Professional Documents
Culture Documents
Kevin Larson
Me
Software Engineer at Honeywell
This presentation in no way represents my employer or what I do
there, this work was done completely on my time and my dime
Source: https://en.wikipedia.org/wiki/MIFARE#Security_of_MIFARE_Classic.2C_MIFARE_DESFire_and_MIFARE_Ultralight
Mifare Memory Layout
Source: NXP
Mifare Classic Attacks Card Only
Proxmark3 ($212)
- Brute-force
What did I actually do?
Improving the attack was difficult
People a lot smarter than me dont sleep
Try miLazyCracker!
miLazyCracker
modified LibNFC version of MFOC to ID the PRNG
libnfc_crypto1_crack 000000000000 60 B 4 A
Collected 23435 nonces... leftover complexity 10712945232 (~2^33.32) - initializing brute-force phase...
https://github.com/iAmNotSuperman/miLazyCracker/
Remediation
DO NOT USE
CUSTOM CRYPTO
Mifare Classic should be avoided
** Mifare Plus SL2 and SL3 are secure **
Questions?