Backdoor MIFARE Smart Cards Exposes User-Defined Keys On Cards

Researchers analyze the security of MIFARE Classic cards, focusing exclusively on card-only attacks. They uncover multiple new attack vectors by examining the CRYPTO-1 algorithm, existing vulnerabilities, and a novel countermeasure. 

Through a combination of reverse engineering, cryptanalysis, and experimental analysis, they demonstrate the ability to extract card data and keys, clone cards, and ultimately compromise the security of both current and older MIFARE Classic card generations. 

The research culminates in the development of optimized attack tools and a deep understanding of the underlying vulnerabilities, emphasizing the critical need for replacing MIFARE Classic in modern applications.

Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot

It investigates the vulnerabilities of MIFARE Classic memory cards using the CRYPTO-1 protocol by analyzing existing card-only attacks that exploit weaknesses in the protocol’s implementation, such as predictable nonce generation and parity bit leaks. 

Then, introduce the FM11RF08S card, which implements countermeasures against these attacks and uses a static encrypted nonce for nested authentication and a repeatable initial nonce generated by a Linear Feedback Shift Register (LFSR). 

Researchers discovered and exploited a backdoor in FM11RF08S RFID tags. By analyzing the tag’s response to unexpected commands, they uncovered a hidden authentication method that bypasses standard security measures. 

This backdoor grants full read access to all tag data, including previously inaccessible blocks, while the team developed a technique to recover the main encryption key, rendering the tag’s security mechanisms ineffective. 

It undermines the security of numerous RFID systems employing this tag model, emphasizing the critical need for robust security measures in embedded systems. 

They discovered and exploited a backdoor in FM11RF08 and FM11RF08S MIFARE Classic clones, drastically accelerating key recovery attacks.

By targeting both keyA and keyB simultaneously and optimizing the key search process, they reduced attack time by a factor of six. 

Additionally, they identified a universal backdoor key applicable to older FM11RF08 models and even FM1208-10 devices, which enables rapid key extraction without prior knowledge, posing significant security risks for supply chain actors and end-users alike. 

Extensive testing of backdoor authentication commands on various card models revealed that certain non-Fudan cards unexpectedly accept these commands using a specific backdoor key, identical to that employed by Fudan FM11RF08 cards. 

A separate group of cards, including NXP MF1ICS5005, MF1ICS5006, and MF1ICS5007, respond to backdoor commands using standard keyA/keyB authentication, while USCUID/GDM magic cards also fall into this category. 

The darknested attack is particularly effective against SLE66R35, MF1ICS5003, and MF1ICS5004 due to the slower key recovery process compared to the darkside attack. 

Researchers have discovered a critical hardware backdoor in the widely used FM11RF08S MIFARE Classic chip, enabling previously impossible attacks on card data, including cloning. 

The backdoor, present in all FM11RF08 chips since 2007, undermines the chip’s touted security and compromises systems worldwide, while the same backdoor key has been found on older NXP and Infineon cards, raising serious security concerns. 

MIFARE Classic’s inherent vulnerabilities remain, and this discovery highlights the urgent need for infrastructure audits and migration to more secure alternatives.

Tools and attack methods have been integrated into the Proxmark3 platform for public analysis and defense.