[Karsten Nohl] has recently joined the team on Flylogic’s blog. You may remember him as part of the team that reverse engineered the crypto in MiFare RFID chips. In his first post, he starts out with the basics of identifying logic cells. By studying the specific layout of the transistors you can reproduce the actual logic functions of the chip. The end of post holds a challenge for next week (pictured above). It has 34 transistors, 3 inputs, 2 outputs, and time variant behavior. Also, check out the Silicon Zoo which catalogs individual logic cells for identification.
mifare11 Articles
Subway Hacker Speaks
Popular Mechanics has an interview with [Zach Anderson], one of the MIT hackers that was temporarily gagged by the MBTA. The interview is essentially a timeline of the events that led up to the Defcon talk cancellation. [Zach] pointed out a great article by The Tech that covers the vulnerabilities. The mag stripe cards can be easily cloned. The students we’re also able to increase the value of the card by brute forcing the checksum. There are only 64 possible checksum values, so they made a card for each one. It’s not graceful, but it works. The card values aren’t encrypted and there isn’t an auditing system to check what values should be on the card either. The RFID cards use Mifare classic, which we know is broken. It was NXP, Mifare’s manufacturer, that tipped off the MBTA on the actual presentation.
25C3: Nothing To Hide Announced
Germany’s Chaos Computer Club has announced the theme for their annual Chaos Communication Congress: “Nothing to hide“. Like last year’s “Full steam ahead!“, it’s open to many interpretations. People striking down privacy laws often say citizens shouldn’t mind since they have “Nothing to hide”. The phrase is also connected to the inability to hide data, as the CCC demonstrated this year by publishing the German Home Secretary’s fingerprint. On a more positive side, “Nothing to hide” is also about the free exchange of information that happens at hacker conventions. The Congress is in its 25th year and promises to be as good as ever. At last year’s 24C3, we saw great talks like [Drew Endy]’s biohacking talk and the original MiFare crypto presentation. 25C3 will be held in Berlin December 27th to 30th. The wiki is already up and they’ve published a call for participation, if you’re interested.
24C3 Mifare Crypto1 RFID Completely Broken
Another highlight for us at CCC was [Karsten Nohl] and [Henryk Plötz] presenting how they reversed Philips crypto-1 “classic” Mifare RFID chips which are used in car keys, among other things. They analyzed both the silicon and the actual handshaking over RF. Looking at the silicon they found about 10K gates. Analyzing with Matlab turned up 70 unique functions. Then they started looking “crypto-like” parts: long strings of flip-flops used for registers, XORs, things near the edge that were heavily interconnected. Only 10% of the gates ended up being crypto. They now know the crypto algorithm based on this analysis and will be releasing later in the year.
The random number generator ended up being only 16-bit. It generates this number based on how long since the card has been powered up. They controlled the reader (an OpenPCD) which lets them generate the same “random” seed number over and over again. This was actually happening on accident before they discovered the flaw.
One more broken security-through-obscurity system to add to the list. For more fun, watch the video of the presentation.