Culture

Money for Nothing, Chips for Free

After 25 years it's finally time to tell this story.

Phrack Issue 72
Release date : date: 2025-08-19
Title : Money for Nothing, Chips for Free
Author : Peter Honeyman

How a team of academic hackers discovered bugs in a widely deployed smart card payment protocol, kept them secret (until now!), and turned what they learned into parties, papers, conferences, and advanced degrees.

Money for Nothing, Chips for Free at Phrack

Photos of some of the devices can be found at CITI: Projects : Smart Cards : Leon Devices

Culture

• Argus Camera Museum
• At the Drive-In Movie
• Bill Kennedy
• Bill Knapp's, For a Snack or a Meal
• Bison Boys
• Chelsea Demolition Derby 2001
• Counterfeit M&M's^®
• Dead Communists
• Detroit/Windsor Fireworks 2003
• Diners
• Dinner With the Governor
• The Flame Goes Out
• Heman Allen
• I hate Jerry Lee Lewis
• Joint House Marching Band
• Kick Out the Jams
• Lowrider Car Show 1999
• Lunar Eclipse, November 2003
• Michigan State Fair 2003
• My Grandparents' House
• Neon Cowboys
• Oktoberfest 2006
• Ozone Parade 1972
• Rees family web site
• Safety Girl TV Show
• Shopping Cart Race 1998
• Shopping Cart Race 2002
• Spam Mail From Some Flounder
• Surfin' the Spillway
• Tiki Bars
• Toilet Mobile
• Too Many Teardrops
• What's In My iPod?

Science and Technology

Home

• Bikes and Cars
• Bike Lights
• Cellphones
• Cheap Powered Speaker for iPod
• Guitars
• Hallicrafters 505
• Home-made battery
• LED Lights

Computers and Software

• 3Com Audrey
• Afs token passing over ssh
• Apollo Archive
• Apollo dn3000 Emulator
• Asus eee pc 701
• Disable resolvconf
• dnlights
• Gateway Handbook 486
• Linux Contributions
• nfs-utils patch
• PalmPilot Stuff
• Slimserver
• Tektronix 4014
• Thinkpad 701c
• Thinkpad 240
• Thinkpad x40
• Thinkpad x120e
• Thinkpad x220
• Toposh T163
• Toposh T101
• Tunnel dns Around Network Blockages
• Tunnel nfs v3 over ssh
• Other Computers
• Uniclick xterm
• USENIX Program Schedule Loader
• Where's my grub config file?
• Wii Battlezone
• xfishtank

CITI

• pNFS Block Layout Client
• Linux pNFS Kernel Development
• NFS Version 4 Open Source Reference Implementation
• Ten Machine
• ASC/ICSI Linux NFSv4 Alpha Code
• pkinit
• ITSS Security Training Course
• The Virtual Soldier
• Linux NFS Client Performance Project
• Smart Cards (check out the Webcard and Palmreader)
• HAL2001 Smartcard Workshop
• AFS for Very High Speed Networks
• Secure Videoconferencing
• Video File Server
• Mobile Computing
• AuthPGP
• DCE

Other UM

There are plenty of basic ways to misuse and compromise kerberos, starting with the obvious: ask for a kerberos password using an html form. – Marcus Watts

• Networking and Security Research Group
• NCIBI

Publications

My Erdős Number is four, via honey.

• Address Resolution Statistics (IETF 81, Quebec City, July 2011)
• Doing More With Less: End-to-End Consistent IPv4 Address Sharing (IFIP/IEEE International Symposium on Integrated Network Management, Dublin, Ireland, May 2011)
• Clouseau Evaluation for Peer-to-Peer Transfer Operations (CITI Tech Report 09-1)
• IP and ARP over ISO 7816 (Internet Draft)
• Improving AFS Performance via Selective Caching and Native ATM AAL5 (CITI Tech Report 01-3)
• Webcard: a Java Card web server (IFIP CARDIS 2000)
• Secure Distributed Virtual Conferencing: Multicast or Bust (CMS 1999)
• SCFS: A UNIX Filesystem for Smartcards (1st USENIX Smartcard Workshop)
• Implementation of a Provably Secure, Smartcard-based Key Distribution Protocol (IFIP CARDIS 1998)
• Secure Videoconferencing (7th USENIX Security Symposium)
• Guest Editor, Computing Systems, Fall 1995 issue on Mobile Computing.
• Joining Security Realms: A Single Login for Netware and Kerberos (5th USENIX Security Symposium)
• The Little Work Project (3rd Workshop on Workstation Operating Systems)
• Third-Party Authentication in the Institutional File System (CITI Tech Report 92-1)
• A Dynamically Extensible Streams Implementation (Summer 1987 USENIX)
• An Extensible I/O System (Summer 1986 USENIX)
• AT&T's RFS and Sun's NFS: A Comparison of Heterogeneous Distributed File Systems, UNIX/World Magazine, December 1985 p. 38 (with Mark J. Hatch and Micheal Katz)

Press

• New smart card can hold a Web server, Ann Arbor News, 28 October 1999