Mifare 1k Classic & SAM Module

moebius · 2012-07-05 14:10:51

Hey there!

Hope you're fine! It's been some time since my last post.

Any of you have some good documentation regarding the inner workings of a SAM module with Mifare Classic? I want to understand the difference between a system with the module and without it.. and how does it work to improve the system security.

Thanks!

merlok · 2012-07-05 15:22:54

Hi,

I have no good documentation, but )

The only difference that the keys is programmed into the SAM and you cant get it.
So, there is no "plain keys" flow into the reader schematics.

moebius · 2012-07-05 15:27:12

Hey Merlok, thanks. but.. are you saying that if there's a SAM module, we're not able to sniff the keys? I do not understand your answer.

thanks!

Edit: Oh! you're I belive that you're saying that the keys are not hardcoded within the reader code.. so the devels don't know the keys being used, for security purposes.. that's all? no any other diff?

Thanks!

merlok · 2012-07-05 15:30:06

We not able to "get" keys from interface microcontroller<->reader chip.
If we sniff dump from "the air" - it works ))))

p.s. ) for mifare classic there is no other diffs )

Last edited by merlok (2012-07-05 15:31:51)

moebius · 2012-07-05 15:33:20

Thanks Merlok!

moebius · 2012-07-05 15:39:49

Me again.. what about encyption or other sec stuff?

merlok · 2012-07-05 15:48:01

you can use SAM as cryptoprocessor

moebius · 2012-07-05 15:48:44

nice, i'm looking for some tech docs about that..

merlok · 2012-07-05 15:51:37

http://www.nxp.com/products/identification_and_security/reader_ics/mifare_sams_for_reader_systems/
http://www.nxp.com/documents/leaflet/MIFARESAMAV2leaflet.pdf
http://www.nxp.com/documents/short_data_sheet/P5DF081_SDS.pdf
http://www.nxp.com/documents/application_note/AN10990.pdf

Last edited by merlok (2012-07-05 15:54:41)

moebius · 2012-07-05 15:55:14

yes Merlok, I've read these docs.. I'm expecting some deeper tech info, but anyway, Thanks!

thefkboss · 2012-07-05 20:05:48

sam modules are a crypto way to comunicate with the card.
sam modules could have a secret key (or secret keys) this key is a private key that you write inside the sam epprom.
the sam modules have some software and hardware inside that know how to comunicate with the tag.
sam modules could store inside all the comands you need to write, increment, decrement.......

i don´t know how to explain:
imagine you have a reader and a software for the reader (in a computer), may be some hacker, could roll back the program and get all the info about the keys, info that send the software to the reader.......

but if you have a sam, some one could roll back the software ( the one that you have in the computer), but you are going to discover commands, that only works with the sam, is like the sam works as software , and you are not able to roll back the software o hardware form a sam (in theory).
so the keys, the commands, and everything that send to the card is not in plain text, is crypto.

if some one steal the software nothing happends because the sam is the one that know how to comunicate with the card, how to calculate all the keys.......... you need the software the sam an may be a master sam that is far away over the net.

To answer you question you could sniff the traffic between the card and the reader, and you could recover they key is this is mifare classic.

if is desfire or mifare plus, the way to recover the key may be could be studying sam modules

sam modules are good for diversification keys, you have a master key inside the sam.
the sam module read the uid from the card and make some kind of xor...sha...des...and give a hash that is the correct key for that card every card has a unique key that is made between master key and uid....

sam modules are like a pic or atmel with some routines...... nothing else.

what you want to know, something special??

moebius · 2012-07-05 21:03:40

thanks Boss, that's what I thought. is there any info regarding key diversification techniques?

thefkboss · 2012-07-06 09:11:09

MIFARE DESFire - Features and Hints page 91-100, if you need it send me an email.
i know that there is another document called: MIFARE SAM AV1 - Features and hints, but i don´t have it, if you could get it please send me a copy

minhtran · 2013-02-26 07:11:48

Dear all,
I using the NXP CLRC 632 interface with PIC24 to build the HF reader. Now, I working with the SRI512 and SRI4k, but I can't configure CLRC 632 to access to this card. Type A and 15693 is work fine.
Anyone help me?
Thanks and best regards, MT

Proxmark3 community

Announcement

#1 2012-07-05 14:10:51

Mifare 1k Classic & SAM Module

#2 2012-07-05 15:22:54

Re: Mifare 1k Classic & SAM Module

#3 2012-07-05 15:27:12

Re: Mifare 1k Classic & SAM Module

#4 2012-07-05 15:30:06

Re: Mifare 1k Classic & SAM Module

#5 2012-07-05 15:33:20

Re: Mifare 1k Classic & SAM Module

#6 2012-07-05 15:39:49

Re: Mifare 1k Classic & SAM Module

#7 2012-07-05 15:48:01

Re: Mifare 1k Classic & SAM Module

#8 2012-07-05 15:48:44

Re: Mifare 1k Classic & SAM Module

#9 2012-07-05 15:51:37

Re: Mifare 1k Classic & SAM Module

#10 2012-07-05 15:55:14

Re: Mifare 1k Classic & SAM Module

#11 2012-07-05 20:05:48

Re: Mifare 1k Classic & SAM Module

#12 2012-07-05 21:03:40

Re: Mifare 1k Classic & SAM Module

#13 2012-07-06 09:11:09

Re: Mifare 1k Classic & SAM Module

#14 2013-02-26 07:11:48

Re: Mifare 1k Classic & SAM Module

Board footer