Home
Michał Leszczyński
Cancel

Setting up EV Code Signing on Google HSM with FIPS 140-2 Level 2 compliance and attestation proof

Many Certificate Authorities had recently tightened the requirements for using EV Code Signing Certificates. The industry standard is now that you need to either host your certificate’s private key...

NFC tags with asymmetric cryptography (RSA/ECC) and their advantages

As of mid 2021, the market of NFC tags is dominated with the solutions that are either using symmetric cryptography (AES) or are missing cryptographic features at all. It is possible to cover lots ...

Open-source implementation of Secure Unique NFC Messaging backend

NTAG 424 DNA is a new NXP product which features Secure Unique NFC Message. From the user perspective, this is an ordinary NFC Forum Type 4 Tag that could point to some web address after it’s scann...

Proof of concept: Over-the-air Top-up with MIFARE DESFire EV1 cards

When studying MIFARE DESFire EV1 communication, one may notice that these cards offer both secure AES authentication and the Secure Messaging feature. This means that some operations (sometimes) c...

Meltdown and Spectre explained: Processor hacking (PL)

“Processor hacking” blog post series recently published on “Zaufana Trzecia Strona” is an attempt to show a logical string between processor optimizations and existence of Meltdown and Spectre atta...

Communication between Android Host-based Card Emulation and a microprocessor system with NFC transceiver frontend

During a thug life of an engineer it may occur that you will need to estabilish communication between Android HCE (Host-based Card Emulation) and your legacy microprocessor system. In my case it wa...

Adjacency list - mapping of coordinates to a single dimensional array

Today I was asked via IRC about how to implement adjacency list in C. My idea and implementation will be shown below. Suppose that we want to keep adjacency information of $N$ vertices (numbers fr...

Analysis of Przelewy24 mobile payment library from the security point of view (PL)

Przelewy24 is a polish payment gateway service. Recently I’ve discovered major security problems in their official libraries dedicated for Android, iOS and Windows Phone. The original text (in poli...

An algorithm for offline electronic rental door lock

Few days ago I’ve seen that one company is producing a strange kind of electronic door handles. Such devices could be unlocked by inputting a correct PIN code using a classical 10-digit keyboard. T...

Playing with Gothic Virtual File System (VDFS)

Introduction When I was playing Gothic someday around the year 2010, I was pretty interested in how the game engine actually works. The entry point of consideration was arbitrarily chosen vdfs32g.d...