Decapping Mifare 1k w new prng?

iceman · 2017-04-26 17:13:45

Hey 0xFFFF,

since you decapped a iclass tag, how about you do one of these? Mifare s50 1k w hardend prng?

Maybe its useful for someone?

0xFFFF · 2017-04-27 00:40:00

Never considered looking at the newer S50.
I doubt that I have any on hand.

Any suggestions on a good (cheap) supplier to obtain a few from?

kwx · 2017-04-28 14:50:34

Hey mate -
I could probably get some from our factory. I could get them doped, or maybe even un-doped, right off the wafer..
Let me know what you'd prefer.

iceman · 2017-04-28 15:29:07

...the documents describing the wafer?

piwi · 2017-04-28 16:44:43

Most probably this would be a waste of time because there will be no PRNG at all. NXP claims that their Mifare Classic EV1 has a True RNG. A True RNG would be made of a noisy PN junction and an amplifier. Reverse engineering wouldn't help.

iceman · 2017-04-28 17:04:17

...claiming or knowing, such a difference

0xFFFF · 2017-05-01 01:15:23

kwx - Message sent.

piwi wrote:

...NXP claims that their Mifare Classic EV1 has a True RNG...

iceman wrote:

...claiming or knowing, such a difference

I'm willing to bet that you're right piwi but until someone can confirm either way, we can't be absolutely certain.

kwx · 2017-05-04 10:30:37

0xFFFF wrote:

kwx - Message sent.
piwi wrote:
...NXP claims that their Mifare Classic EV1 has a True RNG...
iceman wrote:
...claiming or knowing, such a difference
I'm willing to bet that you're right piwi but until someone can confirm either way, we can't be absolutely certain.

Let me know specifically what you'd want or need, and I'll chat with my suppliers.
I'm pretty sure I could get you undoped chips right off the wafer (probably with the UID unfused as well.)

0xFFFF · 2017-05-19 00:24:38

Update:

Thank you to kwx for supplying the silicon!
This is the only public documentation I could find.
I have some photos I'll upload later. Nothing exciting just yet.

I have been trying to arrange a suitable time to visit a lab. Time and money have been preventing me from getting this done sooner.

0xFFFF · 2017-05-22 01:22:25

Some photos. Not very useful at this stage...

iceman · 2017-05-22 07:06:33

its a start!

0xFFFF · 2017-05-22 07:47:21

Thanks. I suppose it is.
Not having much fun at all. I swapped the camera module on my microscope and something has gone horribly wrong. My X axis has stopped working and focus hasn't been 100%. The table appears to have been knocked out of alignment. Very frustrating!

I've been talking to a few labs to try and arrange access to an SEM. As much as I'd like to go ahead with this, I can't justify the expense.
A new microscope is first on my list which is more that I can afford right now.

my_fair_cats_sick · 2017-05-22 19:41:46

So in the case does NXP claim these cards are compatible with all CRYPTO1 implementations but will not be vulnerable to nested or hard-nested?

Didn't the original paper which showed hard nested attack theory show that there were vulnerabilities besides the PRNG that could be exploited? Does anyone know if the EV1 is out yet and this can be looked at?

iceman · 2017-05-22 19:46:54

those pics 0xFFFF has, should be Mifare Classic EV1 dies...

0xFFFF · 2017-05-22 23:58:46

my_fair_cats_sick wrote:

So in the case does NXP claim these cards are compatible with all CRYPTO1 implementations but will not be vulnerable to nested or hard-nested?

I have not looked in to the vulnerabilities just yet.
The Classic EV1 'behaves' the same way as the older S50s.
7 Byte UID version supports random UIDs.
True random number generator.
The 4 Byte version appears to be a non unique UID.

my_fair_cats_sick wrote:

Didn't the original paper which showed hard nested attack theory show that there were vulnerabilities besides the PRNG that could be exploited?

I have not looked in to this.

my_fair_cats_sick wrote:

Does anyone know if the EV1 is out yet and this can be looked at?

See photos above.
They are terrible but you can just make out that the die is a S50 EV1.
7MF1S50XV0A

I would like to get a 4 Byte and a 7 Byte card.

piwi · 2017-05-25 09:52:42

Mifare Classic EV1 is out since years. You most probably get one if you order "Mifare Classic" today. Compared to the old Mifare Classic it has a true RNG instead of the broken PRNG but otherwise no difference. Which means that it still should work for all applications but the attacks based on the broken PRNG (Darkside, "nested") won't work any more. "Hardnested" however does work.

Proxmark3 community

Announcement

#1 2017-04-26 17:13:45

Decapping Mifare 1k w new prng?

#2 2017-04-27 00:40:00

Re: Decapping Mifare 1k w new prng?

#3 2017-04-28 14:50:34

Re: Decapping Mifare 1k w new prng?

#4 2017-04-28 15:29:07

Re: Decapping Mifare 1k w new prng?

#5 2017-04-28 16:44:43

Re: Decapping Mifare 1k w new prng?

#6 2017-04-28 17:04:17

Re: Decapping Mifare 1k w new prng?

#7 2017-05-01 01:15:23

Re: Decapping Mifare 1k w new prng?

#8 2017-05-04 10:30:37

Re: Decapping Mifare 1k w new prng?

#9 2017-05-19 00:24:38

Re: Decapping Mifare 1k w new prng?

#10 2017-05-22 01:22:25

Re: Decapping Mifare 1k w new prng?

#11 2017-05-22 07:06:33

Re: Decapping Mifare 1k w new prng?

#12 2017-05-22 07:47:21

Re: Decapping Mifare 1k w new prng?

#13 2017-05-22 19:41:46

Re: Decapping Mifare 1k w new prng?

#14 2017-05-22 19:46:54

Re: Decapping Mifare 1k w new prng?

#15 2017-05-22 23:58:46

Re: Decapping Mifare 1k w new prng?

#16 2017-05-25 09:52:42

Re: Decapping Mifare 1k w new prng?

Board footer