Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

Pages: 1

#1 2008-11-18 17:14:41

TomBu
Contributor
From: Delft, The Netherlands
Registered: 2008-10-27
Posts: 55
Website

Crapto1 threat assessment

Dear all,


With this post I would like your input on the real world threat that is posed by Crapto1, when the attacker is not part of the Mifare using system.

Supposing that the adversary has all the necessary publically available hardware and software but he lacks a valid card and reader, what else is needed for a successful attack?

If I understood correctly Crapto1 will give the keys used to access the content of the smartcard. However IMHO the following hurdles make the attacker’s task more difficult:
-    At least one time, he needs to be in close proximity of the card and reader in order to sniff their communication. This range is expressed in centimetres rather then meters.
-    If the system makes use of the smartcard’s UID and its content then the adversary must use an emulator – like OpenPICC, Ghost or ProxMark- each and every time he wants to fool the system.

Are the above conditions correct?
If so what would be ways to make the attacker’s task even easier or more difficult? Could turning the power of the readers down be helpful?
Can a high gain antenna make it easier for the attacker to sniff communications, for instance?

Your thoughts and comments are more than welcome.


Kind regards,
Tom

Last edited by TomBu (2008-11-18 17:15:13)

Offline

#2 2008-11-19 11:24:10

rule
Member
Registered: 2008-05-21
Posts: 417

Re: Crapto1 threat assessment

TomBu wrote:

-    At least one time, he needs to be in close proximity of the card and reader in order to sniff their communication. This range is expressed in centimetres rather then meters.

One trace of the communication would also be enough to have the keys AND the content stored on it. With a tuned antenna the communication from the reader can be eavesdropped from several meters! This means, the keys can be retrieved from a very large distance. The content however is send by the card. The communication from the card can only be eavesdropped during this session from a range of 30 centimeters.

But remember, if someone has eavesdropped the keys from the large distance, she can easily step with you in the same bus and retrieve the data from your card with her own reader, just by standing next to you.

-    If the system makes use of the smartcard’s UID and its content then the adversary must use an emulator – like OpenPICC, Ghost or ProxMark- each and every time he wants to fool the system.

True, the UID seems to be fixed and can not be changed. Though there is a chinese Mifare Classic clone, manufactured by Fudan Microelectronics, which has it's own properties. At this moment I'm not aware of a cheap tag that supports UID changing, but personally I would not bet on this subject that they don't exist. Especially since there are already unlicensed clones of these cards since 2004 available on the market.

I hope this information helps in your assessment wink

Cheers,

  Roel

Offline

Pages: 1

Board footer

Powered by FluxBB