Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2015-11-30 18:55:15

mdawid
Contributor
Registered: 2015-11-30
Posts: 3

Question regarding MIFARE Classic mutual authentiction

Hi All,

i have a question regarding the MIFARE Classic mutual authentication process, and i hope to get some hints. I have already searched this forum, but i wasn't able to find a sufficient answer.

Currently i want to implement an application, that is able to read out any sector of a MIFARE Classic card (1k and 4k). I cannot use a reader, that has a NXP chip, therefore i have to implement the required Crypto1 in software (C#). So far i managed to find publications in the internet, that reverse engineered a MIFARE chip and documented very well it's internals. From these documentations (see links at the end of this post), i was able to implement a LFSR with the desired filter function. Right now i am stuck in the mutual authentication phase, where i want to authenticate for example block 3 with KeyA (I know the key), by sending the command 60 03. As expected i receive a nonce from the card. Now comes the interesting part. I need to cipher the nonce and send it back together with a "reader-nonce" "generated by me" which is also ciphered. Now, here are the points that confuse me:

How do i initialize my LFSR (reader side), with KeyA?
To cipher the reader nonce and the card nonce i have to shift both into my LFSR. But in which order?
Do i need to calculate parity bits during authentication phase?
Do i really need a LFSR based PRNG on the reader side, or can i use any random number generator?

Hope you can give me some hints.

Thanks in advance,

mdawid

--
References:
https://sar.informatik.hu-berlin.de/research/publications/SAR-PR-2008-21/SAR-PR-2008-21_.pdf
Practical Attacks on the MIFARE Classic by Wee Hon Tan (wht08)

Offline

Board footer

Powered by FluxBB