Mifare cards presentation

Yann ROBERTTechnical expert

18-04-2011

Introduction

In Gemalto, Mifare products are called “Celego”Mifare 1 K => Celego Mifare 1KMifare 1 K => Celego Mifare 1KMifare 4 K => Celego Mifare 4K

Celego range describes generic contactless products dedicated to transport and access controldedicated to transport and access controlMifare 1K and 4K are compliant with ISO 14443-1, -2, -3

Type A (ISO 14443 -2)Unique and permanent serial numberUnique and permanent serial numberAnti-collision based on ISO 14443-3Mutual authentication (ISO 9798-2)Encrypted data communicationSecurity management sector per sector

Introduction

ISO 7816-1 Proximity TransactionInductive powerISO 7816 1

dimensiony

(8 to 10cm)power supply

Antenna

Read / Write RF transmissions

(encrypted)

E²PROM memorySecurity featuresPVC card body

Introduction

S ifi iSpecificationsISO/IEC 14443-1 : Physical characteristicsISO/IEC 14443-2 : Radio frequency power and signal interfaceISO/IEC 14443 3 : Initialisation and AnticollisionISO/IEC 14443-3 : Initialisation and Anticollision

Mifare 1K: • MF1S5009 - Mainstream contactless smart card - 27 July 2010 - NXP

Mifare 4K:• MF1S7009 - Mainstream contactless smart card - 26 July 2010 - NXP

Mifare 1K and 4K are NOT ISO14443-4 compliant

Introduction

Mifare 1 K Mifare 4 K

Memory

Mifare 1 K Mifare 4 K

Chip / Size Mifare 1 Kbytes NXP, Infineon

Mifare 4 Kbytes NXP only

RF INTERFACE Serial number 4 bytes

SECURITY

Mifare 4 KBMifare 4 KB

SECURITYAccess condition

Memory Organization

Yes 16 sectors * 4 blocks

Yes 32 sectors * 4 blocks 8 sectors * 16 blocks

Authentication Mutual, Mifare 3 passes Data encryption Yes

A K 2 k t (6 b t )Mifare 1 KBMifare 1 KB Acces Keys 2 keys per sector (6 bytes)APPLICATION

Type of data Data Block

Value Blocks: EPurse

Back-up mechanism

For value Blocks Low cost application

Mifare 1 KBMifare 1 KB

Mifare Ultralight+SRIX512

Mifare Ultralight+SRIX512

Transaction time < 100ms

Pure cless memory card

SecurityPaper ticket &Thin PET card

Introduction

B di i AntennaBonding wires te a

Transparent PVCMicromodule

White PVC

C d b dCard bodyISO dimensions

Introduction

Reader to card Card to readerReader to cardType A Data rate : 106 kbit/sModulation : 100% ASK

Card to readerType ASubcarrier : f0/16 = 847 kHzData rate : 106 kbit/s

Bit coding : Modified Miller

0 1 0 0 1 1 0

Subcarrier modulation : OOKBit coding : Manchester

0 1 0 0 1 1 0

Mifare mappings

Mifare 1K Electrical MappingMifare 1K Electrical Mapping

0Sector Block

Block 0: Manufacturer information (UID )0123

0

Block 0: Manufacturer information (UID,...)

Data block

0123

1

Security block

1 block = 16 bytes3

01

y1 sector = 64 bytesMifare 1K = 16 sectors = 1024 bytes = 1Kbytes

123

15 A block, is the smallest addressable elementAC are defined for each block

Mifare 4K Electrical MappingMifare 4K Electrical Mapping

Block 0: Manufacturer information (UID )0

Sector BlockBlock 0: Manufacturer information (UID,...)

Data block

Security block

0123

0

s of

4 b

lock

sy

1 block = 16 bytesSector 0 to 31 = 64 bytes for each sectorS t 32 t 39 256 b t f h t

31

01230

32 s

ecto

rs

Sector 32 to 39 = 256 bytes for each sectorMifare 4K = (32 x 64) + (8 x 256)

= 2048 + 2048 = 4096 bytes 4Kb

320..15

of 1

6 bl

ocks

= 4Kbytes

A block, is the smallest addressable elementS t 0 t 31 AC d fi d f h bl k

0..15

39

8 se

ctor

s o

Sector 0 to 31 : AC are defined for each blockSector 32 to 39: AC are defined for 5 blocks

Mifare Data Block TypesMifare Data Block Types

Mifare data blocks exist in 2 formats:Mifare data blocks exist in 2 formats:Transparent blocks : data read or written are not interpreted by the cardValue blocks : special format and coding dedicated to purse functions

(Increment / Decrement commands)

Value format:Value: 4 bytes number in hexadecimal “V4 V3 V2 V1”l d d d t d i d i th bl kloaded and stored in reverse order in the block

V1 V2 V3 V4 V1 V2 V3 V4 V1 V2 V3 V4 X X X X

X : means complement of X

Example: Value = 12 34 56 78

78 56 34 12 87 A9 CB ED 78 56 34 12 FF 00 FF 00

X : means complement of X= (X Xor FF)

78 56 34 12 87 A9 CB ED 78 56 34 12 FF 00 FF 00

Mifare securityMifare security

Each sector is protected by a “Security Block”Each block in a sector has its own Access Conditions (“AC”)

B00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15

Access Cond Data

A

BKey A (6 bytes) Access Cond.

(3 bytes)Data

(1 byte) Key B (6 bytes)

Security Block format

Authentication with a sector can be done with key A or key BProprietary symmetric algorithmTo access a sector:

authentication with Key A or Key B is mandatorya session key is created for the authenticated sectorll i ti b t th d d t i i h d ith th i kall communication between the reader and a sector is ciphered with the session key

Mifare Manufacturer Code Block

Block 0 sector 0 is called the “Manufacturer block”, the content :is written by the chip manufacturer (NXP Infineon)is written by the chip manufacturer (NXP, Infineon)can be read without authenticating with sector 0can never be modified (write is not allowed)

Mifare cards can be ordered with 4 or 7 bytes UIDy

00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15

UID (4 bytes) LRC XX XX XX XX XX XX XX XX08 04 00

UID : Unique IDentifierLRC L it di l R d d Ch k UID

UID (7 bytes) XX XX XX XX XX XX08 04 00

LRC: Longitudinal Redundancy Check on UIDXX..XX: Chip manufacturer reserved areas

Chip information: • 08 : SAK• 04 00 : ATQA

Access conditions

Mifare Access Conditions

A di i d fi dAccess conditions are defined: for each block : Mifare 1K and Mifare 4K sectors 0 to 31for 5 blocks : Mifare 4K sectors 32 to 39

A diti f h bl k t d i th tAccess conditions for each block are stored in the sector Security BlockAccess conditions

f ( )for a data block (transparent or value)for the Security Block itself

Eight sets of access conditions are available for the four following commandsfollowing commands

Read / Write / Add / Subtract

Mifare Data Block Access Conditions Subtract

A.C. Set Read Write

Add

TransferTransferA.C. Set

Selection SetNo.

0

AC2

0

AC1

0

AC0

0

Read

A or B

Write

A or B A or B

Transfer

Restore

A or B

a s e

Restore

1

2

0

0

0

1

1

0

A or B

A or B

never

never

never

never

A or B

never

3

4

0

1

1

1

0

0

1

0

1

B

A or B

B

B

never

never

never

never

5

6

7

1

1

1

0

1

1

1

0

1

B

A or B

never

never

B

never

never

B

never

never

A or B

never7 1 1 1 never never never never

Mifare Security Block Access Conditionsy

Key A AC + B9 Key BA.C. SetNo

A.C. Set Selection

0

AC2

0

AC1

0

AC0

0

Read

never

Write

A or B

Read Write

never

Read WriteNo. .

A or B A or B A or B

A B A B1

2

0

0

0

1

1

0

never

never

A or B

never never never

A or B

A or B

A or B A or B

A or B

A or B

3

4

0

1

1

0

1

0

never

never

B

B

B

never

never

never

B

B

A or B

A or B

5

6

1

1

0

1

1

0

never

never

never

never

B

never

never

never

never

never

A or B

A or B

7 1 1 1 never never never never neverA or B

Mifare Access Condition StorageMifare Access Condition Storage

00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15

Security Block Key A (6 bytes) Access Cond. (3 bytes)

Data (1 byte) Key B (6 bytes)

AC1 AC2 AC2 AC0 AC0 AC1

Byte 7Byte 6 Byte 87 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0

ACn: complemented value of AC (AC Xor FF)

Access Conditions Definition example

R W A S

Block 0 Transparent N N N NBlock 1 Transparent A/B N N N

AC n° 7 1 1 1AC n° 2 0 1 0

AC2 AC1 AC0

Block 1 Transparent A/B N N N Block 2 Value A/B B B A/B

AC n 2 0 1 0AC n° 6 1 1 0

Key A AC + B9 Key BR W R W R W

Block 3 Security N N A/B B N N AC n° 5 1 0 1

AC2 AC1 AC0

Access Conditions CalculationAC2 AC1 AC0

Block 0

Block 1

Block 2

1 1 1

0

1

1

1

0

0

AC2 AC1 AC0

Block 2

Block 3

1 1 0

1 0 1

1 1 0 1 0 1 1 1 1 0 0 1

7 6 5 4 7 6 5 43 2 1 0

AC2 AC1 AC0

1 1 0 1 0 1 1 0 1 0 0 1 0 1 1 11 0 0 0 0 0 1 0

Security Block Access Conditions:

Byte 7Byte 6 Byte 8InversedInversedInversed

7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 07 6 5 4 3 2 1 0

AC1 AC2 AC2 AC0 AC0 AC1

Mifare weaknesses

Mifare weaknesses

Mifare cryptography is proprietary and has been brokenKey length is small (48 bits)algorithm is badly designed

It is now possible to make Mifare 1K, 4K clone cards

NXP has introduced a new generation of Mifare cards called as oduced a e ge e a o o a e ca ds ca ed“MifarePlus”:

AES-128 cryptographyCertification AEL4+ISO 14443 -1, -2, -3, -4 compliant

Mifare emulation

Mifare emulation on contactless JavaCards

Infineon and NXP propose on some of their smart card chips t h Mif 1K 4K l tito have Mifare 1K or 4K emulation

Mifare EEPROM Contactless JavaCard zone zone with Mifare emulation

Mifare Classic protocol

ISO14443-4 (T=CL) protocolprotocol (T CL) protocol

Contactless reader

Mifare emulation on contactless JavaCards

An incompatibility problem may happen on the “ATS availablehappen on the ATS available check”

A card will supports ATS only if it isA card will supports ATS only if it is compliant with ISO14443-4 (T=CL). This is known when the card answers the SAK

Mifare emulation on contactless JavaCards

WUPA (0x52)

ATQA (0x00 02)ATQA (0x00 02)

ANTICOLLISIONANTICOLLISION SEL: 0x93NVB: 0x20

ANTICOLLISION Answer IUD: 12345678BCC 08

CARD ANSWER

SELECTSELECTSEL: 0x93NVB: 0x70IUD: 0x12345678BCC: 0x08CRC A: A23C

SELECT ACKNOLEDGE (SAK) SAKSAK: 20CRC_A: 70FCCRC_A: A23C

b8 b7 b6 b5 b4 b3 b2 b1 Meaningx x x x x 1 x x Cascade bit: IUD not completex x 1 x x 0 x x IUD complete, card compliant with ISO14443-4x x 0 x x 0 x x IUD complete, card NOT compliant with ISO14443-4

Card type Mifare Classic SAK Mifare emulation SAKMifare Classic 1K 0x08 (NXP)

0x88 (Infineon)0x28

p , p

Select AcKnowledge (SAK) coding

0x88 (Infineon)Mifare Classic 4K 0x18 0x38

SAK values

www.justaskgemalto.com