Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Someone going to 32c3 this year? There will be a talk about Hitag S
Sicherheit von 125kHz Transpondern am Beispiel Hitag S
Ralf Spenneberg, Hendrik Schwartke, Oguzhan Cicek
Der Hitag S Transponder wird in verschiedensten Applikationen eingesetzt. Während Angriffe für den Hitag 2 bereits bekannt sind, gilt der Hitag S in der Literatur noch nicht als gebrochen. Wir haben die beschriebenen Angriffe auf den Hitag S übertragen. Wir sind in der Lage den Schlüssel zu brechen und Informationen wie das Kennwort zu ermitteln, obwohl diese zusätzlich vor Lesezugriff geschützt sind. In Abhängigkeit des gewählten Angriffs benötigen wir für das Brechen des Schlüssels zwischen mehreren hundert Tagen und 5 Minuten. Wir haben einen Emulator gebaut, der jeden Hitag S Transponder nachbilden kann. Wird der Transponder in einem Schließsystem eingesetzt, können wir so eine Schlüsselkopie erstellen. Basierend auf unseren Ergebnissen und den Erfahrungen mit anderen Transpondern aus dem 125kHz Bereich können wir nur vor dem Einsatz in sicherheitskritischen Bereichen warnen.
Presention: https://events.ccc.de/congress/2015/Fah … /7166.html
Last edited by iceman (2015-12-22 12:12:00)
Offline
Yep, I was there (and still am )
You can watch the talk on media.ccc.de.
Unfortunately it is one of the rare talks in German.
To wrap things up: Hitag S is broken. They developed some attacks that - depending on
some factors - can crack the keys within 5 minutes and hundreds of days...
Also they build an emulator to emulate Hitag S tags.
They promised to release their paper on January 1st, 2016. They also promised to release (some of) the code
they developed for the proxmark3. We will see...
Greetings from the 32C3!
ikarus
Offline
Don't know if this is related to the talk at 32C3 but here is a recent advisory about Hitag S: http://seclists.org/bugtraq/2016/Jan/4
This attack still requires 5 days of computation using SAT solver based on 2 sniffed challenges.
Offline
that is cool, ill have to look into the sat solver solution sgain. i never got it to work last time i tried it.
Offline
any news regarding the code to communicate with Hitag S transponders and readers?
Offline
@jump
Don't know if this is related to the talk at 32C3 but here is a recent advisory about Hitag S: http://seclists.org/bugtraq/2016/Jan/4
Related... This is the advisory from the team that held the talk at the 32C3.
You can find the PDF version of it on their website.
@Joshm
As far as I know, no code has been released yet. I wrote a mail to them. Lets wait and hope they will share their knowledge with us.
Edit:
(German) sildes of the talk.
Last edited by ikarus (2016-02-11 21:58:34)
Offline
Got a response. They said the code is unfinished and undocumented and therefore has not been released yet.
The guy who wrote the code (Oguzhan Cicek) is very busy with earning his masters degree. He will try to get
the code ready soon (during the next semester break).
Offline
If we are lucky!
Offline
Pages: 1