Programming tools for cracking Mifare published

A hacker using the pseudonym Bla has published an open source tool called Crapto1 for cracking the encryption of the Mifare Classic RFID chip, as used in the Oyster Card. Besides an implementation in C of the vulnerable Crypto1 algorithm, the archive also contains the C source code for an attack that has been described in a paper by Dutch security researchers at Radboud University.

Using the tool it is said to be possible to calculate the access code of a Mifare Classic card within around two seconds. All an attacker requires is a live recording of an encrypted radio communication between the card and a legitimate reader, as well as a little programming knowledge. The access code then allows him not only to decode the encrypted data, but also to manipulate the card's content virtually without limit and to clone it to obtain services fraudulently.

Attacks on RFID systems have been limited to a small number of specialists with a background knowledge of cryptography, who had the skills to execute a complex attack. Crapto1 simplifies the work considerably, though it still requires programming knowledge and some experience of handling an RFID reader. The Dutch internet magazine Webwereld says that readers like the Proxmark III or the OpenPCD reader can be used to intercept encrypted RFID traffic.

The increasing number and decreasing complexity of attacks on RFID systems could force many organisations into upgrading their systems. Many non-contact payment systems around the world are based on Mifare Classic chips. The Mifare Classic is also used in many access control systems worldwide. In the Netherlands, a changeover from the OV Chipkaart to the Mifare Classic for travel on local transport services is in full swing right now.

See also:

• Is the MiFare Classic RFID system blown?

(jbe)