Most RFID card systems in the world uses MIFARE Classic due to its cost and long history.
MIFARE (not just the Classic family) have a UID (32 bits) and x blocks of encrypted data (12 for Classic). Each block is protected by a A key and a B key.
The earliest card system only uses UID for authentication ie. if the card says the right UID the card passes authentication.
Obviously, anyone can forge a card with said UID, so the latter system start to use the 12 encrypted fields for authentication. The card reader would challenge the card to encrypt the nonce plus stored identification. Only cards with the correct key can respond with the correct encrypted data + nonce.
The authentication uses symmetric encryption. Depending on how the system is setup, A key is used for Read only, Read Write, or A is used for read and B is used for write, or both A/B is need for read write.
The original Mifare Classic uses a proprietary crypto crypto-1. Due to various reasons (eg. weak PRNG, collisions, etc.) , it can be trivial to crack a traditional Mifare Classic key. However there are harden keys that still could not be cracked due to various countermeasures.
The paper seems to found a hardcoded A/B key A396EFA4E24F for a particular brand of RFID cards (I just skimped the paper and its been years since I worked on RFID. I might be wrong on the detail).
> The paper seems to found a hardcoded A/B key A396EFA4E24F for a particular brand of RFID cards (I just skimped the paper and its been years since I worked on RFID. I might be wrong on the detail).
Actually, if I understood the paper well, the same key worked also on older, non-Chinese cards like those produced by NXP. Why, that's a big question.
Would you happen to know of a good reference for this? I have a Proxmark and I'd like to learn how the encryption works so I can play around with (and maybe clone) some of my cards.
These systems usually do mutual authentication, and that's as much a side effect of the cryptographic primitives used as it is an intentional feature:
They're often using symmetric cryptography (even ECC is orders of magnitude more complex than a simple block cipher), and you get mutual authentication "for free" that way, in exchange for having to guard the keys on both the card and the reader to prevent a total compromise.
MIFARE (not just the Classic family) have a UID (32 bits) and x blocks of encrypted data (12 for Classic). Each block is protected by a A key and a B key.
The earliest card system only uses UID for authentication ie. if the card says the right UID the card passes authentication.
Obviously, anyone can forge a card with said UID, so the latter system start to use the 12 encrypted fields for authentication. The card reader would challenge the card to encrypt the nonce plus stored identification. Only cards with the correct key can respond with the correct encrypted data + nonce.
The authentication uses symmetric encryption. Depending on how the system is setup, A key is used for Read only, Read Write, or A is used for read and B is used for write, or both A/B is need for read write.
The original Mifare Classic uses a proprietary crypto crypto-1. Due to various reasons (eg. weak PRNG, collisions, etc.) , it can be trivial to crack a traditional Mifare Classic key. However there are harden keys that still could not be cracked due to various countermeasures.
The paper seems to found a hardcoded A/B key A396EFA4E24F for a particular brand of RFID cards (I just skimped the paper and its been years since I worked on RFID. I might be wrong on the detail).