Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2009-07-07 06:34:15

samy
Contributor
From: los angeles, california
Registered: 2009-06-18
Posts: 148
Website

MIFARE Plus

Anyone work with a MIFARE Plus card before?

Any suggestions? I can probably snoop, but it will have to be at a public place!

Offline

#2 2009-07-07 09:05:58

edo512
Contributor
Registered: 2008-10-07
Posts: 103

Re: MIFARE Plus

Have you actually seen one of those in the wild yet?

Offline

#3 2009-07-07 09:08:08

samy
Contributor
From: los angeles, california
Registered: 2009-06-18
Posts: 148
Website

Re: MIFARE Plus

I'm pretty sure the Los Angeles Metro uses them now as re-usable bus passes. I got one today!

http://www.nxp.com/news/content/file_1569.html

Offline

#4 2009-07-07 09:42:25

szymonunion
Contributor
Registered: 2009-07-05
Posts: 46

Re: MIFARE Plus

Samy,

so we are waiting for some successes with this card wink Let us know ASAP.

We have also here cards Mifare, but it is probably 1K ( I am not sure that it is 4K - not possible, heh). I do not have one, but when I will get assembled and working device (I wanna buy one as I wrote in other topics !!!) I will get this card for tests smile

Best Regards,
PS. your site is in .pl domain - are you familiar with Poland/Polish language? wink
I will answer myself smile .pl because of Perl smile))

edit: I just read that this solution we have here in the weakest one so I am now sure it is Milfare 1K (16 sectors, heh).

Last edited by szymonunion (2009-07-07 21:45:39)

Offline

#5 2009-07-15 00:04:22

samy
Contributor
From: los angeles, california
Registered: 2009-06-18
Posts: 148
Website

Re: MIFARE Plus

szy, I'm just a perl guy so I use .pl, not actually from Poland smile

Ed, looks like LA Metro is the first transporter to use them:
"Commuters and other passengers in the Greater Los Angeles Area are about to experience an upgrade, as the LA Metro becomes the world's first transport operator to implement NXP's MIFARE Plus contactless technology for automatic fare collection."

http://www.nxp.com/infocus/topics/la_metro/

Offline

#6 2009-07-15 10:22:35

szymonunion
Contributor
Registered: 2009-07-05
Posts: 46

Re: MIFARE Plus

samy,

as you saw my answer - I realized this quickly after I sent answer smile)) .pl is the best for Perl geek smile

Lucky you, you can test it - I still have no device and even no info when someone will have assembled and tested device to sell. I have few cards to test (Mifare 1k, HID ISOProx II, others), but I am not able without device sad

Offline

#7 2009-07-15 12:56:51

rleroy
Contributor
From: Between a REQB and a ATQB
Registered: 2009-03-04
Posts: 61

Re: MIFARE Plus

Nice smile That would be cool if you could find a vulnerability in the Mifare plus implementation! I searched quickly through the net this morning, correct me if i'm wrong, but it has not been broken yet ?

--
rleroy

Offline

#8 2009-07-15 18:44:43

samy
Contributor
From: los angeles, california
Registered: 2009-06-18
Posts: 148
Website

Re: MIFARE Plus

szy, why not purchase one from http://proxmark3.com? I think the price just went down, too.

rleroy, correct, I don't think there are any known vulnerabilities. Nohl did a talk at Blackhat last year about RFID security, and although I wasn't there, his powerpoint presentation glosses over algebraic attacks on the Mifare Plus:
https://www.blackhat.com/presentations/ … Mifare.pdf

I started reading about how they originally found the issues in MIFARE Classic. My understanding is they took the chip, a magnifying glass, acetone, and started cutting away layers of the chip in order to reverse engineer it! That is pretty hardcore.

Offline

#9 2009-07-15 18:47:54

samy
Contributor
From: los angeles, california
Registered: 2009-06-18
Posts: 148
Website

Re: MIFARE Plus

"Through further analysis of Crypto-1, we found the cipher to be highly vulnerable to algebraic attacks. Our most efficient attack takes only seconds on a PC, can operate on passively sniffed data from meters away, and works despite strong random numbers in Mifare Plus. The results were first announced at EuroCrypt 2008's rump session."

http://www.cs.virginia.edu/~kn5f/

Offline

#10 2012-03-18 09:43:35

merlok
Contributor
Registered: 2011-05-16
Posts: 132

Re: MIFARE Plus

hi,

there are no free software for plus on sl3, but there are documentation for reader chips.
commands in sl3 looks like commands in sl1, but they uses aes instead of crypto1

Offline

#11 2012-03-18 19:41:25

rule
Member
Registered: 2008-05-21
Posts: 417

Re: MIFARE Plus

It works very similar to AES authentication on a DESFire, there are much more info demo apps for the DESFire available wink

Offline

Board footer

Powered by FluxBB