Closed abattistello-secpat closed 3 months ago
Thanks for the interest but the chip to chip security feature was removed back in commit 26392366cd9723826b915506e28c5a8c046d63ab, mid 2023.
I will close this: please feel free to re-open if there is more to discuss.
Up to tag v1.2.0, the example code provided for the chip 2 chip security, does not mention a session counter, or alternatively some random nonce used to differentiate one session from another. It thus seems possible to replay previous messages exchanged during a legitimate session, to reissue the same commands.