Paper 2024/1275

MIFARE Classic: exposing the static encrypted nonce variant

Philippe Teuwen, Quarkslab
Abstract

MIFARE Classic smart cards, developed and licensed by NXP, are widely used but have been subjected to numerous attacks over the years. Despite the introduction of new versions, these cards have remained vulnerable, even in card-only scenarios. In 2020, the FM11RF08S, a new variant of MIFARE Classic, was released by the leading Chinese manufacturer of unlicensed "MIFARE compatible" chips. This variant features specific countermeasures designed to thwart all known card-only attacks and is gradually gaining market share worldwide. In this paper, we present several attacks and unexpected findings regarding the FM11RF08S. Through empirical research, we discovered a hardware backdoor and successfully cracked its key. This backdoor enables any entity with knowledge of it to compromise all user-defined keys on these cards without prior knowledge, simply by accessing the card for a few minutes. Additionally, our investigation into older cards uncovered another hardware backdoor key that was common to several manufacturers.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
MIFAREbackdoorProxmark3Fudan
Contact author(s)
pteuwen @ quarkslab com
History
2024-08-16: approved
2024-08-12: received
See all versions
Short URL
https://ia.cr/2024/1275
License
Creative Commons Attribution-ShareAlike
CC BY-SA

BibTeX 

@misc{cryptoeprint:2024/1275,
      author = {Philippe Teuwen},
      title = {{MIFARE} Classic: exposing the static encrypted nonce variant},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1275},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1275}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.