Содержание
- 2. Me Software Engineer at Honeywell This presentation in no way represents my employer or what I
- 3. Research Note Mifare Plus Cracking This presentation does not disclose any new vulnerabilities, simply builds on
- 4. Mifare Classic simple storage device read/write access permissions per block via keys e-wallet, access control, transportation,
- 5. Mifare Memory Layout Source: NXP
- 6. Mifare Classic Attacks – Card Only Open source NFC tools for Mifare Classic MFOC (Nested Attack)
- 7. Response to Attacks Backwards compatible with Mifare Classic (uses CRYPTO1 as well) IMG URL: https://www.pinterest.com/pin/440297301040955293/ Fixed
- 8. Researchers Response Carlo Meijer and Roel Verdult http://www.cs.ru.nl/~rverdult/Ciphertext-only_Cryptanalysis_on_Hardened_Mifare_Classic_Cards-CCS_2015.pdf Found new card-only attacks (Mifare Plus SL1) Important
- 9. My Goals Reproduce the attack Get the proper hardware and software Improve attack / easier to
- 10. Hardware and Tools SCL3711 (~$30) Proxmark3 ($212) Mifare Plus Cards (~$75) Mifare Reader (~$50) Config Software
- 11. The Hardnested Attack Nested attacked on hardened cards = “hardnested” Requires at least one known key
- 12. What did I actually do? Improving the attack was difficult People a lot smarter than me
- 13. Are you lazy? Everyone is lazy Lets make this easy: Don’t know if you have a
- 14. miLazyCracker modified LibNFC version of MFOC to ID the PRNG Modified LibNFC version of hardnested attack
- 15. Demo ./miLazyCracker … Fingerprinting based on MIFARE type Identification Procedure: * MIFARE Classic 1K * MIFARE
- 16. Demo (cont.) PRNG is not vulnerable to nested attack MFOC not possible, detected hardened Mifare Classic
- 17. Demo (cont.) Sector 00 - Found Key A: ffffffffffff Found Key B: 000000000000 Sector 01 -
- 18. Demo (cont.) MFOC not possible, detected hardened Mifare Classic Trying HardNested Attack... libnfc_crypto1_crack 000000000000 60 B
- 19. Source Code Released https://github.com/iAmNotSuperman/miLazyCracker/
- 20. Remediation DO NOT USE CUSTOM CRYPTO Mifare Classic should be avoided ** Mifare Plus SL2 and
- 22. Скачать презентацию