Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2016-04-27 15:02:30

suixo
Contributor
From: Paris, France
Registered: 2016-04-25
Posts: 27

Known attacks on MIFARE Classic & Plus

Hi folks,

I am trying to write a complete reference of all the known attacks on contactless smartcards. I am pretty sure about the attacks on the MIFARE Classic, but I need some help on the MIFARE Plus.

For now, I identified the following attacks on the MIFARE Classic :

  • Dark side of obscurity attack - uses weaknesses in CRYPTO1 with encrypted error code responses and parity bits, card-only attack and no requirement

  • Nested attack - uses weaknesses in the PRNG and time distances to compute the plaintext value of nonces - card-only attack, but you need to know at least one key

  • Snooping attack - uses weaknesses in CRYPTO1 - you need a trace of a single captured authentication session

For MIFARE Plus however, the PRNG has been fixed and the encrypted error message is not sent anymore, so the Dark Side of Obscurity and the Nested attacks are no longer doable.
A HardNested attack has been developed for hardened PRNG, and allow to recover all the keys if at least one key is known.

Are snooping attacks still possible? Are there other attacks I missed?

Let me know if you have interesting papers documenting attacks on MIFARE Plus cards smile

Offline

#2 2016-04-27 15:48:02

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Known attacks on MIFARE Classic & Plus

Read the thesises from Roel Verdult and Gerhard de Koning Gans for starters,

ref
http://www.cs.ru.nl/~rverdult/publications.html
http://gerhard.dekoninggans.nl/document … thesis.pdf

Offline

#3 2016-05-05 09:36:14

roman921
Contributor
Registered: 2015-06-21
Posts: 48

Re: Known attacks on MIFARE Classic & Plus

iceman wrote:

Read the thesises from Roel Verdult and Gerhard de Koning Gans for starters,

ref
http://www.cs.ru.nl/~rverdult/publications.html
http://gerhard.dekoninggans.nl/document … thesis.pdf

Where can I download hardnested program, I want to try the attack on the card mifare plus emulation classic 1k. I have no proksmarka only acr122u. Can I without proksmarka this attack to try to accomplish?

Offline

#4 2016-05-05 16:24:42

osys
Contributor
From: Nearby
Registered: 2016-03-28
Posts: 62

Re: Known attacks on MIFARE Classic & Plus

Hi Roma! You need to gather nonces using the reader. The rest is done on PC side thanks to aczid bitslicing implementation.

Offline

#5 2016-05-07 20:05:34

roman921
Contributor
Registered: 2015-06-21
Posts: 48

Re: Known attacks on MIFARE Classic & Plus

Thank you for your advice.
I also want to ask. Can do better hardnested attack, for example, without one key such as: hard dark side attack. Can be this attack or not, how do you think.

Offline

#6 2016-05-07 20:20:32

osys
Contributor
From: Nearby
Registered: 2016-03-28
Posts: 62

Re: Known attacks on MIFARE Classic & Plus

I even know, hardnested is not possible without at least one known key. You may want to check iceman's branch for bunch of default keys in dictionary and in lua scripts as well.

Most of the cards have at least one default key for the sector. What card are you interested in?

Offline

#7 2016-05-07 20:51:16

roman921
Contributor
Registered: 2015-06-21
Posts: 48

Re: Known attacks on MIFARE Classic & Plus

I interested this card https://strelkacard.ru/ I know one key in this card but hardnested don't work with this card.
This card is jcop 41 with emulation mifare classic. This card has SAK 0x28. It is main problem fail hardnested attack on this card.

Offline

#8 2016-05-07 20:54:38

osys
Contributor
From: Nearby
Registered: 2016-03-28
Posts: 62

Re: Known attacks on MIFARE Classic & Plus

I see. I cannot help here though, sorry.

Offline

#9 2016-05-07 21:01:12

roman921
Contributor
Registered: 2015-06-21
Posts: 48

Re: Known attacks on MIFARE Classic & Plus

If change tools libnfc that libnfc think that this card with SAK 0x08 will work hardnested or not, I have other card mifare plus with emulation mifare classic. This card sak is 0x08 and hardnested work great.

Offline

#10 2016-05-08 14:56:50

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Known attacks on MIFARE Classic & Plus

Since your tag is JCOP,  emulating a Mifare Classic tag, I'm doubtful the hardnested attack will work here.
If you are lucky,  the normal darkside attack should work.

Offline

#11 2016-05-09 12:34:39

suixo
Contributor
From: Paris, France
Registered: 2016-04-25
Posts: 27

Re: Known attacks on MIFARE Classic & Plus

@iceman: why would the JCOP prevent the hardnested attack to work? For what I have understood of the paper, any sytem compatible with MIFARE Classic is vulnerable, so the emulated JCOP should also be vulnerable.

In my case, the existing implementation did not work, the card responding with a lot of "Auth failed" and finally "Unable to select card" in an infinite loop. I had to modify the code to slow down (again!) the acquisition in order to reduce its pace.
Maybe this could be helpful in this case.

@roman921: what's the error message, why do you say it is failing?

Offline

#12 2016-05-09 12:55:34

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Known attacks on MIFARE Classic & Plus

its because the JCOP application would need to have the modern PRNG implemented on card.  I doubt that there is a java implementation of that PRNG in the open.  However its very easy to get the old one. 
The darkside attact might not work because emulating mifare takes longer time, thus making the prng unpredicable.

If there is a implementation of the hardend PRNG available,  then we can use it in the current darkside attack, to predict nonces...

Offline

#13 2016-05-09 15:08:17

osys
Contributor
From: Nearby
Registered: 2016-03-28
Posts: 62

Re: Known attacks on MIFARE Classic & Plus

Hardnested guesses in the current implementation are not always accurate by the way.

@roman, wish you open personal messages for me to send you via forum.

Last edited by osys (2016-05-09 15:14:38)

Offline

#14 2016-05-09 15:18:47

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Known attacks on MIFARE Classic & Plus

Had to test it now,
I tried the hardnested on a old mifare tag,  it got to 702k nonces without success to find the parity with high probability then the client crashed.

So, I don't think the hardnested attack works against the old PRNG.

Offline

#15 2016-05-13 20:01:59

roman921
Contributor
Registered: 2015-06-21
Posts: 48

Re: Known attacks on MIFARE Classic & Plus

@osys, how on this forum open personal messages ?

Offline

#16 2016-05-15 10:05:09

osys
Contributor
From: Nearby
Registered: 2016-03-28
Posts: 62

Re: Known attacks on MIFARE Classic & Plus

@roman921, seems PMs are disabled, however I have set

Hide your email address but allow form email.

Do you have possibility to contact me?

Offline

#17 2016-05-15 10:54:04

roman921
Contributor
Registered: 2015-06-21
Posts: 48

Re: Known attacks on MIFARE Classic & Plus

osys wrote:

Do you have possibility to contact me?

@osys, i open email in profile. Please, write me.

Last edited by roman921 (2016-05-15 10:54:18)

Offline

#18 2016-05-15 20:28:32

osys
Contributor
From: Nearby
Registered: 2016-03-28
Posts: 62

Re: Known attacks on MIFARE Classic & Plus

@roman921, unfortunately they doesn't work. there is no ability to send a message to you.

Offline

#19 2016-05-16 04:59:37

roman921
Contributor
Registered: 2015-06-21
Posts: 48

Re: Known attacks on MIFARE Classic & Plus

@osys, now me e-mail shows in my profile. Do you see e-mail now in my profile ?

Offline

#20 2016-05-16 07:11:42

osys
Contributor
From: Nearby
Registered: 2016-03-28
Posts: 62

Re: Known attacks on MIFARE Classic & Plus

@roman921, unfortunately no. seems there are some troubles with the forum.
lets wait when they will be fixed.

Offline

#21 2018-11-01 02:57:09

zhuminggang
Contributor
Registered: 2017-09-06
Posts: 46

Re: Known attacks on MIFARE Classic & Plus

iceman wrote:

Read the thesises from Roel Verdult and Gerhard de Koning Gans for starters,

ref
http://www.cs.ru.nl/~rverdult/publications.html
http://gerhard.dekoninggans.nl/document … thesis.pdf

Good thesises!

Offline

Board footer

Powered by FluxBB