0

Some days ago I connected a USB contact-less Smart-Card reader and sniffed that USB port via an USB Sniffer tool. Afterward, I put a 1k Mifare card on the reader and read 1 byte.

I take a look at the sniffer tool output and understand that the keys (read key and write key) transferred to the card without any encryption!

Now I want to know is this mechanism really safe??! If I change my reader's API to make it behave like a Mifare card and move it close to the original reader and sniff the communication between two card readers via my computer can't I gain the keys?!

Is this possible to make a Reader behave like a mifare card in the field of another contactless reader?

Update : As I know it is mandatory to load keys on mifare card, before sending authenticate command! As you see below, I load keys on card! [It is FF FF FF FF FF FF by default].

enter image description here

Simultaneously I sniffed the USB port that my ACRA122U connected to! As you see below, the keys was sent in plain!

enter image description here

What is wrong with what I did?!

Note: Miss Hedayat (My Colleage), also confirmed it! :))

Michael Roland
  • 39,663
  • 10
  • 99
  • 206
TheGoodUser
  • 1,188
  • 4
  • 26
  • 52

2 Answers2

2

No, the keys are not transferred in plain, since there is no need to transfer any key in the scenario of reading one byte, depending on the configuration they may need to be applied. I have no idea, what your sniffer output tells you.

No, Mifare (Classic) is not safe, but this is a separate question sufficiently answered at SO. Summarized: the key is too short and therefore the cryptographic algorithm used is too weak.

No, a reader can't disguise as card; even if it could: you seem to think, that the keys are broadcast and then you could simply grab them from air, which is far from the mark.

guidot
  • 5,095
  • 2
  • 25
  • 37
  • Please take a look at **Update** section in question. – TheGoodUser Aug 18 '14 at 13:23
  • @TheGoodUser: The key has to be set up **once** before you work with a given card. Setting it in every session is neither necessary nor recommended (neither is using the default value of FF FF...), therefore this should be done in a separate program run only once and would not show up in your sniffer dump. – guidot Aug 18 '14 at 14:08
  • Excuse me dear Guidot, Does the key load in the Reader or it load in the Card? – TheGoodUser Aug 25 '14 at 05:09
  • @TheGoodUser: I suspected, this might be the problem: to **establish** a key one has to store it on the **card**, therefore obviously transmit it there; this is done occasionally or even only once. To **access** data protected by a key, you have to transmit it to the **reader**; this is done often, or (if no unprotected access is allowed) even always. – guidot Aug 25 '14 at 06:22
  • When I load the keys on Reader or Card (I don't know which one), I can authenticate the card even after removing the card from the reader and putting it again on the reader and getting a new ATR and also even after closing and opening the SDK (without loading again the keys)! but right after disconnecting the reader and connecting again, I have to load the keys again to be able to authenticate. Is that mean when I load the keys, they saved on a volatile buffer in the reader? – TheGoodUser Aug 25 '14 at 07:03
  • @TheGoodUser: Yes, while one could have expected, that the reader deletes the keys as soon as you close the connection to it, your reader seems to keep them until it is powered down. (Compare with reader documentation). Bringing the card/token out of the field and back does not change anything on the card side. Again the reader (or its driver) could recognize this and delete the corresponding keys but doesn't seem to do so in your case. – guidot Aug 25 '14 at 10:18
2

You are not sniffing the communication between the reader and the MIFARE Classic card but between the PC and the reader (USB CCID).

In order to communicate with a MIFARE Classic card, you have to load the access keys onto the reader. That's what the "load authentication keys" command (in your screenshot) does. In the case of the ACR122U, keys are stored into volatile memory on the reader. Other readers may support non-volatile key slots too (see the readers' documentation and the PC/SC specification section on contactless memory cards).

Later, when you issue an authentication command, the reader will perform the MIFARE Classic mutual authentication, which is basically a challenge response authentication and key agreement protocol. So instead of sending the actual key to the card, the reader will receive a random number from the card, will encrypt the random number with the key and will return that encrypted random number to the card. The card will then decrypt the random number with the same key and can thus verify if the reader used the correct key.

Michael Roland
  • 39,663
  • 10
  • 99
  • 206