Paper 2024/1275

MIFARE Classic: exposing the static encrypted nonce variant

Abstract

MIFARE Classic smart cards, developed and licensed by NXP, are widely used but have been subjected to numerous attacks over the years. Despite the introduction of new versions, these cards have remained vulnerable, even in card-only scenarios. In 2020, the FM11RF08S, a new variant of MIFARE Classic, was released by the leading Chinese manufacturer of unlicensed "MIFARE compatible" chips. This variant features specific countermeasures designed to thwart all known card-only attacks and is gradually gaining market share worldwide. In this paper, we present several attacks and unexpected findings regarding the FM11RF08S. Through empirical research, we discovered a hardware backdoor and successfully cracked its key. This backdoor enables any entity with knowledge of it to compromise all user-defined keys on these cards without prior knowledge, simply by accessing the card for a few minutes. Additionally, our investigation into older cards uncovered another hardware backdoor key that was common to several manufacturers.

Note: Revision 1.2 additions: Possibility to directly read all blocks of all sectors with one single backdoor authentication, support in hf mf ecfill; FM11RF08S **98 with FM11RF08 key; One-liners prev_state/next_state in predict_nt.py; Support for crypto1 in hf 14a raw; Support for supply-chain attack in fm11rf08s_recovery.py; Support for data-first / reader-only attacks, including support for nested authentications; Table: new samples references. Errata: Fix SLE66 ACL in table, Clarify FM11RF32M vs. FM11RF32N, Adjust list of other untested clones in the open questions