[MLUG] Practical Attack on the MIFARE Classic.

Bob Bevins bob at virteck.com
Tue Dec 2 18:17:29 EST 2008 

It depends if there is encryption on it. these cards when used for card 
access sends an integer which it sends everytime. this is the number you 
care about when entering a building. this is the number they put in the 
database. If you can read that number the way they said they did then you 
can program that number in a smartcard and open the door. Its not as 
complicated as they may make it seem. I work in that industry. You might 
think all those regular weigand card access cards are secure, well.... all 
you have to do is buy a programmer for a grand and program your own cards, 
I've done it. They sell the unprogrammed coils. There really is a false 
sense of security. The only real fool proof way is to use two different type 
of technology to access the door. re: keypad/smartcard, biometric/smartcard 
etc..... they are not full proof but, that is doubling the work they would 
have to do to access the secure area. Highly unlikely they would go through 
it and be successful, but it is possible.

Just my 2 cents,

and now that your all on OSX, it should be easier....:-)

Bob


----- Original Message ----- 
From: "Andy Pintar" <andy at hapoteh.net>
To: "Montreal Linux Users Group" <mlug at listserv.mlug.ca>
Sent: Tuesday, December 02, 2008 5:16 PM
Subject: Re: [MLUG] Practical Attack on the MIFARE Classic.


> On Tue, 2 Dec 2008, Bob Bevins wrote:
> ...
>> Many companies are using the mifare technology  on smartcards for card
>> access, which unlocks doors when presented at the readers. If they can 
>> clone
>> the cards then they would have access to companies premises. furthermore,
>
> As far as the paper was concerned, I came to the conclusion that it's not
> possible to clone the cards.  I don't have the paper here with me but I
> think they mention that at the end that based on the information they
> provide cloning cards is not feasible.  In fact, they can't read all the
> data, and there are some pretty strong 'ifs' to reading any data (except
> first sector), which is knowing one byte on that sector.  Did anyone read
> the paper or have any other references that state/prove that cloning is
> possible?
> _______________________________________________
> mlug mailing list
> mlug at listserv.mlug.ca
> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
>

More information about the mlug mailing list