Hacking RFID Billing Schemes for Fun and Free Rides - Marcio Almeida Macedo - Ekoparty Security Conference - 2014
Ekoparty Security Conference via YouTube
Overview
Syllabus
Intro
DISCLAIMERS !!
RFID Billing Schemes
Mifare Classic Cards
A tiny history and some facts...
Security Features of Mifare Classic
Mifare Classic Structure
Partial Reverse Enginnering . In 2007 Karsten Noh and Henryk Plötz released at CCC the partial reverse engineering cipher initialization of CRYPTO-1 by hardware analysis
Weaknesses discovered
Full Disclosure of CRYPTO-1
Output Example Proxmark3
CRYPTO1 Cipher Cryptol Cipher
Proxmark3 + Active Sniffing
Card-only Attacks
Nested Attack
Curtouis Dark-Side Attack
Attack Steps
Proof of Concept
Running MFOC First Time
Running MFCUK
Running MFOC Second Time
Creating a Clone
Attack Cost
Analyzing PuntoBIP! Application
Problems Identified only analyzing PuntoBIP.akp
Countermeasures Against
"Decrement-counter" workaround
Conclusions
Taught by
Ekoparty Security Conference