SLE4442 hacking

From TAMI
Jump to: navigation, search

Breaking SLE4442 is rather simple. It's a card which contents can always be dumped, and written upon after successfully presenting a 3-byte security code (PSC).

The method is simple, sniff a legitimate write on the target environment, and then write to the card using a simple ACR38U device.

Sniffing

At the target environment we'll need to be mobile with a logic analyzer. Currently the most accessible option is using a Bus Pirate in logic analyzer mode, for the stuff we need it should be enough. The Bus Pirate is not a proper logic analyzer, but it can capture 4K samples, and is known to work properly with I2C traffic running at 400kHz clock. The SLE4442 runs on a 50kHz clock, so we should definitely be fine.

References