A Practical Attack on the MIFARE Classic
Gerhard de Koning Gans, Jaap-Henk Hoepman, and Flavio D. Garcia
TL;DR
This paper presents a practical, low-cost attack on the widely used MIFARE Classic contactless smart card, exploiting cryptographic weaknesses to recover and manipulate secret memory data.
Contribution
It introduces a novel attack method that exploits a weakness in the pseudo-random generator, enabling reading and modifying memory sectors of the card.
Findings
Successfully recovers keystream from the card
Allows reading any memory sector with known block
Enables modification of memory blocks
Abstract
The MIFARE Classic is the most widely used contactless smart card in the market. Its design and implementation details are kept secret by its manufacturer. This paper studies the architecture of the card and the communication protocol between card and reader. Then it gives a practical, low-cost, attack that recovers secret information from the memory of the card. Due to a weakness in the pseudo-random generator, we are able to recover the keystream generated by the CRYPTO1 stream cipher. We exploit the malleability of the stream cipher to read all memory blocks of the first sector of the card. Moreover, we are able to read any sector of the memory of the card, provided that we know one memory block within this sector. Finally, and perhaps more damaging, the same holds for modifying memory blocks.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCryptographic Implementations and Security · Chaos-based Image/Signal Encryption · Advanced Authentication Protocols Security