Browse Source

started writing something about mifare classic cards

Marius Schwarz 5 years ago
parent
commit
db5a9872a9
1 changed files with 68 additions and 0 deletions
  1. 68 0
      cheatsheets/security/rfid/mifare-card-security.md

+ 68 - 0
cheatsheets/security/rfid/mifare-card-security.md

@@ -0,0 +1,68 @@
+---
+title: Mifare RFID Card Security
+categories: [cheatsheets]
+tags: [security, rfid, mifare]
+---
+
+# Mifare RFID Card Security
+
+* Uses standard ISO 14443-A protocol
+* 13.56 MHz (High Frequency)
+* Uses custom crypto called CRYPTO1
+
+
+## Security Features
+
+* UID (Unique Identifier) is read-only
+* Authentication (Tag <-> Reader) to share a session key
+* Uses proprietary crypto algorithm (CRYPTO1)
+
+
+## Layout
+
+```
+0xff [  Key A, Access Cond.m U, Key B   ]  <- Sector Trailer
+                     .
+0x06 [            Data Block            ]
+                     .
+0x03 [  Key A, Access Cond.m U, Key B   ]  <- Sector Trailer
+0x06 [            Data Block            ]
+0x05 [            Data Block            ]
+0x04 [            Data Block            ]
+0x03 [  Key A, Access Cond.m U, Key B   ]  <- Sector Trailer
+0x02 [            Data Block            ]
+0x01 [            Data Block            ]
+0x00 [    UID,BCC, Manufacturer Data    ]
+```
+
+- Each sector contains 64 bytes
+- Each block contrains 16 bytes
+- The Sector Trailer looks like this in detail:
+
+```
+                                      |- undefined byte
+[ Key A (6 Bytes) ][ AC (3 Bytes) ] [ U (1B) ][ Key B (6 Bytes) ]
+ ^                    ^                          ^
+ |___ not readable    |     Could be readable ---|
+                      |
+                      \->  Defines Access Conditions for every data block
+```
+
+
+## Attacks on MIFARE Cards
+
+### Nested Attack
+
+1) Authenticate to the block with the default key
+1.1) Read Tags NT
+2) Authenticate to the same block using the default key
+
+
+
+### Darkside Attack
+
+
+# References
+
+- [Blackhat - Hacking MIFARE Classic Cards](https://www.blackhat.com/docs/sp-14/materials/arsenal/sp-14-Almeida-Hacking-MIFARE-Classic-Cards-Slides.pdf)
+