By: Kevin Larson

Scheduled on: January 29 at 14:00


The presentation will show how easy it can be to crack not just Mifare Classic but the new Mifare Plus which have an improved PRNG which nullifies MFCUK/MFOC which currently crack Mifare Classic. I have taken portions of code from the Proxmark3 and LibNFC to combine into one tool that works with a $30 usb reader which looks just like a usb thumbdrive, and requires no arguments whatsoever. Simply place a card on the reader, run:

$ ./miLazyCracker

And the script will talk to the card, determine if the PRNG is vulnerable or not, and select the proper attack. From there it will iterate through any missing keys and finally dump the card so it can be cloned. The talk also shows how to create cards with open source tools (this part is not new but it’s easily explained).

I am a Masters student in Computer Science and have worked with embedded devices for about 10 years and most recently worked in cyber security research. I love everything smart card related, wireless (zigbee, zwave, 6LoPAN), hardware hacking, reversing .NET and patching programs to do crazy stuff.

I think this is cool because anyone can clone a card (or see if its clonable) with no prior knowledge of smart cards, no learning about sector layouts and what arguments to give to the script whatsoever, and it only a $30 part which looks like a usb thumb drive. This makes it very possible to sit on a bus or subway next to the lady who has her badge in her purse and potentially clone her card, follow her to work and gain access to a building. Its not necessarily the most novel reverse engineering feat but it bring smart card cloning (and attacks as recent as 6 months old) to the masses. this isn’t so more people can break in, but so companies can be aware of how easy this is and to move away from anything with the name Mifare.