 |
|
| node: | RFID nest attack implemented |
| template: | 4 |
| parent: | Rfid čipy-Posledná strata súkromia? |
| owner: | dusanson |
| viewed by: | |
| created: | 06.11.2009 - 10:23:49 |
| updated: | 06.11.2009 - 10:25:56 |
|
cwbe coordinatez: 866 1551575 2162812 4997156 ABSOLUT KYBERIA |
| permissions | |
| you: | r, |
| system: | public |
| net: | yes |
total descendants::0
total children::0
2 ❤️
Researchers at Nethemba released a few days ago an implementation of the nest attack on Mifare Classic cards.
We have analysed Czech/Slovak most used public transport and access smart cards (Bratislava public transport card, University/ISIC cards, parking cards, Slovak Lines cards etc) based on Mifare Classic technology. Using various technologies and thanks to public available academical papers, we have demonstrated the possibility of gaining all access keys used for the card content encryption. We have also verified that these keys can be subsequently used for complete reading, altering and cloning the cards that can pose a serious threat for affected transport companies.
Fairly well packaged, this software progressively discovers the keys closing the blocks on the RFID cards, starting from at least one known key (commonly found, as mentioned by Roel Verdult in his "Classic Mistakes" lecture) using the "Nested Authentication Attack" documented by the paper "Wirelessly Pickpocketing a Mifare Classic Card" published by scholars of the Radboud University in Nijmegen.
Theoretically this is nothing so new, nevertheless this is a fully working implementation (and fast, thanks to libNFC) that can let you crack Mifare chips using a 30$ cheap touch-a-tag without more tech skills than compiling a small C code. Tried on the dutch OV-chip card today: it took less than 2 hours to find all the keys of the card and read out all its sectors. Wide open, quite impressive.
Nethemba's head of research Pavol Lupták will soon present in person his findings at the upcoming Confidence 2.0 in Warsaw.
http://networkedblogs.com/p16795783
https://www.nethemba.com/research#zranitelnosti_v_mifare_kartach
&
Verejná bezpečnostná analýza slovenského biometrického pasu
(stále prebieha - v prípade, že nám viete pomôcť, neváhajte nás kontaktovať)
Prakticky sme demonštrovali načítanie nového slovenského biometrického RFID pasu. Pas je možné načítat ľubovoľnou ISO14443A RFID čítačkou (pre náš experiment sme použili lacnú touchatag čítačku, ktorú je možné zakúpiť za 30 €).
Na prečítanie je potrebný MRZ kód, ktorý je uvedený na predposlednej strane pasu. MRZ sa skladá primárne z čísla pasu, dátumu narodenia a dátumu expirácie pasu. Na základe osobných údajov sa MRZ dá aj vypočítať. So znalosťou MRZ kódu je možné z pasu prečítať:
* všetky osobné data uvedené v pase (EF.DG1)
* fotografiu vlastníka (uloženú v JPEG) (EF.DG2)
MRZ kód ale nestačí na načítanie:
* odtlačku prstu vlastníka pasu (EF.DG3)
* "Active Authentication Public Key Info" (EF.DG15)
https://www.nethemba.com/research#bezpecnostna_analyza_slovenskych_biometrickych_pasov
We have analysed Czech/Slovak most used public transport and access smart cards (Bratislava public transport card, University/ISIC cards, parking cards, Slovak Lines cards etc) based on Mifare Classic technology. Using various technologies and thanks to public available academical papers, we have demonstrated the possibility of gaining all access keys used for the card content encryption. We have also verified that these keys can be subsequently used for complete reading, altering and cloning the cards that can pose a serious threat for affected transport companies.
Fairly well packaged, this software progressively discovers the keys closing the blocks on the RFID cards, starting from at least one known key (commonly found, as mentioned by Roel Verdult in his "Classic Mistakes" lecture) using the "Nested Authentication Attack" documented by the paper "Wirelessly Pickpocketing a Mifare Classic Card" published by scholars of the Radboud University in Nijmegen.
Theoretically this is nothing so new, nevertheless this is a fully working implementation (and fast, thanks to libNFC) that can let you crack Mifare chips using a 30$ cheap touch-a-tag without more tech skills than compiling a small C code. Tried on the dutch OV-chip card today: it took less than 2 hours to find all the keys of the card and read out all its sectors. Wide open, quite impressive.
Nethemba's head of research Pavol Lupták will soon present in person his findings at the upcoming Confidence 2.0 in Warsaw.
http://networkedblogs.com/p16795783
https://www.nethemba.com/research#zranitelnosti_v_mifare_kartach
&
Verejná bezpečnostná analýza slovenského biometrického pasu
(stále prebieha - v prípade, že nám viete pomôcť, neváhajte nás kontaktovať)
Prakticky sme demonštrovali načítanie nového slovenského biometrického RFID pasu. Pas je možné načítat ľubovoľnou ISO14443A RFID čítačkou (pre náš experiment sme použili lacnú touchatag čítačku, ktorú je možné zakúpiť za 30 €).
Na prečítanie je potrebný MRZ kód, ktorý je uvedený na predposlednej strane pasu. MRZ sa skladá primárne z čísla pasu, dátumu narodenia a dátumu expirácie pasu. Na základe osobných údajov sa MRZ dá aj vypočítať. So znalosťou MRZ kódu je možné z pasu prečítať:
* všetky osobné data uvedené v pase (EF.DG1)
* fotografiu vlastníka (uloženú v JPEG) (EF.DG2)
MRZ kód ale nestačí na načítanie:
* odtlačku prstu vlastníka pasu (EF.DG3)
* "Active Authentication Public Key Info" (EF.DG15)
https://www.nethemba.com/research#bezpecnostna_analyza_slovenskych_biometrickych_pasov