how to compute the key ?

emsec / ChameleonMini

The ChameleonMini is a versatile contactless smartcard emulator compliant to NFC. The ChameleonMini was developed by https://kasper-oswald.de. The device is available at https://shop.kasper.it. For further information see the Getting Started Page https://rawgit.com/emsec/ChameleonMini/master/Doc/Doxygen/html/_page__getting_started.html or the Wiki tab above.

Other

1.75k stars 392 forks source link

how to compute the key ? #80

Closed feifeilanniao closed 7 years ago

feifeilanniao commented 8 years ago

I config the chameleon as MF_CLASS_1K,and put it to the reader.Then i upload the log as you can see in the picture.With the uid,nT,nR,aR,how to compute the KEY?

geo-rg commented 8 years ago

If you emulate a MiFare Classic card, you can simply download the cards contents via download. In this dump, the keys can be found at byte positions 48 and 58 (I'm not totally sure about the positions, but the keys are there somewhere).

feifeilanniao commented 8 years ago

@geo-rg Sorry for my statement,which make some misleading.Also,thanks for your response.And for my question"how to compute the KEY",i want to use chameleonmini(config as MF_CLASS_1K) to sponf the reader,then i get the communication messages betweeen the chameleonmini and the reader,then with these messages,i want to compute the key that the reader had used for authing.

geo-rg commented 8 years ago

Ah ok. So afaik nT is plain and thus does not depend on the key. nR and aR are encrypted. The most recent and also best attack on MiFare Classic I know is from last year and uses several thousands of nonces (Meijer, Verdult at ACM CCS). Thus, I don't think that it is possible to compute the key from only one communication.

feifeilanniao commented 8 years ago

@geo-rg But i know that someone can use chameleonmini to sponf the reader and get the key in minutes.How can they do this?Are there any methods or tools?

dev-zzo commented 8 years ago

@feifeilanniao Use Proxmark3 for key recovery attacks on (older) MIFARE Classic cards (see the hf mf mifare command in the proxmark3 client tool) -- this one is tested and working. ChameleonMini does not have any attacks implemented; you are very welcome to contribute your working implementation of the existing attacks though. :-)

geo-rg commented 8 years ago

@feifeilanniao I found the attack you think about in a paper from 2008. Just search for "Dismantling Mifare Classic" on google scholar. At the end of the paper, there are attacks described.

geo-rg commented 7 years ago

@feifeilanniao Did that answer your question?

feifeilanniao commented 7 years ago

Thanks for your answer.I didn't play with chameleonmin for a long time.Recently,i have read the paper about "Dismantling Mifare Classic",it's to difficult for me to get some useful message from the paper.I will try to review it and analyze.

david-oswald commented 7 years ago

You can also look at the newer attacks that are available: http://www.cs.ru.nl/~rverdult/Ciphertext-only_Cryptanalysis_on_Hardened_Mifare_Classic_Cards-CCS_2015.pdf

feifeilanniao commented 7 years ago

ok,thank you so much!