MIFARE Plus

samy · 2009-07-07 06:34:15

Anyone work with a MIFARE Plus card before?

Any suggestions? I can probably snoop, but it will have to be at a public place!

edo512 · 2009-07-07 09:05:58

Have you actually seen one of those in the wild yet?

samy · 2009-07-07 09:08:08

I'm pretty sure the Los Angeles Metro uses them now as re-usable bus passes. I got one today!

http://www.nxp.com/news/content/file_1569.html

szymonunion · 2009-07-07 09:42:25

Samy,

so we are waiting for some successes with this card Let us know ASAP.

We have also here cards Mifare, but it is probably 1K ( I am not sure that it is 4K - not possible, heh). I do not have one, but when I will get assembled and working device (I wanna buy one as I wrote in other topics !!!) I will get this card for tests

Best Regards,
PS. your site is in .pl domain - are you familiar with Poland/Polish language?
I will answer myself .pl because of Perl ))

edit: I just read that this solution we have here in the weakest one so I am now sure it is Milfare 1K (16 sectors, heh).

Last edited by szymonunion (2009-07-07 21:45:39)

samy · 2009-07-15 00:04:22

szy, I'm just a perl guy so I use .pl, not actually from Poland

Ed, looks like LA Metro is the first transporter to use them:
"Commuters and other passengers in the Greater Los Angeles Area are about to experience an upgrade, as the LA Metro becomes the world's first transport operator to implement NXP's MIFARE Plus contactless technology for automatic fare collection."

http://www.nxp.com/infocus/topics/la_metro/

szymonunion · 2009-07-15 10:22:35

samy,

as you saw my answer - I realized this quickly after I sent answer )) .pl is the best for Perl geek

Lucky you, you can test it - I still have no device and even no info when someone will have assembled and tested device to sell. I have few cards to test (Mifare 1k, HID ISOProx II, others), but I am not able without device

rleroy · 2009-07-15 12:56:51

Nice That would be cool if you could find a vulnerability in the Mifare plus implementation! I searched quickly through the net this morning, correct me if i'm wrong, but it has not been broken yet ?

--
rleroy

samy · 2009-07-15 18:44:43

szy, why not purchase one from http://proxmark3.com? I think the price just went down, too.

rleroy, correct, I don't think there are any known vulnerabilities. Nohl did a talk at Blackhat last year about RFID security, and although I wasn't there, his powerpoint presentation glosses over algebraic attacks on the Mifare Plus:
https://www.blackhat.com/presentations/ … Mifare.pdf

I started reading about how they originally found the issues in MIFARE Classic. My understanding is they took the chip, a magnifying glass, acetone, and started cutting away layers of the chip in order to reverse engineer it! That is pretty hardcore.

samy · 2009-07-15 18:47:54

"Through further analysis of Crypto-1, we found the cipher to be highly vulnerable to algebraic attacks. Our most efficient attack takes only seconds on a PC, can operate on passively sniffed data from meters away, and works despite strong random numbers in Mifare Plus. The results were first announced at EuroCrypt 2008's rump session."

http://www.cs.virginia.edu/~kn5f/

merlok · 2012-03-18 09:43:35

hi,

there are no free software for plus on sl3, but there are documentation for reader chips.
commands in sl3 looks like commands in sl1, but they uses aes instead of crypto1

rule · 2012-03-18 19:41:25

It works very similar to AES authentication on a DESFire, there are much more info demo apps for the DESFire available

Proxmark3 community

Announcement

#1 2009-07-07 06:34:15

MIFARE Plus

#2 2009-07-07 09:05:58

Re: MIFARE Plus

#3 2009-07-07 09:08:08

Re: MIFARE Plus

#4 2009-07-07 09:42:25

Re: MIFARE Plus

#5 2009-07-15 00:04:22

Re: MIFARE Plus

#6 2009-07-15 10:22:35

Re: MIFARE Plus

#7 2009-07-15 12:56:51

Re: MIFARE Plus

#8 2009-07-15 18:44:43

Re: MIFARE Plus

#9 2009-07-15 18:47:54

Re: MIFARE Plus

#10 2012-03-18 09:43:35

Re: MIFARE Plus

#11 2012-03-18 19:41:25

Re: MIFARE Plus

Board footer