Wednesday 8 December 2010

MIFARE Classic default keys

Here are some default transport keys for empty (factory issued) Mifare Classic tags.

ffffffffffff
a0b0c0d0e0f0
a1b1c1d1e1f1
a0a1a2a3a4a5
b0b1b2b3b4b5
4d3a99c351dd
1a982c7e459a
000000000000
d3f7d3f7d3f7
aabbccddeeff

Since MIFARE Classic has been hacked time and again, it should be used for prototyping and experimenting only. Roel Verdult of Radboud Uni. has a good lecture on "classic mistakes" :)

RFID Sniffer

Keep your key cards close and wrapped in tin foil, hackers are out and about armed with RFID Sniffers ;)

More on the sonMicro 13.56MHz reader module here and here.

Wednesday 1 December 2010

G&D microSD cryptocontroller

A new microSD card containing a secure element and cryptocontroller has been released by G&D. It supports ECC up to 521 bits (F_p, I assume, and not F_2m), AES-256 and SHA-512. The main functionality is strong authentication to allow secure phone calls.

Note: authentication is all well and good, but the security chain is only as strong as its weakest link.The main problem with open systems and mobile/ad hoc clients is key management, and I have yet to come across a practical, secure and dynamic solution in the Secure Voice market.