Published on


Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. RFID Vulnerabilities, Flaws and Exploits Mauro Risonho de Paula Assumpção Backtrack Brazil [email_address] NÃO ENVIADO AO EVENTO
  2. 2. What is RFID? <ul><li>Radio Frequency Identification </li></ul><ul><li>Identification devices where the interface for communication with the reader is wireless </li></ul><ul><li>It encompasses the physical layer and communication protocols for identification devices (people, goods comsume, animals, etc.) </li></ul><ul><li>May be proprietary or standardized </li></ul>
  3. 3. Main types <ul><li>Memory cards with access control </li></ul><ul><ul><li>Main applications are: ticketing in public transport and physical access control </li></ul></ul><ul><ul><li>Memory is divided into sectors where each sector is protected by an encryption key </li></ul></ul><ul><ul><li>Operates at 13.56 MHz with a maximum range for reading / writing to 10cm </li></ul></ul><ul><ul><li>Mifare standard card is the ISO14443 series </li></ul></ul>
  4. 4. Main types <ul><li>Proximity cards for physical access control </li></ul><ul><ul><li>Besides the Mifare, there are several others also known as proximity cards </li></ul></ul><ul><ul><li>Contactless cards from a proprietary format: </li></ul></ul><ul><ul><ul><li>Indala, HID iClass, HID Prox and other </li></ul></ul></ul><ul><ul><li>Operating in the 125MHz band with short-range </li></ul></ul>
  5. 5. Main types <ul><li>Cryptographic cards </li></ul><ul><ul><li>There are also cards with contactless cryptographic coprocessor </li></ul></ul><ul><ul><li>Can have both interfaces (contact and contactless) </li></ul></ul><ul><ul><li>We also support the standard ISO14443 </li></ul></ul>
  6. 6. Where the fun begins ... A little more on the Mifare
  7. 7. Mifare Classic <ul><li>Structure of memory </li></ul><ul><ul><li>16 sectors </li></ul></ul><ul><ul><li>4 blocks per sector (one block = 16 bytes) </li></ul></ul><ul><ul><li>Control access by individual sector </li></ul></ul><ul><ul><ul><li>Key A and Key B </li></ul></ul></ul><ul><ul><ul><li>Access conditions </li></ul></ul></ul><ul><ul><li>Each key has 48 bits </li></ul></ul><ul><ul><li>Serial number + manufacturer information are hardcoded in the block 0/setor 0 </li></ul></ul>
  8. 8. Mifare Classic <ul><li>Structure of memory </li></ul>Blocks Sector
  9. 9. Mifare Classic <ul><li>Serial number </li></ul><ul><ul><li>4 or 7 bytes static (hardcoded) </li></ul></ul><ul><ul><li>7 random bytes, where each new channel of communication established with the reader a new serial number is generated </li></ul></ul>
  10. 10. Mifare Classic <ul><li>Block diagram </li></ul>
  11. 11. Mifare Classic <ul><li>Main components </li></ul><ul><ul><li>Interface RF </li></ul></ul><ul><ul><li>Anti-collision: allows interaction of two or more cards with a single reader (ISO 14443) </li></ul></ul><ul><ul><li>Authentication: controls access to any region of memory </li></ul></ul><ul><ul><li>ALU (Arithmetic Logic Unit): manages the operations of addition / subtraction when the card stores values in memory </li></ul></ul><ul><ul><li>Crypto: algorithm implementation CRYPTO1 (stream cipher) to establish secure channel between card and reader </li></ul></ul>
  12. 12. Mifare Classic <ul><li>3-step authentication </li></ul><ul><ul><li>The reader specifies the sector to be accessed and used the A or B key to access this </li></ul></ul><ul><ul><li>The card reads the key sent by the reader and encrypt a random number which is sent to the reader (challenge card) <Passing 1> </li></ul></ul><ul><ul><li>The reader decrypts the challenge using the same card key </li></ul></ul>
  13. 13. Mifare Classic <ul><li>Authentication three steps (continued) </li></ul><ul><ul><li>The reader returns to the card number along with a new decoded random number encrypted by the reader (the reader challenge) <Passing 2> </li></ul></ul><ul><ul><li>The card checks the decrypted number compared to the same that was previously sent </li></ul></ul>
  14. 14. Mifare Classic <ul><li>Authentication 3 steps (continued) </li></ul><ul><ul><li>The card decrypts the challenge and sends the reader back to the reader <Passing 3> </li></ul></ul><ul><ul><li>The reader checks the response returned by the card </li></ul></ul><ul><ul><li>At the end of this process is established an encrypted communications channel between card and reader </li></ul></ul>
  15. 15. Mifare Classic <ul><li>Card Access </li></ul><ul><ul><li>Set of commands supported by the card's owner and are programmed into the chip reader </li></ul></ul><ul><ul><li>An application interacts with the card using a specific bilbioteca of NXP which is linked directly with the controller chip reader </li></ul></ul>
  16. 16. Reading Mifare cards
  17. 17. Reading Mifare cards <ul><li>Tools </li></ul><ul><ul><li>Contactless reader (HID Omnikey 5321) </li></ul></ul><ul><ul><li>Opensource library for interaction with readers and contactless devices - Librfid ( / projects / librfid /) </li></ul></ul><ul><ul><li>Sample of a blank card Mifare 1K </li></ul></ul>
  18. 18. Reading Mifare cards <ul><li>Protocol Mifare Classic </li></ul><ul><li>Size: 1024 bytes </li></ul><ul><li>Authenticating sector 0: mifare auth succeeded! </li></ul><ul><li>Reading sector 0 </li></ul><ul><li>Reading block 0: Page 0x0: d4 0f 01 ac 76 88 04 00 47 c1 1e 38 65 00 48 05 </li></ul><ul><li>Reading block 1: Page 0x1: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 </li></ul><ul><li>Reading block 2: Page 0x2: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 </li></ul><ul><li>Reading block 3: Page 0x3: 00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff </li></ul><ul><li>Authenticating sector 1: mifare auth succeeded! </li></ul><ul><li>Reading sector 1 </li></ul><ul><li>Reading block 4: Page 0x4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 </li></ul><ul><li>Reading block 5: Page 0x5: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 </li></ul><ul><li>Reading block 6: Page 0x6: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 </li></ul><ul><li>Reading block 7: Page 0x7: 00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff </li></ul><ul><li>Authenticating sector 2: mifare auth succeeded! </li></ul><ul><li>And so for the other sectors and blocks ... </li></ul>número de série dados Chave A Chave B Access cond. bits
  19. 19. Reading Mifare cards <ul><li>The Mifare card reading blank was only possible because he was set up with keys (A and B) standard </li></ul><ul><li>A card, such as the “Bilhete Único” could not be read or changed (Used in Bus - Brazil) </li></ul>
  20. 20. Safety aspects
  21. 21. Safety aspects <ul><li>Mifare card security is supported by the proprietary algorithm CRYPTO1 </li></ul><ul><li>First work was done by Karsten Nohl, &quot;Starbug and Henryk Plötz the Chaos Communication Camp 2007 in Berlin </li></ul><ul><li>The CRYPTO1 was the focus of this first analysis of the Mifare cards </li></ul><ul><li>The operation of CRYPTO1 was deduced through reverse engineering </li></ul>
  22. 22. Safety aspects <ul><li>Vulnerabilities CRYPTO1 </li></ul><ul><ul><li>Time dependence of the random number generator allows control of the numbers to be generated </li></ul></ul><ul><ul><li>Only 16 bits of the 32 bits used to authenticate three steps are in fact random </li></ul></ul><ul><ul><li>Reverse Engineering by observation of the chip allowed to deduct the functioning of CRYPTO1 </li></ul></ul>
  23. 23. Safety aspects <ul><li>Operation CRYPTO1 </li></ul>
  24. 24. Safety aspects <ul><li>Other articles which were published on the security of Mifare cards </li></ul><ul><ul><li>A Practical Attack on the MIFARE Classic – CARDIS 2008, LNCS 5189, pp. 267–282, 2008. </li></ul></ul><ul><ul><li>Dismantling MIFARE Classic – ESORICS 2008, LNCS 5283, pp. 97–114, 2008. </li></ul></ul>
  25. 25. Safety aspects <ul><li>The attacks made so far, allowed the creation of clones of smart cards using auxiliary equipment </li></ul><ul><li>It was also possible to manipulate the contactless communication channel in order to observe the data traffic </li></ul>
  26. 26. Safety aspects
  27. 27. Safety aspects
  28. 28. DEMO
  29. 29. Safety aspects <ul><li>The security problems are pointed out related to the fragility of CRYPTO1 </li></ul><ul><li>The attacks shown not to apply for PKI smart cards, such as electronic passports </li></ul>
  30. 30. References
  31. 31. References <ul><li>ISO 14443-1 / 2 / 3 </li></ul><ul><li>NXP - Mifare functional specification (2008) </li></ul><ul><li>Mifare Security. Karsten Nohl, &quot;Starbug&quot; e Henryk Plötz </li></ul><ul><li>A Practical Attack on the MIFARE Classic. Gerhard de Koning Gans, Jaap-Henk Hoepman, and Flavio D. Garcia. </li></ul><ul><li>Dismantling MIFARE Classic. Flavio D. Garcia, Gerhard de Koning Gans, Ruben Muijrers, Peter van Rossum, Roel Verdult, Ronny Wichers Schreur, and Bart Jacobs </li></ul>