@inproceedings{DBLP:conf/esorics/GarciaGMRVSJ08,
  author    = {Flavio D. Garcia and
               Gerhard de Koning Gans and
               Ruben Muijrers and
               Peter van Rossum and
               Roel Verdult and
               Ronny Wichers Schreur and
               Bart Jacobs},
  title     = {Dismantling MIFARE Classic},
  booktitle = {ESORICS},
  year      = {2008},
  pages     = {97-114},
  ee        = {http://dx.doi.org/10.1007/978-3-540-88313-5_7},
  crossref  = {DBLP:conf/esorics/2008},
  bibsource = {DBLP, http://dblp.uni-trier.de} }

@proceedings{DBLP:conf/esorics/2008,
  editor    = {Sushil Jajodia and
               Javier L{\'o}pez},
  title     = {Computer Security - ESORICS 2008, 13th European Symposium
               on Research in Computer Security, M{\'a}laga, Spain,
               October 6-8, 2008. Proceedings},
  booktitle = {ESORICS},
  publisher = {Springer},
  series    = {Lecture Notes in Computer Science},
  volume    = {5283},
  year      = {2008},
  isbn      = {978-3-540-88312-8},
  bibsource = {DBLP, http://dblp.uni-trier.de} }


Dismantling MIFARE Classic

Flavio D. Garcia, Gerhard de Koning Gans, Ruben Muijrers, Peter van
Rossum, Roel Verdult, Ronny Wichers Schreur, Bart Jacobs

Book Series Lecture Notes in Computer Science
Publisher Springer Berlin / Heidelberg
ISSN 0302-9743 (Print) 1611-3349 (Online) Volume
Volume 5283/2008
Book Computer Security - ESORICS 2008
DOI 10.1007/978-3-540-88313-5
Copyright 2008
ISBN 978-3-540-88312-8
DOI 10.1007/978-3-540-88313-5_7
Pages 97-114
Subject Collection Computer Science SpringerLink
Date Sunday, October 05, 2008
 

Abstract

The mifare Classic is a contactless smart card that is used
extensively in access control for office buildings, payment systems
for public transport, and other applications. We reverse engineered
the security mechanisms of this chip: the authentication protocol, the
symmetric cipher, and the initialization mechanism. We describe
several security vulnerabilities in these mechanisms and exploit these
vulnerabilities with two attacks; both are capable of retrieving the
secret key from a genuine reader. The most serious one recovers the
secret key from just one or two authentication attempts with a genuine
reader in less than a second on ordinary hardware and without any pre-
computation. Using the same methods, an attacker can also eavesdrop
the communication between a tag and a reader, and decrypt the whole
trace, even if it involves multiple authentications. This enables an
attacker to clone a card or to restore a real card to a previous
state.