An automated toolkit to analyze secure hardware, and build user-verifiable hardware profiles. SCRUTINY provides high-level frameworks to verify profiles against reference and produce detailed HTML reports. For now, SCRUTINY is capable of Java Card analysis and verification.
SCRUTINY will run set of open-source tools to gather information about your smart card. The information will be parsed and united into JSON profile. Such profile can be compared to reference, producing verification JSON profile, which can be transformed to HTML report, easily readable by a human.
$ git clone https://github.com/crocs-muni/scrutiny.git
$ python -u setup_script.py
$ python -u measure_javacard.py Supposedly_NXP_P60
$ python -u verify.py --profile results/Supposedly_NXP_P60.json --reference database/NXP_P60.json -o NXP_P60_Verification.json
$ python -u report_html.py -v NXP_P60_Verification.json -o NXP_P60_Verification_Report.html
Run any of the scripts with -h/--help to show detailed usage instructions.
Python 3.8 with PIP, Java Runtime Environment.
SCRUTINY is limited by the tools it depends on. Selection from multiple connected smart cards in the measurement script is not supported. Please, have at most one card connected to the PC while performing SCRUTINY Measure for Java Cards.