DS1991 MultiKey iButton Dictionary Attack

Dallas Semiconductor's (now Maxim Integrated Products) iButton devices are hardware tokens deployed globally in applications such as cashless transactions, stored-value debit/electronic wallets, software copyright protection, user authentication, and access control. Each dime-sized device contains a 64-bit unique identifier and various sizes of memory storage.

The DS1991 makes use of three distinct passwords to protect three secure data areas within the device. The discovered vulnerability, detailed in this advisory, potentially allows an attacker to determine the passwords used to protect these secure areas, thus gaining access to the protected data. Depending on the application, such data could include financial information, data representing monetary units, or user registration/identification information.

Severity: An attacker can perform a dictionary attack against the DS1991 to determine the password used to protect the data within the device.

Security Advisory: DS1991 MultiKey iButton Dictionary Attack Vulnerability (CVE-2001-1436)

This tool performs a dictionary attack against the 3 subkey passwords and, if successful, retrieves all private data stored in the subkey area.

Platforms: Win 95/98/NT/2K

Tool: DS1991 iButton Dictionary Attack Tool

Originally published as an @stake Security Advisory.