Opening
Break
Short break
Lunch
Lunch
Lunch
Lunch
Open-source your own NHI card agent
abstract
2020年初武漢肺炎在全球爆發大流行,健保署推出了口罩實名購買制度,確保了民眾可以買到口罩來保護自己,其中線上預購的認證方式使用健保卡或者自然人憑證來進行實名身份驗證,除了口罩實名制之外,同樣的驗證程式也用於線上報稅等其他服務。
健保卡會在電腦上安裝一個 web 服務,作為瀏覽器與晶片卡讀卡機的溝通媒介,由於軟體品質不佳,以及好奇是否存在漏洞,因此對健保卡 agent 進行了逆向工程,以瞭解程式的架構以及 protocol 運作細節。
在進行了深入的研究後,成功的還原了 agent 與伺服器驗證健保卡的流程。我以 Python 實作了一個跨平臺的 agent 替代品,並且避開了前述的漏洞與缺陷。
在這個議程我們將會介紹這個 protocol 是如何運作的、部分的軟體缺陷、逆向與重新實作的整個過程。
Launches a IT working space, and focus the topic to software. Doing free training program for people who want to be a developer. Dedicates to building Tainan, the city of Southern Taiwan to become a IT light tower and a manufacturer of producing quality developer in Taiwan. Builds an online platform of “Mask Inventory Map” in 2020.
Inndy Lin is a cyber security researcher, focuses on malware and APT research. He loves reverse engineering, open source, Python and malware analysis. He had presented his research in BlackHat, HITCON, ROOTCON.