Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
- Logged in as ikarus
- Last visit: Today 11:22:42
- Topics: Posted | New | Active | Unanswered
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#4 2009-07-07 09:42:25
- szymonunion
- Contributor
- Registered: 2009-07-05
- Posts: 46
Re: MIFARE Plus
Samy,
so we are waiting for some successes with this card 
Let us know ASAP.
We have also here cards Mifare, but it is probably 1K ( I am not sure that it is 4K - not possible, heh). I do not have one, but when I will get assembled and working device (I wanna buy one as I wrote in other topics !!!) I will get this card for tests 
Best Regards,
PS. your site is in .pl domain - are you familiar with Poland/Polish language?
I will answer myself .pl because of Perl ))
edit: I just read that this solution we have here in the weakest one so I am now sure it is Milfare 1K (16 sectors, heh).
Last edited by szymonunion (2009-07-07 21:45:39)
#5 2009-07-15 00:04:22
Re: MIFARE Plus
szy, I'm just a perl guy so I use .pl, not actually from Poland
Ed, looks like LA Metro is the first transporter to use them:
"Commuters and other passengers in the Greater Los Angeles Area are about to experience an upgrade, as the LA Metro becomes the world's first transport operator to implement NXP's MIFARE Plus contactless technology for automatic fare collection."
#6 2009-07-15 10:22:35
- szymonunion
- Contributor
- Registered: 2009-07-05
- Posts: 46
Re: MIFARE Plus
samy,
as you saw my answer - I realized this quickly after I sent answer )) .pl is the best for Perl geek
Lucky you, you can test it - I still have no device and even no info when someone will have assembled and tested device to sell. I have few cards to test (Mifare 1k, HID ISOProx II, others), but I am not able without device 
#7 2009-07-15 12:56:51
Re: MIFARE Plus
Nice That would be cool if you could find a vulnerability in the Mifare plus implementation! I searched quickly through the net this morning, correct me if i'm wrong, but it has not been broken yet ?
--
rleroy
#8 2009-07-15 18:44:43
Re: MIFARE Plus
szy, why not purchase one from http://proxmark3.com? I think the price just went down, too.
rleroy, correct, I don't think there are any known vulnerabilities. Nohl did a talk at Blackhat last year about RFID security, and although I wasn't there, his powerpoint presentation glosses over algebraic attacks on the Mifare Plus:
https://www.blackhat.com/presentations/ … Mifare.pdf
I started reading about how they originally found the issues in MIFARE Classic. My understanding is they took the chip, a magnifying glass, acetone, and started cutting away layers of the chip in order to reverse engineer it! That is pretty hardcore.
#9 2009-07-15 18:47:54
Re: MIFARE Plus
"Through further analysis of Crypto-1, we found the cipher to be highly vulnerable to algebraic attacks. Our most efficient attack takes only seconds on a PC, can operate on passively sniffed data from meters away, and works despite strong random numbers in Mifare Plus. The results were first announced at EuroCrypt 2008's rump session."