Scribd Logo
Upload

Welcome to Scribd!

  • RECON BRX 2017 Analyzing Mifare Classic Cracking

    Uploaded by

    paul
    467 views21 pages
    RECON BRX 2017 Analyzing Mifare Classic Cracking

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    RECON BRX 2017 Analyzing Mifare Classic Cracking

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    467 views21 pages

    RECON BRX 2017 Analyzing Mifare Classic Cracking

    Uploaded by

    paul
    RECON BRX 2017 Analyzing Mifare Classic Cracking

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 21

    miLazyCracker

    Kevin Larson
    Me
    Software Engineer at Honeywell
    This presentation in no way represents my employer or what I do
    there, this work was done completely on my time and my dime

    Masters Student at University Of Minnesota, USA


    Research Note

    Mifare Plus Cracking


    This presentation does not disclose any new
    vulnerabilities, simply builds on existing tools to make
    them easy to use
    Mifare Classic

    simple storage device


    read/write access permissions per block via keys

    e-wallet, access control, transportation, hotels


    Not all systems rely on networked/server side checks

    Custom crypto library CRYPTO1

    Source: https://en.wikipedia.org/wiki/MIFARE#Security_of_MIFARE_Classic.2C_MIFARE_DESFire_and_MIFARE_Ultralight
    Mifare Memory Layout

    Source: NXP
    Mifare Classic Attacks Card Only

    Open source NFC tools for Mifare Classic


    MFOC (Nested Attack)
    Relies on the fact that one key is known

    MFCUK (Darkside Attack)


    No keys are known for the card at all

    MFCUK: https://github.com/nfc-tools/mfcuk MFOC: https://github.com/nfc-tools/mfoc


    Response to Attacks
    Released Mifare Plus card - AES option

    Backwards compatible with Mifare Classic (uses CRYPTO1 as well)

    Fixed PRNG, no longer vulnerable to existing card-only attacks


    (MFOC/MFCUK)

    IMG URL: https://www.pinterest.com/pin/440297301040955293/


    Researchers Response

    Carlo Meijer and Roel Verdult


    http://www.cs.ru.nl/~rverdult/Ciphertext-only_Cryptanalysis_on_Hardened_Mifare_Classic_Cards-CCS_2015.pdf

    Found new card-only attacks (Mifare Plus SL1)


    Important because many installations likely did not
    update infrastructure
    My Goals

    Reproduce the attack

    Get the proper hardware and software

    Improve attack / easier to use

    Can I make it faster? Real-time even?


    Hardware and Tools
    SCL3711 (~$30)

    Proxmark3 ($212)

    Mifare Plus Cards (~$75)

    Mifare Reader (~$50)


    Config Software (FREE!)

    Crappy eBay lock *

    Not all Classic readers accept MF+


    (timing)
    The Hardnested Attack

    Nested attacked on hardened cards = hardnested

    - Requires at least one known key

    - Many attempts at nested authentication

    - Collect unique encrypted nonces

    - Leaked bits can reduce keyspace to ~2^20

    - Brute-force
    What did I actually do?
    Improving the attack was difficult
    People a lot smarter than me dont sleep

    Speed of the attack is heavily dependent on the physical time


    constraints

    Make this REALLY easy to use


    Are you lazy?
    Everyone is lazy

    Lets make this easy:


    Dont know if you have a Mifare Classic or Plus?

    Dont have time to wait for older attacks (MFOC)

    Dont have over $200 to buy a Proxmark?

    Have $30 for a usb reader?

    Try miLazyCracker!
    miLazyCracker
    modified LibNFC version of MFOC to ID the PRNG

    Modified LibNFC version of hardnested attack to save additional data for


    tool automation

    Created wrapper script to figure out all parameters necessary, no input


    parameters needed
    Demo
    ./miLazyCracker

    Fingerprinting based on MIFARE type Identification Procedure:
    * MIFARE Classic 1K
    * MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1

    Try to authenticate to all sectors with default keys...

    Sector 00 - Found Key A: ffffffffffff Found Key B: 000000000000
    Sector 01 - Unknown Key A Found Key B: 000000000000

    Sector 11 - Found Key A: ffffffffffff Found Key B: 000000000000
    Sector 12 - Unknown Key A Unknown Key B
    Sector 13 - Found Key A: ffffffffffff Found Key B: 000000000000
    Sector 14 - Found Key A: ffffffffffff Found Key B: 000000000000
    Sector 15 - Found Key A: ffffffffffff Found Key B: 000000000000
    Demo (cont.)
    PRNG is not vulnerable to nested attack
    MFOC not possible, detected hardened Mifare Classic
    Trying HardNested Attack...
    libnfc_crypto1_crack 000000000000 60 B 48 B

    Collected 1540 nonces... leftover complexity 199741811968 (~2^37.54) - initializing brute-force phase...
    Found key: 000000143575
    The custom key 0x000000143575 has been added to the default keys
    recursively calling attacks in wrapper script...
    libnfc_crypto1_crack 000000000000 60 B 48 A
    Found key: 66778899aabb
    The custom key 0x000000143575 has been added to the default keys
    The custom key 0x66778899aabb has been added to the default keys

    Try to authenticate to all sectors with default keys...
    Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found
    [Key: 000000143575] -> [............\...]
    [Key: 66778899aabb] -> [............x...]
    [Key: ffffffffffff] -> [x.xxxxxxxxxxxxxx]
    [Key: a0a1a2a3a4a5] -> [x.xxxxxxxxxxxxxx]
    [Key: d3f7d3f7d3f7] -> [x.xxxxxxxxxxxxxx]
    Demo (cont.)
    Sector 00 - Found Key A: ffffffffffff Found Key B: 000000000000
    Sector 01 - Unknown Key A Found Key B: 000000000000
    Sector 02 - Found Key A: ffffffffffff Found Key B: 000000000000

    Sector 12 - Found Key A: 66778899aabb Found Key B: 000000143575
    Sector 13 - Found Key A: ffffffffffff Found Key B: 000000000000
    Sector 14 - Found Key A: ffffffffffff Found Key B: 000000000000
    Sector 15 - Found Key A: ffffffffffff Found Key B: 000000000000

    Using sector 00 as an exploit sector
    PRNG is not vulnerable to nested attack
    MFOC not possible, detected hardened Mifare Classic
    Trying HardNested Attack...
    libnfc_crypto1_crack 000000000000 60 B 4 A
    Found tag with uid a007a2a0, collecting nonces for key A of block 4 using known key B 000000000000 for
    block 60
    Collected 4003 nonces... leftover complexity 35169220696 (~2^35.03) - initializing brute-force phase...
    Starting 8 threads to test 35169220696 states using 256-way bitslicing
    Cracking... 98.28%
    No solution found :(
    . Keep Trying! Well get different nonces next time around.
    Demo (cont.)
    MFOC not possible, detected hardened Mifare Classic

    Trying HardNested Attack...

    libnfc_crypto1_crack 000000000000 60 B 4 A

    Collected 23435 nonces... leftover complexity 10712945232 (~2^33.32) - initializing brute-force phase...

    Found key: 112233445566..

    Auth with all sectors succeeded, dumping keys to a file!


    Source Code Released

    https://github.com/iAmNotSuperman/miLazyCracker/
    Remediation
    DO NOT USE

    CUSTOM CRYPTO
    Mifare Classic should be avoided
    ** Mifare Plus SL2 and SL3 are secure **
    Questions?

    You might also like