How to obtain credit card data using Bluetooth
FUZE Card Introduction
FUZE is an IoT device that is the same size as an ordinary credit card. You can use the smartphone App and connect via Bluetooth to program the FUZE card. In order to facilitate users to manage and configure credit cards, BrilliantTS has also released an application called eCARD Manager. When you need to make a payment, you need to select the credit card to use in the mobile app. After the selection is successful, the FUZE card will be equivalent to the credit card you selected.
However, through research, it was found that the security of the card addition and use process is not reliable. To a certain extent, FUZE does deploy some security protection measures. When setting up FUZE for the first time, you need to enter a Six-digit password, but this step can be skipped. Once you configure your passcode, your device will remain locked until you unlock it manually or until your phone is near the card. While locked, you cannot access the data on the card or program the magnetic strip. It also offers an advanced security mode where the card can only be used if the user's phone is connected to it via Bluetooth.
X-ray scanning hardware structure
Unlike common IoT devices, the thickness of the FUZE card is less than one millimeter, so in order to understand the internal structure of the device, Optical scanning is the most suitable. The scanned structure diagram is as follows:
We can see that the main chip is a microcontroller, an e-Paper driver and a Bluetooth SoC, and the motherboard Many functions are not yet used, including NFC and EMV (functional support will be provided later).
Bluetooth protocol reverse analysis
For the FUZE card, the Bluetooth interface is the main target of our reverse analysis. For this purpose, the tools I want to use are as follows:
1. An Android phone;
2. Burp Suite (optional);
3. Wireshark shelled Perl script;
4. Gatttool/BlueZ;
If you want to perform black-box testing on Bluetooth devices, an Android phone is essential. Not only can we monitor Bluetooth communication traffic on the phone, but we can also directly disassemble the Java bytecode. As an HTTP proxy, Burp can intercept API requests between Android Apps and backend servers. The Android chip has a function called "HCI snoop log", which users can turn on in the developer settings menu. This function allows us to save all information about Bluetooth activities in a file, which contains all interaction information between the App and the device. Wireshark can read HCI snoop log information and perform basic filtering and analysis on it. In order to semi-automate the export of data to a text file, here we use a Perl script. Finally, gatttool or other BlueZ tools can be used to perform the most direct penetration analysis of the device and understand the protocol messages.
Reverse FUZE
As we all know, BLE’s pairing protocol is vulnerable, and most devices will implement additional security protection based on it ,. Likewise, FUZE will not send data to any unpaired device or use BLE connection layer encryption. Therefore, gatttool cannot send a request to FUZE without pairing, so I plan to use the Android-based reverse analysis method:
1. Turn on the Bluetooth HCI snoop function on Android;
2. Interact with the FUZE card in the App;
3. Use adb to export HCI logs to PC;
4. Use Wireshark for analysis;
5. Filter and export the data to text;
6. Use Perl script to parse the data;
The reverse analysis results of Wireshark are as follows:
The best thing about HCI snoop is that the data it captures is plaintext data before encryption by the hardware Bluetooth chip, which contains certain ASCII strings and protocol data formats.
Exploitation and PoC
Note: If an attacker can capture the pairing session between the device and the App, the pairing digital PIN code of the FUZE card can be cracked through a brute force attack. of.
First, we need to use bluetoothctl to scan the device and pair it with it:
1. Start bluetoothctl: sudo bluetoothctl;
2. Enable agent client (for pairing): agent on;
3. Scanning device: scan on;
4. After scanning to the FUZE card, disable scanning: scan off;
5. Pair with FUZE card: pair
6. Enter the numeric PIN code displayed on the device;
7. Disconnect: disconnect
Next, we can use gatttool to send commands to the card:
1. Start gatttool: sudo gatttool -I -b
2. Connect device: connect;
3. Subscribe to notifications: char-write-req 1b 0100;
4 . Send command: char-write-req 18
The command we sent is as follows:
The first command can be bypassed Through the lock screen function of the device, the first credit card number, expiration date and CVV in the device can be read the next day.
Summary
There was Apple Pay and Samsung Pay before, and there was FUZE smart card later. The entire payment industry is trying its best to realize it. Cardless payment, although I personally don’t think Bluetooth credit cards have much practical significance, but since it already exists, we must find ways to ensure its security.
Recommended related articles and tutorials: Web server security
The above is the detailed content of How to obtain credit card data using Bluetooth. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1387
52
Use ddrescue to recover data on Linux
Mar 20, 2024 pm 01:37 PM
DDREASE is a tool for recovering data from file or block devices such as hard drives, SSDs, RAM disks, CDs, DVDs and USB storage devices. It copies data from one block device to another, leaving corrupted data blocks behind and moving only good data blocks. ddreasue is a powerful recovery tool that is fully automated as it does not require any interference during recovery operations. Additionally, thanks to the ddasue map file, it can be stopped and resumed at any time. Other key features of DDREASE are as follows: It does not overwrite recovered data but fills the gaps in case of iterative recovery. However, it can be truncated if the tool is instructed to do so explicitly. Recover data from multiple files or blocks to a single
Open source! Beyond ZoeDepth! DepthFM: Fast and accurate monocular depth estimation!
Apr 03, 2024 pm 12:04 PM
0.What does this article do? We propose DepthFM: a versatile and fast state-of-the-art generative monocular depth estimation model. In addition to traditional depth estimation tasks, DepthFM also demonstrates state-of-the-art capabilities in downstream tasks such as depth inpainting. DepthFM is efficient and can synthesize depth maps within a few inference steps. Let’s read about this work together ~ 1. Paper information title: DepthFM: FastMonocularDepthEstimationwithFlowMatching Author: MingGui, JohannesS.Fischer, UlrichPrestel, PingchuanMa, Dmytr
How to turn on Bluetooth in vivo phone
Mar 23, 2024 pm 04:26 PM
1. Swipe up at the bottom of the screen to bring up the control center, as shown below. Click the Bluetooth switch to turn on Bluetooth. 2. We can connect to other paired Bluetooth devices or click [Search Bluetooth Device] to connect to a new Bluetooth device. Remember to turn on [Detectability] when you want other friends to search for your phone and connect to Bluetooth. Switch. Method 2. 1. Enter the mobile phone desktop, find and open settings. 2. Pull down the [Settings] directory to find [More Settings] and click to enter. 3. Click to open [Bluetooth] and turn on the Bluetooth switch to turn on Bluetooth.
How to use Excel filter function with multiple conditions
Feb 26, 2024 am 10:19 AM
If you need to know how to use filtering with multiple criteria in Excel, the following tutorial will guide you through the steps to ensure you can filter and sort your data effectively. Excel's filtering function is very powerful and can help you extract the information you need from large amounts of data. This function can filter data according to the conditions you set and display only the parts that meet the conditions, making data management more efficient. By using the filter function, you can quickly find target data, saving time in finding and organizing data. This function can not only be applied to simple data lists, but can also be filtered based on multiple conditions to help you locate the information you need more accurately. Overall, Excel’s filtering function is a very practical
There is no Bluetooth module in win11 system device manager
Mar 02, 2024 am 08:01 AM
There is no Bluetooth module in the device manager of win11 system. When using Windows 11 system, sometimes you will encounter the situation that there is no bluetooth module in the device manager. This may bring inconvenience to our daily use, because Bluetooth technology has become very common in modern society, and we often need to use it to connect wireless devices. If you can't find the Bluetooth module in the device manager, don't worry, here are some possible solutions for you: 1. Check the hardware connection: First, make sure you actually have a Bluetooth module on your computer or laptop. Some devices may not have built-in Bluetooth functionality, in which case you need to purchase an external Bluetooth adapter to connect. 2. Update the driver: Sometimes the reason why there is no Bluetooth module in the device manager is because of the driver.
Google is ecstatic: JAX performance surpasses Pytorch and TensorFlow! It may become the fastest choice for GPU inference training
Apr 01, 2024 pm 07:46 PM
The performance of JAX, promoted by Google, has surpassed that of Pytorch and TensorFlow in recent benchmark tests, ranking first in 7 indicators. And the test was not done on the TPU with the best JAX performance. Although among developers, Pytorch is still more popular than Tensorflow. But in the future, perhaps more large models will be trained and run based on the JAX platform. Models Recently, the Keras team benchmarked three backends (TensorFlow, JAX, PyTorch) with the native PyTorch implementation and Keras2 with TensorFlow. First, they select a set of mainstream
Slow Cellular Data Internet Speeds on iPhone: Fixes
May 03, 2024 pm 09:01 PM
Facing lag, slow mobile data connection on iPhone? Typically, the strength of cellular internet on your phone depends on several factors such as region, cellular network type, roaming type, etc. There are some things you can do to get a faster, more reliable cellular Internet connection. Fix 1 – Force Restart iPhone Sometimes, force restarting your device just resets a lot of things, including the cellular connection. Step 1 – Just press the volume up key once and release. Next, press the Volume Down key and release it again. Step 2 – The next part of the process is to hold the button on the right side. Let the iPhone finish restarting. Enable cellular data and check network speed. Check again Fix 2 – Change data mode While 5G offers better network speeds, it works better when the signal is weaker
How to solve the problem of Harry Potter curse swap not using Bluetooth
Mar 21, 2024 pm 04:30 PM
Harry Potter: Magic Awakening has recently added a spell exchange function, which requires players to use Bluetooth or WiFi to exchange spells. Some players find that they cannot use Bluetooth exchange, so how can they use Bluetooth to exchange spells? ? Next, the editor will bring you a solution to the problem that Harry Potter spells cannot be exchanged using Bluetooth. I hope it can help you. Solution to Harry Potter Spell Exchange Not Using Bluetooth 1. First, players need to find the Spell Exchange in the library, and then they can use Bluetooth or WiFi to exchange. 2. Click Use Bluetooth, and it prompts that you need to download a new installation package, but it has been downloaded before, and some players become confused. 3. In fact, players can download the new installation package by going to the store. For ios, they can go to the Apple store to update. For Android, they can download it.
