Need to implement new BankID protocol

[samuellb]

FriBID currently implements an old version of BankID from around 2009. A new version of BISP (the proprietary counterpart of FriBID) which was released during the spring 2014 implements a new network protocol, and the old version is being phased out.

If FriBID does not implement the new protocol soon it will likely become useless sometime during 2015 (some services are already beginning to not work with FriBID). see the red items on this list: http://wiki.fribid.se/sidor/Banker_och_tj%C3%A4nster#Tj.C3.A4nster

I've begun reverse engineering the new protocol, but I expect it will probably take a few months at least. Here's my progress so far: http://wiki.fribid.se/sidor/BankID-Cava

[josla972]

The Mac OS X binary could be interesting to look at as well. With the information from these links I unpacked the .pkg and did some research inspired by the wiki:

https://stackoverflow.com/questions/11298855/how-to-unpack-and-pack-pkg-file https://stackoverflow.com/questions/8712352/linux-mach-o-disassembler

if you do "strings BankID", you'll find that OpenSSL is definitely linked in the binary.

Regarding the encrypted communication could it perhaps be possible that BankID cava is doing similar off the record messaging as pidgin?

This theory is consistent with the use of SHA1 and ECDH: "OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function. " https://en.wikipedia.org/wiki/Off-the-Record_Messaging

This would make sense from a security perspectivThe Mac OS X binary could be interesting to look at as well. With the information from these links I unpacked the .pkg and did some research inspired by the wiki:

https://stackoverflow.com/questions/11298855/how-to-unpack-and-pack-pkg-file https://stackoverflow.com/questions/8712352/linux-mach-o-disassembler

if you do "strings BankID", you'll find that OpenSSL is definitely linked in the binary.

Regarding the encrypted communication could it perhaps be possible that BankID cava is doing similar off the record messaging as pidgin?

This theory is consistent with the use of SHA1 and ECDH: "OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function. " https://en.wikipedia.org/wiki/Off-the-Record_Messaging

[samuellb]

Thanks for the info :) A year ago or so I actually unpacked the pkg file but the binary inside it seemed to be encrypted. I haven't looked further into it but here's some info on encrypted OSX binaries. It seems that the decryption key is "hidden" in OSX (which I don't have, being a Linux user :) ).

http://osxbook.com/book/bonus/chapter7/binaryprotection/

And yes they could be using something similar to OTR, but it at least not standard OTR since the messages don't conform to the standard:

https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html (see D-H Commit Message)

[josla972]

Hmm, at least "strings" worked fine for me, so everything in the binary can hardly be encrypted. I'll read more about the binary protection later. Sadly, nm from GNU binutils which I built for Mac OS X binaries (I am also a Linux user) could not find any symbols.