RFID
SkeeBot (Skeeball) machine a success!
by Ethan on Feb.18, 2009, under 757labs, RFID, cons, electronics
1st place was taken at the 2009 Shmoocon Hacker Arcade for the skeebot modified skeeball machine! A conventional skeeball machine was upgraded. Features added include RFID authentication of the wooden balls, a 19″ widescreen LCD display, 1980 music videos, dollar and coin validation, 16.7 million color computer interfaced lighting, 750 watt strobe (also computer interfaced), seconardy LCD for digital ticket system (using USB port for thumbdrive), ground effects (also RGB LED based), and more! It was by far the largest, and technically only entry at this years arcade. Thanks to David of Outer Banks Amuseuments for the machine. The machine was given to Bruce & Heidi of the Shmoogroup (minus most electronics). We hope to see it in the future modified in all new ways. We’ve already got a list of new ideas for next year’s hacker arcade.
Eventually all source code and docs will be posted under skeebot at www.757labs.com. Video was also recorded to make a short video about the project.
Thanks to Remad and Enferex for much help in transportation, testing, and setting it up! Enferex wrote some code for a web component that unfortunately wasn’t finished. It might find it’s way into a future project though!
So long Mifare RFID system
by Chris Glaves on Mar.14, 2008, under RFID
In case you haven’t been following the developments with the Mifare RFID system here is what is going on:
So whats happening in this picture?
Here’s the backstory; Most of the RFID vendors keep the inner working secret. Deep inside a one millimeter chip, a small proprietary encryption routine is held. Virtually impossible to reach, spread over five extremely thin wafers that are all interconnected.
Good luck taking that apart to see if you can reverse engineer the algorithm … or at least that must have been the thought of the inventors of the Mifare RFID system. Unfortunately for them, some German researchers did just that … take the one square millimeter chip apart.
And at the latest CCC congress in Berlin, Karsten Nohl and Henryk Plötz gave a about their findings (google video or MP4).
Here is a fascinating description of what they accomplished:
“With a lot of patience, they managed to slice off the top of the chip and reach the first layer. Using a 500X magnifying microscope they took a high resolution picture of this layer. They then used some very fine polish and ‘really really carefully’ polished away the first layer, making the second layer visible. And took another picture. And so on. The story does not say in how many tries they succeeded to make five high quality images, but it must have been a hell of a job. Not to mention laying these images on top of each other and trying to make sense out of it. According to the researchers this all was ‘painful work’. “
They managed to reverse engineer the Mifare encryption algorithm. So long Mifare RFID system.
From Blackbag by Barry comes a description;
“Mifare heavily relies on keeping the encryption scheme secret. The problem is cheap/affordable RF-ID chips do not have enough CPU to do serious crypto, so keeping the inner working secret is the only defense. And during the research many more weaknesses in the Mifare system were found. Even if you do not understand everything, I strongly encourage everyone to view the video of the presentation. It is inspiring to say the least, and shows with determination even the most complex problem can be tackled (well …. almost).”
“The real lesson learned is that security through obscurity does not work, and only buys you some time. But it will bite you in the long run when using it in widely deployed systems. The problem now is millions of Mifare chips are deployed in the field in a huge install base. And most of the users are completely unaware of the disaster that is coming …”
“So far the users are ’safe’. The researchers have not given out the full details on Mifare…. yet. But please take their advice serious: “If you rely on Mifare for anything, start migrating!”. More information about the mifare hack can be expected in the very near future.”
Now step forward a couple of months and:
Roel Verdult of Nijmegen’s Radboud university demonstrated on Dutch television (WMV or Youtube) how he hacked the disposable RFID public transport card. Roel created a small device called ‘ghost’ that is capable of cloning disposable cards and re-use them over and over again. Total hardware costs around 40 euro. And Roel thinks as soon as the German researchers release their information on Mifare classic, the ‘more secure’ subscription tickets can also be cloned .
Then on 12 March 2008 comes word from the Dutch Ministry of Internal Affairs website:
“With little effort abuse is possible and cards can be cracked and copied easily.
This concerns all (access control) cards containing the so called ‘mifare classic-chip’, used in applications that do not rely on additional security measures (like our nation wide transport card).
We guess around two million access control cards are in use in the Netherlands, worldwide we assume two billion.
In various Governmental and private sector this chiptechnology is in use.
Our national intelligence agency (AIVD) has, on my request, checked the method at the Radboud University, and confirmed their claim is correct and works.”
Absolutely fascinating stuff the impact of which could be pretty big when the next unbreakable technology is widely adopted, implemented and cracked! Oh that was Microsoft’s Windows Media DRM, no wait or was it Apple’s FairPlay, no wait it was… Good luck.
Here is the press release from the Digital Security Group of Radboud University detailing their findings on the Mifare Classic security weakness.
UPDATE
Radboud university came out with a video and a report (ENG PDF) on the Mifare hack.
stand by for freely available software!
