HACKING MIFARE CLASSIC CARDS presented at blackhatsummer 2014

by Marcio Almeida Macedo,

Summary : The MIFARE Classic is one of the most used, contactless cards in the world. It wascreated by NXP Semiconductors and uses RFID communication. The industry has been using this card in access control systems deployed in buildings, as well as in public transportation as a ticket replacement. In 2008, two groups of researchers, conducting their work almost independently, performed the card communication protocol and Crypto-1 cipher reverse engineering, uncovering several security weaknesses, which has dismissed the card's reputation. As a consequence, malicious users might clone this card in a couple of seconds. Since then, the MIFARE Classic has been highly exposed on the media. This workshop is intended to present the card features, the main types of attack, workarounds to control them and, as much as possible, keeping the system secure. As proof-of-concept, we will show how to dump and clone MIFAREclassic cards with equipment costing less than $100.