A few month ago a paper was released which described how to break the Crypto1 algorithm of the Mifare Classic cards. Now the implementation has been released. The files with the source code have all in all only 611 LOC. Not so much…
Category Archives: RFID
24C3: Mifare Security
Seems that I have missed one of the most interesting speeches at 24C3.
Henryk Plötz and Karsten Nohl presented the recent developments in reverse engineering the Mifare RFID card. What they basically did is polishing away the different layers of the chip in the Mifare card and then visually analyze the layers, trying to find the cryptographic relevant parts. The security of the low-end Mifare Classic cards is to be concerned as broken. “Start migrating!” 😉 This does not have an impact on the high-end Mifare DESFire card. Check out the video!
Torrent of the video recording in Matroska / Vorbis / H.264
Torrent of the video recording in MPEG-4 / AAC-LC / H.264
OpenPCD arrival
Yesterday my OpenPCD did arrive.
OpenPCD is a free hardware design for Proximity Coupling Devices (PCD) based on 13,56MHz communication. This device is able to screen informations from Proximity Integrated Circuit Cards (PICC) conforming to vendor-independent standards such as ISO 14443, ISO 15693 as well as proprietary protocols such as Mifare Classic. Contactless cards like these are for example used in the new electronic passports.
The intention of the OpenPCD project is to offer the users full hardware control of the RFID signal and to provide different output signals for screening the communication. With already existing Free Software from the OpenMRTD project for implementing the PCD side protocol stack of various RFID protocols, this project will happily extend the free toolchain around RFID verification.
Hopefully I will have some time next week to take a close look.
Roundup on Wireless Security
There is a pretty good roundup on wireless security at pauldotcom, covering Wifi, Bluetooth and RFID. The slides give a pretty good overview on various topics and are a great entrance point for wireless hacking.