Nahuel Grisolia. RFID Workshop.


Published on

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Nahuel Grisolia. RFID Workshop.

  1. 1. RFID Security WorkshopNahuel GrisolíaPHDays III, 23-24 May 2013Moscow,
  2. 2. •  Daytime job at an Insurance Company in Buenos Aires, AR•  (Web) Application Security specialist & enthusiast•  Many vulnerabilities discovered in Open Source and Commercialsoftware: Vmware, Websense, OSSIM, Cacti, McAfee, Oracle VM, etc.•  Gadgets and Electronics Lover (RFID!)•  EC-Council C|EH, CompTIA Security+ and Private Pilot License••••
  3. 3. Motivationfrom The Hacker Ethic and the Spirit of the Information Age…Pekka HimanenEnthusiastic, passionate attitude to the work that isenjoyedCreativity, wish to realize oneself and ones ability,often in teams that are formed spontaneously (projectorientation)Wish to share ones skills with a community havingcommon goals3
  4. 4. Motto v2…4
  5. 5. 1.  What is true about RFID?2.  What is NOT true about RFID?3.  Real Life Examples?4. RFID Hardware!  Operating Frequencies (LF, HF, UHF)!  Active vs. Passive Tags!  Types, Shapes, Sizes and Colors!5. LibNFC!  What?!  Compatible Devices!  Resources!  Examples of usage6.  Proxmark3!  What?!  Community Forum!  Examples of usageAgenda5
  6. 6. 7.  Low Frequency Tags!  Intro!  Types!  Examples of Emulation & Cloning!  Bypassing a Door Lock8.  High Frequency Tags!  Intro!  NXP Mifare"  What?"  Practical Applications9. Mifare Classic!  Memory Organization!  Access Keys and Bits, Security"  Crypto1!  Well-known attacks"  mfoc, mfcuk, crapto110. Use Cases!  Real World Examples using Mifare Classic!  Public Transport in Argentina using Mifare Classic11. Resources & more…Agenda6
  7. 7. Intro… But necessary…
  8. 8. What is true about RFID?RFID is a generic term that is used to describe a system that transmits the identity (in theform of a unique serial number) of an object or person wirelessly, using radio waves. Itsgrouped under the broad category of automatic identification technologies.RFID stands for Radio-Frequency IDentification. The acronym refers to electronic devicesthat consist of a small chip and an antenna.RFID devices will work within a few cm. of the scanner. For example, you could just putall of your groceries or purchases in a bag, and set the bag on the scanner. It would be ableto query all of the RFID devices and total your purchase immediately.8
  9. 9. What is true about RFID?A typical RFID tag consists of a microchip attached to a radioantenna mounted on a substrate.To retrieve the data stored on an RFID tag, you need a reader. Atypical reader is a device that has one or more antennas that emitradio waves and receive signals back from the tag.The reader then passes the information in digital form to a mastersystem.9Note: not always true - the reader might be a self-contained system, doinglogic (eg. check if card/tag authorized) and actions (eg. unlock the door, buzzthe buzzer, light the led) on its own without master system
  10. 10. Some common problems with RFID are reader collision and tagcollision.Reader collision occurs when the signals from two or more readersoverlap.The tag is unable to respond to simultaneous queries. Systems must becarefully set up to avoid this problem.Tag collision occurs when many tags are present in a small area; butsince the read time is very fast, it is easier for vendors to developsystems that ensure that tags respond one at a time.Other Problems: low computing power, no RTC on tags, bad RNG ontags, critical timing requirements, low bandwidth, etc.)What is true about RFID?10
  11. 11. NFC (Near Field Communication) is an open platform technologystandardized in some ISO specs, specifying modulations schemes,coding, transfer speeds, data exchange methods (NDEF – sort of MIME- by NFC Forum), etc.Form/subset of RFID (Radio Frequency IDentification) given that isuses radio waves for identification purposes.NFC works at 13.56 MHz in accordance with inductive couplingprinciples and allows communications at very short ranges (a few cm).It provides Card Emulation, Peer-to-Peer and Reader/Writer mode.What is true about NFC?11
  12. 12. NDEF Standard (NFC Data Exchange Format)NFC-Forum Tags:– Type 1: Innovision Topaz/Jewel (ISO14443-3A)– Type 2: NXP Mifare Ultralight (ISO14443-3A)– Type 3: Sony FeliCa– Type 4: ISO7816-4 on ISO14443-4 A or B(e.g. DesFire EV1)What is true about NFC?12
  13. 13. What is true about NFC?13#  Define and Stabilize Technology#  Develop standards that ensure interoperability among devices andservices#  Encourage the development of products within NFC ForumSpecs.#  Educate the Market#  Ensure that NFC products follow NFC Forum Specs.#  Promote End User usageNFC Forum Mission
  14. 14. What is NOT true about RFID?14
  15. 15. What is NOT true about RFID?15
  16. 16. What is NOT true about RFID?16
  17. 17. What is NOT true about RFID?I can clone any card!Muehehe…Well… not that much… =)125KHz~135KHz RFID Card Copier / Duplicator (1 x 6F22/9V)17
  18. 18. What is NOT true about RFID?I’m fully featured!!…18
  19. 19. Real Life Examples?Electronic Payments, Physical Access tobuildings, Tolls, Passports, Medical Suppliesand Equipment Tracking,Clothes, almost everywhere!19
  20. 20. Real Life Examples?Electronic Payments, Physical Access tobuildings, Tolls, Passports, Medical Suppliesand Equipment Tracking,Clothes, almost everywhere!20
  21. 21. Real Life Examples?21
  22. 22. Real Life Examples?22
  23. 23. Hardware
  24. 24. RFID HardwareA Radio-Frequency IDentification system has three basicparts:• A transponder - the RFID tag - that has been programmedwith information.• A scanning antenna• A transceiver with a decoder to interpret the dataThe scanning antenna puts out radio-frequency signals in a relatively short range.The RF radiation does two things:It provides a means of communicating with the transponder (the RFID tag) ANDIt provides the RFID tag with the energy to communicate (in the case of passive RFID tags).How does RFID work?24
  25. 25. When an RFID tag passes through the field of the scanning antenna,it detects the activation signal from the antenna. That “powers-up"the RFID chip, and it transmits the information on its microchip to bepicked up by the scanning antenna.In addition, the RFID tag may be of one of two types:$ Active RFID tags have their own power source; the advantage ofthese tags is that the reader can be much farther away and still getthe signal. Even though some of these devices are built to have upto a 10 year life span, they have limited life spans.$ Passive RFID tags, however, do not require batteries, and can bemuch smaller and have a virtually unlimited life span.RFID HardwareHow does RFID work?25
  26. 26. Because RFID systems generate and radiate electromagnetic waves, they arejustifiably classified as radio systems. The function of other radio services mustunder no circumstances be disrupted or impaired by the operation of RFIDsystems.It is particularly important to ensure that RFID systems do not interfere withnearby radio and television, mobile radio services (police, security services,industry), marine and aeronautical radio services and mobile telephones.The need to exercise care with regard to other radio servicessignificantly restricts the range of suitable operating frequenciesavailable to an RFID system.RFID HardwareRadio Regulation26
  27. 27. It is usually only possible to use frequency ranges thathave been reserved specifically for industrial, scientific ormedical applications or for short range devices.These are the frequencies classified worldwide as ISMfrequency ranges (Industrial-Scientific-Medical) or SRD(Short Range Device) frequency ranges, and they can alsobe used for RFID applications.Frequency RangesRFID Hardware27
  28. 28. Frequency RangesRFID Hardware28
  29. 29. It’s all About Tags…
  30. 30. An RFID tag is an active tag when it is equipped with a battery thatcan be used as a partial or complete source of power for the tagscircuitry and antenna.Some active tags contain replaceable batteries for years of use; othersare sealed units. (Note that It is also possible to connect the tag to anexternal power source.)Generally operate in UHF.Active RFID TagRFID Hardware30
  31. 31. Active RFID tags may have all or some of the following features:$ longest communication range of any tag$ the capability to perform independent monitoring and control$ the capability of initiating communications$ the capability of performing diagnostics$ the highest data bandwidth$ active RFID tags may even be equipped with autonomousnetworking; the tags autonomously determine the bestcommunication path.Active RFID TagRFID Hardware31
  32. 32. The major advantages of an active RFID tag are:$  It can be read at distances of one hundred meters or more, greatly improving the utility ofthe device.$  It may have other sensors that can use electricity for power.The problems and disadvantages of an active RFID tag are:$  The tag cannot function without battery power, which limits the lifetime of the tag.$  The tag is typically more expensive, often costing $20 or more each.$  The tag is physically larger, which may limit applications.$  The long-term maintenance costs for an active RFID tag can be greater than those of apassive tag if the batteries are replaced.$  Battery outages in an active tag can result in expensive misreads.Active RFID TagRFID Hardware32
  33. 33. A passive tag is an RFID tag that does not contain a battery; the power is supplied by by the readers EMfield.The tag enters a magnetic field when it’s near the reader’s field.The tag draws power from it, energizing the circuits in the tag.The tag then sends the information (by load modulation, varying its resistance and therefore itsconsumption of energy) encoded in the tags memory.The reader is able to do a variation of energy in order to communicate with the tag.Passive RFID TagRFID Hardware33
  34. 34. The major disadvantages of a passive RFID tag are:$  The tag can be read only at very short distances, typically a few meters at most.$  This greatly limits the device for certain applications.$  It may not be possible to include sensors that can use electricity for power.$  The tag remains readable for a very long time, even after the product to which the tag is attached hasbeen sold and is no longer being tracked.The advantages of a passive tag are:$  The tag functions without a battery; these tags have a useful life of twenty years or more.$  The tag is typically much less expensive to manufacture$  The tag is much smaller (some tags are the size of a grain of rice). These tags have almost unlimitedapplications in consumer goods and other areas.Passive RFID TagRFID Hardware34
  35. 35. Tags, cards, key rings, wristbands and more!RFID Hardware35
  36. 36. Tags, cards, key rings, wristbands and more!VeriChip human ID implant.RFID Hardware36
  37. 37. Tags, cards, key rings, wristbands and more! Classic (13.56 MHz) tag assortment - 1KBRFID Hardware37
  38. 38. Tags, cards, key rings, wristbands and more!Kodak has filed this patent application forRFID tagged capsules that could beswallowed to track activity in a patient’sdigestive system.Monitor a patient’s medication history, or totransmit other medical information to a nearbyRF data collector.Potential to reduce the need for invasivemedical proceduresEnsure that patients take the proper dosage oftheir medicines.RFID Hardware38
  39. 39. Low Frequency TagsLow-frequency RFID systems are typically 125 KHz, though there aresystems operating at 134 KHz as well. This frequency band provides ashorter read range (< 0.5m) and slower read speed than the higherfrequencies.LF RFID systems have the strongest ability to read tags on objects withhigh water or metal content compared to any of the higher frequencies.LF systems tend to be less sensitive to interference than higher frequencyoptions.Typical low-frequency RFID applications are access control, animaltracking, vehicle immobilizers, healthcare applications, productauthentication and various point-of-sale applications.39
  40. 40. Low Frequency Tags40
  41. 41. High Frequency TagsThe ISO/IEC 14443 standard is a four-part international standard forcontact-less smart cards operating at 13.56 MHz in close proximity(~10cm) with a reader antenna.This ISO standard describes the modulation and transmissionprotocols between card and reader to create interoperability forcontact-less smart card products.There are two main communication protocols supported by theISO/IEC 14443 standard, they are addressed as Type A and Type B.41
  42. 42. High Frequency TagsISO/IEC 14443 Type ANear Field Communication devices implement native support forISO14443-A tags. The NFC Forum refers to these tags as Type 1and Type 2 tags.The Anti-Collision describes the initialization messages used toset up a communication channel and to retrieve the identifier andsupported features from a tag.During the anti-collision phase, three or four different frames arereceived from a tag (ATQA, UID, SAK and optional ATS).42
  43. 43. High Frequency TagsThe ATQA, SAK and ATS values can be used toidentify the manufacturer, tag type and application.By the way, its not recommended to rely on ATQA dueto potential collision when more than one target are inthe field.These values can be used to identify the manufacturer,tag type and application.43
  44. 44. High Frequency Tags44
  45. 45. Software!
  46. 46. LibNFCIt’s an Open Source library for Near Field Communication (NFC).“libnfc is the first libre low level NFC SDK and Programmers API released under theGNU Lesser General Public License.”It provides complete transparency and royalty-free use for everyone.
  47. 47. All major operating systems are supported, including GNU/Linux, Mac OS X and Windows. Compilation should work outof the box on POSIX-systems. (YEAH! TRUE! :)This library supports various NFC hardware devices: dongles,flat and OEM devices.The library currently supports modulations for ISO/IEC 14443(A and B), FeliCa, Jewel tags and Data Exchange Protocol (P2P)as target and as initiator. ¿And Emulation…?LibNFCWhat?47
  48. 48. Manufacturer ProductNFCControllerHost bus Depends Driver Tested SupportSCMMicrosystemsSCL3710 PN531 v4.2 USB libusb PN53X_USB YES YESSCL3711 PN533 v2.7 USB libusb PN53X_USB YES YESLibNFCCompat, Dongle48
  49. 49. Manufacturer ProductNFCControllerHost bus Depends Driver Tested SupportASK LoGO PN533 v2.7 USB libusb PN53X_USB YES LIMITEDACS ACR122U101 PN532 v1.4 USB PCSC ACR122 YES LIMITEDACR122U206 PN532 v1.4 USB PCSC ACR122 YES LIMITEDtikitag ACR122U102 PN532 v1.4 USB PCSC ACR122 YES LIMITEDtouchatag ACR122U102 PN532 v1.4 USB PCSC ACR122 YES LIMITEDLibNFCCompat, Flat49
  50. 50. LibUSB and PC/SClibusb is a C library that gives applications easy access to USBdevices on many different operating systems.libusb is an open source project, the code is licensed under the ​GNULesser General Public License version 2.1 or later.libusb latest release doesnt support officially Microsoft Windows dueto lack of knowledgeable developers on that platform.Middleware to access a smart card using SmartCard API (PC/SC).pcsc-tools on GNU/Linux & OSXSource code available from:
  51. 51. Two Cool Readers1. Proprietary Driver = PC/SC2. libNFC, no driver (! libusb)3. ifdnfc (beta, opensource PC/S)./configure --with-drivers=pn53x_usb,acr122_pcsc51
  52. 52. Libnfc examples52
  53. 53. Proxmark
  54. 54. The Proxmark III is a device developed by Jonathan Westhuesthat enables sniffing (both ways), reading, writing, emulating andcloning of RFID (Radio Frequency Identification) tags.He wanted to look at the communication of Mifare Classic cards.He made an implementation of the ISO14443 type A standard forthe Proxmark since Mifare is based on this communicationstandard.The findings of this research are published on as APractical Attack on the Mifare ClassicProxmark3What?54
  55. 55. Proxmark3
  56. 56. Proxmark3
  57. 57. Proxmark3 Freq Antenna57
  58. 58. Proxmark3 Freq Antenna58
  59. 59. Proxmark3125Khz and 13.56Mhzantennas info“Hardware Development” not forget to “tune” your antenna… -> hw tune59
  60. 60. Proxmark3The Proxmark III firmware has been modified to allow more commands:Connected units:1. SN: ChangeMe [bus-0/.libusb0-0001--0x9ac4-0x4b8f]proxmark3> hfhelp This help14a { ISO14443A RFIDs... }14b { ISO14443B RFIDs... }15 { ISO15693 RFIDs... }epa { German Identification Card... }legic { LEGIC RFIDs... }iclass { ICLASS RFIDs... }mf { MIFARE RFIDs... }tune Continuously measure HF antenna tuningCustomize me!Flashing the Proxmark Compiling Proxmark source and firmware upgrading v1.pdf
  61. 61. Proxmark3The Proxmark III firmware has been modified to allow more (many more!) commands:proxmark3> lfhelp This helpcmdread <off period> <0 period> <1 period> <command> [h] -- Modulate LF reader field to sendcommand before read (all periods in microseconds) (option h for 134)em4x { EM4X RFIDs... }flexdemod Demodulate samples for FlexPasshid { HID RFIDs... }indalademod [224] -- Demodulate samples for Indala 64 bit UID (option 224 for 224 bit)indalaclone <UID> [l]-- Clone Indala to T55x7 (tag must be in antenna)(UID in HEX)(option l for 224UIDread [h] -- Read 125/134 kHz LF ID-only tag (option h for 134)sim [GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)simbidir Simulate LF tag (with bidirectional data transmission between reader and tag)simman <Clock> <Bitstream> [GAP] Simulate arbitrary Manchester LF tagti { TI RFIDs... }vchdemod [clone] -- Demodulate samples for VeriChipCustomize me!Flashing the Proxmark61
  62. 62. Proxmark3proxmark3> hf mfhelp This helpdbg Set default debug moderdbl Read MIFARE classic blockrdsc Read MIFARE classic sectordump Dump MIFARE classic tag to binary filerestore Restore MIFARE classic binary file to BLANK tagwrbl Write MIFARE classic blockchk Test block keysmifare Read parity error messages. param - <used card nonce>nested Test nested authenticationsniff Sniff card-reader communicationsim Simulate MIFARE cardeclr Clear simulator memory blockeget Get simulator memory blockeset Set simulator memory blockeload Load from file emul dumpesave Save to file emul dumpecfill Fill simulator memory with help of keys from simulatorekeyprn Print keys from simulator memorycsetuid Set UID for magic Chinese cardcsetblk Write block into magic Chinese cardcgetblk Read block from magic Chinese cardcgetsc Read sector from magic Chinese cardcload Load dump into magic Chinese cardcsave Save dump from magic Chinese card into file or emulatorCustomize me!Flashing the Proxmark62
  63. 63. Proxmark3If something went wrong…JTAG Recovery Procedure for whatever reason the USB upgradeprocedure failed and the Proxmark will nolonger boot, you will need to load the bootromon to the Proxmark using the JTAG interface.This procedure assumes that you have a SeggerJ-LINK for the recovery process and J-FlashARM installed on a PC (Microsoft Windows).Cool post:
  64. 64. Proxmark developers communityResearch, development and trades concerningthe powerful Proxmark3 device! Forum64
  65. 65. Proxmark365
  66. 66. Proxmark366
  67. 67. Simplest RFID Emulator:>*lf*em*em410xwatch*proxmark3>*lf*em*em410xsim*34003aca60*Sending*data,*please*wait...*Starting*simulator...*proxmark3>*lf*em*em410xwrite*34003aca60*1*Writing*T55x7*tag*with*UID*0x34003aca60*#db#*Started*writing*T55x7*tag*...*#db#*Tag*T55x7*written*with*0xff992001a98a301c*67
  68. 68. Don’t! ;)68
  69. 69. Mifare.
  70. 70. MIFARE is a trademark of NXP Semiconductors.With more than 5 billion smart card and ticket ICs and 50million reader components sold, MIFARE is a technology thathas been selected for most contactless smart card projectsw o r l d w i d e a n d t h e r e f o r e , b e c a m e t h e m o s tsuccessful platform within the automatic fare collection industry.In addition, its compelling product portfolio includes perfectsolutions for other applications next to automatic fare collectionsuch as loyalty, road tolling, access management and gaming.Mifare Classic70
  71. 71. 71
  72. 72. MIFARE™ Classic 1KMIFARE Classic 1K was the first IC to be used in high volumepublic transport ticketing in a major transport project in Seoul,Korea.Continuing this success, cities such as São Paulo, Buenos Aires,Taipei, Pusan and many more are adopting MIFARE as thecontactless interface platform for the present and future.MIFARE Classic 1K is primarily used in closed systems as fixedvalue tickets (e.g. weekly or monthly travel passes) or as ticketswhere value is extracted from the card by the service provider.Mifare Classic72
  73. 73. Mifare ClassicKey features1 kbyte EEPROM (768 Byte freeavailable)Unique serial number (4 Byte –not unique anymore - and 7Byte)16 separated sectors supportingmulti-applicationEach sector consists 4 blockswith a length of 16 Byte2 x 48 bit keys per sector for keyhierarchyA c c e s s c o n d i t i o n s f r e econfigurable based on 2 keysNumber of single writeoperations: 100.000Data retention: 10 years73
  74. 74. memory area of the MIFARE 1k is organized in 16 numbered sectors from 0 to 15.Each sector contains 4 blocks (block 0 to 3).Block 3 of each sector is called sector trailer and contains information (called access bits)to handle the sector access conditions and the secret keys (key A and key B). Depending onthe setting of the access bits the Reader device has to perform an authentication with key Aor key B to read or write the sector.Block 0 of sector 0 (i.e. Manufacturer Block also called Manufacturer Data) contains the ICmanufacturer data, and the Unique Identifier (UID, also called Serial Number, see [ISOIEC14443-3] for a detailed definition).Mifare Classic74
  75. 75. Manufacturer Product ATQA SAKATS(called ATR forcontactsmartcards)UID lengthNXP MIFARE Mini 00 04 09 4 bytesMIFARE Classic 1k 00 04 08 4 bytesMIFARE Classic 4k 00 02 18 4 bytesMIFARE Ultralight 00 44 00 7 bytesMIFARE DESFire 03 44 20 75 77 81 02 80 7 bytesMIFARE DESFire EV1 03 44 20 75 77 81 02 80 7 bytesMifare ClassicIdentification Values75
  76. 76. Mifare ClassicAccess Bits – EasyKey from ACS76
  77. 77. MIFARE Classic 1K,MIFARE Classic 4KThe MIFARE™ Classic Crypto algorithmis a highly cost efficient authenticationand data encryption method. It has beendesigned for maximum performance whileproviding basic levels of data security. Incombination with a sophisticated keydiversification technique and appropriatesystem level security measures, thisproduct can be used for reloadable time-based smart cards or stored-value farecollection concepts.24th Chaos Communication CongressDecember 27th to 30th, 2007Nohl and Plotz gave a presentation on MiFaressecurity vulnerabilities.To hack the chip, Nohl and Plotz reverse-engineered the cryptography on the MiFarechip through a painstaking process. Theyexamined the actual MiFare Classic chip inexacting detail using a microscope and theopen-source OpenPCD RFID reader andsnapped several in-depth photographs of thechips architecture.The chip is tiny -- about a 1-millimeter-squareshred of silicon -- and is composed of severallayers.Mifare Classic77
  78. 78. The 48-bit key used in Mifare cards makesbrute-force key searches feasible. Cheaper thanbrute-force attacks, however, are possiblebecause of the cipher’s weak cryptographicstructure.In a brute-force attack an attacker records twochallenge-response exchanges between thelegitimate reader and a card and then tries allpossible keys for whether they produce thesame result.Less than 50min in an FPGA array (see PicoComputing ;)The random numbers onMifare Classic tags aregenerated using a linearfeedback shift register withconstant initial condition.Each random value,therefore, only dependson the number of clockcycles elapsed betweenthe time the tag ispowered up (and theregister starts shifting)and the time the randomnumber is extracted. ClassicProblems here?… first approaches78
  79. 79. Crypto1 consists of:one 48-bit feedback shift register for the main secret state of the cipher,a linear function,a two-layer 20-to-1 nonlinear function anda 16-bit LFSR which is used during the authentication phase (which also serves as the pseudorandom number generator on some card implementations).Mifare ClassicCrypto1 Attacks on the MIFARE Classicby Wee Hon Tan79
  80. 80. Threewell-knownattacks…1.  Sniff a valid trace (Proxmark!) and use Crapto12.  Default keys? Got one key? Get the others! – Nested! (mfoc)3.  No default keys? Get a key! - DarkSide attack (mfcuk)Mifare Classic80
  81. 81. Mifare ClassicPractical Attackscrapto1Open implementations of attacks against the crypto1 cipher, asused in some RFID cards.
  82. 82. Mifare ClassicPractical Attackscrapto1Open implementations of attacks against the crypto1 cipher, asused in some RFID cards.82
  83. 83. source implementation of "offline (card only) nested" attack.Mifare ClassicPractical Attacks – mfcuk & mfoc containing samples and various tools based on and around libnfc and crapto1,with emphasis on Mifare Classic NXP/Philips RFID cards.
  84. 84. Hint 1: Drop down the field of a while and add a 100-250ms delayHint 2: Put a book between your antenna and the tag (seems to clean up the field-power better)Hint 3: Restart the full anti-collision after getting a nonceHint 4: Try to keep your code clean and let it take the same branches to avoid timing differences winkHint 5: Try not to use an extension cable84
  85. 85. The necessary information was extracted from the papers: (recover keys with a valid reader) for the fourth attack mentioned. (escalating from 1 key to anywithout a valid reader). for the common prefix attack. Retrieves a key without a validreader. Requires more communication than the previous attack and accuratetiming.Mifare ClassicPractical AttacksNote: This papers are in Proxmark Files folder too =)85
  86. 86. We supply the cards below:Works exactly like the Mifare S50, with 16 Sectors and 4 Blocks each Sector, but theSector 0 Block 0 known as Manufacturers Block where the Chip UID is stored, can bere programmed to any UID you wish.Its advantage;This is a perfect solution for a lost irreplaceable Mifare Cards ID, you dont need to re-enroll new cards. Just program this new Mifare 1Ks UID to the UID of lost card thenyou have a new Exactly the same card.Popular applications;LoyaltyTicketingIdentificationAccess Controlif you need please contact us:ouyangweidaxian@live.cn“Magic Chinese” Mifare Classic86
  87. 87. •  Recent MFC dont leak NAKs anymore•  Recent MFC dont use 16-bit LFSR anymore•  Recent MFC use true random at startup•  Still remains the use of crypto1 weak cipher.Mifare ClassicGood news from NXP87MIFARE Plus is there to replace MFC wherever you need more security•  3 levels, level1 is MFC compatible, level3 is full AES•  EAL4+ certified•  Privacy-friendly:•  Random ID possible•  Distance-bounding protocol (against relay attacks)
  88. 88. Use CasesReal World Hacks
  89. 89. Use Cases1996 — First transport scheme in Seoul using MIFARE Classic 1k.
  90. 90. Full DisclosureIn March 2008 the Digital Security research group ofthe Radboud University Nijmegen made public thatthey performed a complete reverse-engineering andwere able to clone and manipulate the contents of aOV-Chipkaart (The Netherlands) which is aMIFARE Classic card.October 2011 the company TLS, responsible for theOV-Chipkaart announced that the new version of thecard will be better protected against fraudOV-Chipkaart.meHackers website voor de OV-Chipkaart90
  91. 91. Full DisclosureThe researchers say their security flaw can be used tocopy cards. They claim to have even been able toadjust the amount of credit stored on a pre-pay card.Shashi Verma, director of fares and ticketing atTransport For London, told the BBC its systemspotted the security breach."We knew about it before we were informed by the students," said Mr VermaHe stressed that the Mifare Classic chip in the Oyster card is only part of a largersystem. "A number of forensic controls run within the back office systems which issomething that customers and these students have no ability to touch.”"We will carry on making improvements to the security of the Oyster system."91
  92. 92. Use CaseBuenos Aires, Argentina, using Mifare 1KThere is a lot of information that you can check in Gov’s RFP’s ;)92
  93. 93. Use CaseBuenos Aires, Argentina, using Mifare 1K93RFID Pedestrian Barriers Tripod Turnstile
  94. 94. Resources, Tips,Ideas and Cheers
  95. 95. ResourcesEverything you need to know to look like you know everything!PROXMARK3 & DEPENDENCES (Futako Co.) (20% off! Mentioning this Workshop!)SHOPPING
  96. 96. More ResourcesEverything you have to take a look!Want more!? Gimme More, More & More! Random stuff, Projects, etc.Arduino + RFID = Mfocuino! (Christophe Duvernois) RFID Demo Tag, Rfidiot stuff! & Cards! => veeeeeeery cool wiki!Rfid Zappers! line utility, built on libnfc, which allows to interactively manipulatemifare classic tags.96
  97. 97. Use the Source! (OSX)Updating*Macports:*sudo*port*selfupdate*Install*pkgMconfig,*eg.:*sudo*port*install*pkgconfig*Install*libusbMcompat*Install*libusbMlegacy**Libnfc(ACRandSCL3711):*git*clone**autoreconf*Mvis*./configure*MMwithMdrivers=pn53x_usb,acr122_pcsc*make*sudo*make*install***Mfcuk:*Requires:*libnfc*(version*>=*1.7.0)**svn*checkout**mfcukMreadMonly*autoreconf*Mvis*automake*MMaddMmissing*PKG_CONFIG_PATH=/PATHMTOMLIBNFC/*./configure*make*all**Mfoc:*git*clone**Same*steps*as*Mfcuk*97
  98. 98. And we didn’t cover many other attacks like…Relay Attacks on ISO 14443 Contactless Smart Cards “phishing” attacksNFC “touch” attacks hacking…See ConTags (e-ticketing of the Frankfurt area public transport system)Google Wallet?Steal info from +RFID Credit Cards?98
  99. 99. Some quick n’ dirty CountermeasuresLots of info from NXP regarding the implementation of a secure payment system using theirMifare (Classic) tags, SAM’s, etc. Try their AN’s.RFID Blocker!Your grandma always tells you: Do not to scan any QR code on the street!…remember her advise for Smartposters, NFC marketing, etc.If you see someone with an antenna, justrun far away or put yourself inside aFaraday cage :PUse your own well-know encryption?99
  100. 100. I’d like to give Special Thanks to…PHDays‘III crew!Phil TeuwenThe people from Proxmark forum&Researchers, who share all their knowledge!&&&