Proxmark

The Proxmark III is a device developed by Jonathan Westhues that enables sniffing, reading and cloning of RFID (Radio Frequency Identification) tags. For my master thesis I wanted to look at the communication of Mifare Classic cards. Mifare Classic is used in many applications and is the most popular contactless card around. It is used in e-ticketing, public transport and access control. The higher-level protocol is kept secret by the manufacturer (NXP). I made an implementation of the ISO14443 type A standard for the Proxmark since Mifare is based on this communication standard.

After a lot of debugging and many noisy traces the Proxmark was ready for some real analysis. I focused on the Mifare Classic card and was happy to let the communication between card and reader appear on my screen. I could see the anticollision phase where the reader selects the card to communicate with. This was followed by an authentication and after that all communication was encrypted. The findings of this research are published on arxiv.org as A Practical Attack on the Mifare Classic

In December 2007 I saw the presentation of Karsten Nohl and Henryk Plotz where they showed how they reverse engineered the Mifare Classic chip. I was working on the same subject in Nijmegen. The Mifare system relied on security by obscurity and now the secrets are revealed there is no card-level security left. A video on youtube shows a demo that we gave on March 12th. It shows how we access a building with a cloned card.

[2016: addition by Iceman]

Since the original software was released it has been rewritten and modified to include much more functionality. The commands has also changed since this page was written. Head over to github and have some RFID fun!