guys. 684 00:27:44,020 --> 00:27:45,789 And two questions from the audience or 685 00:27:45,790 --> 00:27:46,790 from the single engine. 686 00:27:48,850 --> 00:27:49,990 One question number one. 687 00:27:51,190 --> 00:27:53,469 Yes. Have you considered the threat 688 00:27:53,470 --> 00:27:53,829 of the 689 00:27:53,830 --> 00:27:56,709 Chinese clone guards, 690 00:27:56,710 --> 00:27:58,179 including the 691 00:27:58,180 --> 00:28:00,339 program? Will programable UID? 692 00:28:01,960 --> 00:28:03,519 Yes, there is some prob. 693 00:28:03,520 --> 00:28:05,679 That's why I called our 694 00:28:05,680 --> 00:28:07,869 labor enough secure. 695 00:28:07,870 --> 00:28:10,029 If you use an online database, you 696 00:28:10,030 --> 00:28:11,889 should avoid also this problem because 697 00:28:11,890 --> 00:28:14,049 you have are you with 698 00:28:14,050 --> 00:28:16,509 the owner of every 699 00:28:16,510 --> 00:28:18,849 ticket which are in 700 00:28:18,850 --> 00:28:19,809 whitelist? 701 00:28:19,810 --> 00:28:22,359 So if you have a random we 702 00:28:22,360 --> 00:28:24,489 or our program or who I.D., you 703 00:28:24,490 --> 00:28:27,279 can blacklist it and make it 704 00:28:27,280 --> 00:28:28,719 unusable. 705 00:28:28,720 --> 00:28:30,399 That's why it's enough secure. 706 00:28:30,400 --> 00:28:32,649 It's not completely secure. 707 00:28:32,650 --> 00:28:35,109 Thank you. There is also a project them 708 00:28:35,110 --> 00:28:37,179 of and 709 00:28:37,180 --> 00:28:39,309 very nice guy called 710 00:28:39,310 --> 00:28:41,559 timore something I don't remember, 711 00:28:41,560 --> 00:28:44,319 which last year here at CTC 712 00:28:44,320 --> 00:28:46,539 present an artwork called 713 00:28:46,540 --> 00:28:48,249 The Chameleon. 714 00:28:48,250 --> 00:28:50,409 I think which it's 715 00:28:50,410 --> 00:28:52,539 very useful to emulate Typekit 716 00:28:52,540 --> 00:28:54,699 and change your ID and everything 717 00:28:54,700 --> 00:28:55,839 you want. 718 00:28:55,840 --> 00:28:58,029 We want to meet him if anyone 719 00:28:58,030 --> 00:29:00,399 knows him and ask about 720 00:29:00,400 --> 00:29:02,349 my favorite right support and something 721 00:29:02,350 --> 00:29:03,350 like that. 722 00:29:05,260 --> 00:29:07,509 The question, OK, one final 723 00:29:07,510 --> 00:29:08,510 question, 724 00:29:11,230 --> 00:29:12,699 OK, OK. 725 00:29:12,700 --> 00:29:15,309 Do you have your decrypting 726 00:29:15,310 --> 00:29:18,389 them with the same key every 727 00:29:18,390 --> 00:29:20,589 time you have to pair in 728 00:29:20,590 --> 00:29:21,590 your 729 00:29:22,120 --> 00:29:23,439 sorry, can you repeat 730 00:29:23,440 --> 00:29:26,119 your trip? You are decrypting. 731 00:29:26,120 --> 00:29:28,389 You are encrypting the your DNA 732 00:29:28,390 --> 00:29:30,549 times compare with the same key all 733 00:29:30,550 --> 00:29:31,599 of the time. 734 00:29:31,600 --> 00:29:33,339 So you have the same. 735 00:29:33,340 --> 00:29:35,289 You have different plaintext, the 736 00:29:35,290 --> 00:29:37,539 encrypted of the same key. 737 00:29:37,540 --> 00:29:39,249 You have no ivy or something. 738 00:29:39,250 --> 00:29:41,409 We yes, we use the same 739 00:29:41,410 --> 00:29:43,839 key every time we just change timestamp 740 00:29:43,840 --> 00:29:45,339 the UAW same. 741 00:29:45,340 --> 00:29:48,249 And that's why it's enough secure because 742 00:29:48,250 --> 00:29:49,659 if you have an online database, you can 743 00:29:49,660 --> 00:29:50,589 update the keys. 744 00:29:50,590 --> 00:29:51,819 That's why. 745 00:29:51,820 --> 00:29:53,559 Yeah, but suggest that 746 00:29:53,560 --> 00:29:56,289 if you have, let's say 747 00:29:56,290 --> 00:29:58,989 you use a cat two to two times 748 00:29:58,990 --> 00:30:01,329 and we did dump it every time. 749 00:30:01,330 --> 00:30:03,579 You have to try twice 750 00:30:03,580 --> 00:30:04,719 a try at two 751 00:30:06,520 --> 00:30:08,619 ciphertext encrypted the same key, 752 00:30:08,620 --> 00:30:10,479 which isn't huge security problem. 753 00:30:11,680 --> 00:30:13,269 Yes, you should, if you are. 754 00:30:13,270 --> 00:30:14,619 I don't understand that really. 755 00:30:14,620 --> 00:30:16,449 The question if you want, we can speak 756 00:30:16,450 --> 00:30:18,909 about it after the talk 757 00:30:18,910 --> 00:30:20,710 because we're out of time. 758 00:30:22,960 --> 00:30:23,919 All right. 759 00:30:23,920 --> 00:30:25,569 Let's give them another warm round of 760 00:30:25,570 --> 00:30:27,540 applause. Thank you very much, guys.