Last month, the Dutch government issued a warning about the security of access keys based on the ubiquitous MiFare Classic RFID chip. The warning comes on the heels of an ingenious hack, spearheaded by Henryk Plotz, a German researcher, and Karsten Nohl, a doctoral candidate in computer science at the University of Virginia, that a way to crack the encryption on the chip. Millions upon millions of MiFare Classic chips are used worldwide in contexts such as payment cards for public transportation networks throughout Asia, Europe and the U.S. And in building-access passes.
How to Crack Mifare Classic Cards. How to Crack Mifare. If you manage to crack all the keys you can see the HEX encoded contents of the key on your terminal and.
The report asserts that systems employing MiFare will likely be secure for another two years, since hacking the chip seems to be an involved and expensive process. But in a recent report published by Nohl, titled he presents an attack that recovers secret keys in mere minutes on an average desktop PC. In December, Nohl and Plotz gave a presentation on MiFare's security vulnerabilities at the 24th Chaos Communications Congress (24C3), the annual four-day conference organized by Germany's notorious hacking collective, the Chaos Computer Club (CCC). Thousands of hackers from far-flung locales converged on Berlin between Christmas and New Year's for a raft of talks and project demonstrations. In their popular talk at 24C3, punctuated by bursts of raucous applause, Nohl presented an overview of radio frequency identification security vulnerabilities and the process of hacking the MiFare chip's means of encryption, known as the Crypto-1 cipher. 'This is the first public announcement that the Crypto-1 cipher on the MiFare tag is known,' said Nohl in December at the 24C3 talk. 'We will give out further details next year.'