09:10 - 09:30
20min

Opening

15:00 - 15:30
30min

Break

Available
A
Tainan Art Museum Building 2
Performing Arts Theatre
10:30 - 10:40
10min

Short break

A - Tainan Art Museum Building 2 - Performing Arts Theatre
12:00 - 13:30
90min

Lunch

A - Tainan Art Museum Building 2 - Performing Arts Theatre
Available
G
Good-Ideas Studio
11:30 - 13:00
90min

Lunch

G - Good-Ideas Studio
Available
W
Wu Garden
Former Tainan Assembly Hall
12:00 - 13:00
60min

Lunch

W - Wu Garden - Former Tainan Assembly Hall
Available
C1
C-Hub
1F
11:30 - 13:00
90min

Lunch

C1 - C-Hub - 1F
Day1
Fri, Dec 4 2020
16:30 - 17:00
G - Good-Ideas Studio

Open-source your own NHI card agent

When tech people dive in some more
Open island
Talk
Mandarin

abstract

2020年初武漢肺炎在全球爆發大流行,健保署推出了口罩實名購買制度,確保了民眾可以買到口罩來保護自己,其中線上預購的認證方式使用健保卡或者自然人憑證來進行實名身份驗證,除了口罩實名制之外,同樣的驗證程式也用於線上報稅等其他服務。

健保卡會在電腦上安裝一個 web 服務,作為瀏覽器與晶片卡讀卡機的溝通媒介,由於軟體品質不佳,以及好奇是否存在漏洞,因此對健保卡 agent 進行了逆向工程,以瞭解程式的架構以及 protocol 運作細節。

在進行了深入的研究後,成功的還原了 agent 與伺服器驗證健保卡的流程。我以 Python 實作了一個跨平臺的 agent 替代品,並且避開了前述的漏洞與缺陷。

在這個議程我們將會介紹這個 protocol 是如何運作的、部分的軟體缺陷、逆向與重新實作的整個過程。

keywords:開源軟體, 健保卡, 資訊安全
Howard Wu
Moderator
Howard Wu / 臺南
Goodideas-Studio, the Host

Launches a IT working space, and focus the topic to software. Doing free training program for people who want to be a developer. Dedicates to building Tainan, the city of Southern Taiwan to become a IT light tower and a manufacturer of producing quality developer in Taiwan. Builds an online platform of “Mask Inventory Map” in 2020.

Inndy Lin
Inndy Lin / Taipei
奧義智慧科技

Inndy Lin is a cyber security researcher, focuses on malware and APT research. He loves reverse engineering, open source, Python and malware analysis. He had presented his research in BlackHat, HITCON, ROOTCON.

CC by 4.0 - g0v Summit 2020
g0v FacebookJoin g0v Slackg0v TwitterSource Codeg0v Summit 2020 Email