Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2016-08-11 21:27:52

andrew892
Contributor
Registered: 2016-08-01
Posts: 3

some confirmations and few questions

hi,
i'm an italian computer science engineering student and i'm working on mifare classic card for my master degree thesis.
I read many papers and documents around, specially from this website.

I need just some confirmations and few question about these cards.
For a sub-task, i have to report the vulnerabilities of a system that uses mifare classic 1k, ev1 (lastest version of this card from nxp).
Looking at nonces generated from this tags, seems they fixed the only-16-bit-entropy of pseudo random bit generator. (sample nonce: 9e f1 58 cd)
This fix imply that:
- it's not more true that the nonce is generated with x^16+x^14+x^13+x^11+1 LSFR
- it's not more possible starting from firsts 2 bytes obtain lasts 2 bytes of nonce
- it's not more possible to mount any attack that use the "after time x there is the exactly same nonce" vulnerability, because the generation cycle doesn't run anymore on 2^16 cycle, i.e. 0,618s. (but 2^32 ?)

but

it's still possible (and i did it) to sniff a communication between genuine reader and genuine tag, recover ks2, ks3 decrypt the first auth and recover the key of this first sector.
i understood that the next auth nonce is encrypted with the key of sector that i want to operate with. So we need to proceed with trial-and-error to find out the nonce in the clear, but the nonce-space isn't more 2^16 (but 2^32 ?).
Here i have a question: is there some information that we can use to mount a bruteforce attack in feasible time? for example some information from "Dismantling MIFARE Classic" Garcia's publication, in section "multiple-sector authentication" that is still valid?

And concluding, having access to a genuine card and a genuine reader, is there some other vulnerabilty that i haven't considered here?

thank you in advance for any kind of help.

Last edited by andrew892 (2016-08-11 21:28:33)

Offline

Board footer

Powered by FluxBB