Skip to main content

Advertisement

SpringerLink
  • Log in
Book cover

International Conference on Smart Card Research and Advanced Applications

CARDIS 2008: Smart Card Research and Advanced Applications pp 267–282Cite as

  1. Home
  2. Smart Card Research and Advanced Applications
  3. Conference paper
A Practical Attack on the MIFARE Classic

A Practical Attack on the MIFARE Classic

  • Gerhard de Koning Gans1,
  • Jaap-Henk Hoepman1 &
  • Flavio D. Garcia1 
  • Conference paper

  • 13k Accesses

  • 66 Citations

  • 3 Altmetric

Part of the Lecture Notes in Computer Science book series (LNSC,volume 5189)

Abstract

The mifare Classic is the most widely used contactless smart card in the market. Its design and implementation details are kept secret by its manufacturer. This paper studies the architecture of the card and the communication protocol between card and reader. Then it gives a practical, low-cost, attack that recovers secret information from the memory of the card. Due to a weakness in the pseudo-random generator, we are able to recover the keystream generated by the CRYPTO1 stream cipher. We exploit the malleability of the stream cipher to read all memory blocks of the first sector of the card. Moreover, we are able to read any sector of the memory of the card, provided that we know one memory block within this sector. Finally, and perhaps more damaging, the same holds for modifying memory blocks.

Keywords

  • Field Programmable Gate Array
  • Data Block
  • Authentication Protocol
  • Stream Cipher
  • Access Condition

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Download conference paper PDF

References

  1. Finkenzeller, K.: RFID Handbook, 2nd edn. John Wiley and Sons, Chichester (2003)

    CrossRef  Google Scholar 

  2. Garcia, F.D., de Koning Gans, G., Muijrers, R., van Rossum, P., Verdult, R., Schreur, R.W.: Dismantling MIFARE Classic (forthcoming)

    Google Scholar 

  3. Hoepman, J.-H., Hubbers, E., Jacobs, B., Oostdijk, M., Schreur, R.W.: Crossing Borders: Security and Privacy Issues of the European e-Passport. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 152–167. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  4. ISO/IEC 14443. Identification cards - Contactless integrated circuit(s) cards - Proximity cards (2001)

    Google Scholar 

  5. Nohl, S.K., Evans, D., Plötz, H.: Reverse-Engineering a Cryptographic RFID Tag. In: USENIX Security Symposium, San Jose, CA, 31 July (2008)

    Google Scholar 

  6. Kerckhoffs, A.: La cryptographie militaire. Journal des sciences militaires, IX, pp. 5–38, January 1983, and pp. 161–191, February 1983(1983)

    Google Scholar 

  7. Nohl, K., Plötz, H.: MIFARE, Little Security, Despite Obscurity. In: Presentation on the 24th Congress of the Chaos Computer Club in Berlin (December 2007)

    Google Scholar 

  8. NXP Semiconductors. MIFARE Standard 4KByte Card IC functional specification (February 2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Computing and Information Sciences, Radboud University Nijmegen, P.O. Box 9010, 6500, GL Nijmegen, The Netherlands

    Gerhard de Koning Gans, Jaap-Henk Hoepman & Flavio D. Garcia

Authors
  1. Gerhard de Koning Gans
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jaap-Henk Hoepman
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Flavio D. Garcia
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

    Rights and permissions

    Reprints and Permissions

    Copyright information

    © 2008 IFIP International Federation for Information Processing

    About this paper

    Cite this paper

    de Koning Gans, G., Hoepman, JH., Garcia, F.D. (2008). A Practical Attack on the MIFARE Classic. In: Grimaud, G., Standaert, FX. (eds) Smart Card Research and Advanced Applications. CARDIS 2008. Lecture Notes in Computer Science, vol 5189. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85893-5_20

    Download citation

    • .RIS
    • .ENW
    • .BIB

    • DOI: https://doi.org/10.1007/978-3-540-85893-5_20

    • Publisher Name: Springer, Berlin, Heidelberg

    • Print ISBN: 978-3-540-85892-8

    • Online ISBN: 978-3-540-85893-5

    • eBook Packages: Computer ScienceComputer Science (R0)

    Share this paper

    Anyone you share the following link with will be able to read this content:

    Sorry, a shareable link is not currently available for this article.

    Provided by the Springer Nature SharedIt content-sharing initiative

    Over 10 million scientific documents at your fingertips

    Switch Edition
    • Academic Edition
    • Corporate Edition
    • Home
    • Impressum
    • Legal information
    • Privacy statement
    • California Privacy Statement
    • How we use cookies
    • Manage cookies/Do not sell my data
    • Accessibility
    • FAQ
    • Contact us
    • Affiliate program

    Not logged in - 3.239.6.58

    Not affiliated

    Springer Nature

    © 2023 Springer Nature Switzerland AG. Part of Springer Nature.