Mifare cards

  • View
    2.405

  • Download
    18

Embed Size (px)

Text of Mifare cards

  • 1. Mifare cards presentationYann ROBERT Technical expert 18-04-2011

2. Introduction In Gemalto, Mifare products are called Celego Mifare 1 K => Celego Mifare 1K Mifare 4 K => Celego Mifare 4KCelego range describes generic contactless products dedicated to transport and access control Mifare 1K and 4K are compliant with ISO 14443-1, -2, -3 Type A (ISO 14443 -2) Unique and permanent serial number Anti-collision based on ISO 14443-3 Mutual authentication (ISO 9798-2) Encrypted data communication Security management sector per sector 3. Introduction ISO 7816-1 7816 1 dimensionInductive power supplyProximity Transaction y (8 to 10cm)AntennaEPROM memory PVC card body Security featuresRead / Write RF transmissions (encrypted) 4. IntroductionSpecifications S ifi i ISO/IEC 14443-1 : Physical characteristics ISO/IEC 14443-2 : Radio frequency power and signal interface ISO/IEC 14443 3 : Initialisation and Anticollision 14443-3 Mifare 1K: MF1S5009 - Mainstream contactless smart card - 27 July 2010 - NXPMifare 4K: MF1S7009 - Mainstream contactless smart card - 26 July 2010 - NXPMifare 1K and 4K are NOT ISO14443-4 compliant 5. Introduction MemoryMifare 1 KMifare 4 KBChip / SizeSerial number Access condition Memory OrganizationMifare 1 KBAuthentication Data encryption Acces Keys A K Type of dataMifare Ultralight + SRIX512Back-up mechanism Transaction timePaper ticket & Thin PET cardPure cless memory cardMifare 4 KMifare 1 Kbytes NXP, InfineonMifare 4 Kbytes NXP onlyRF INTERFACE 4 bytes SECURITY Yes Yes 16 sectors * 4 blocks 32 sectors * 4 blocks 8 sectors * 16 blocks Mutual, Mifare 3 passes Yes 2 keys per sector (6 bytes) k t b t ) APPLICATION Data Block Value Blocks: EPurse For value Blocks Low cost application < 100msSecurity 6. IntroductionBonding i B di wiresAntenna te aTransparent PVC Micromodule White PVCCard body C db d ISO dimensions 7. Introduction Reader to card Type A Data rate Modulation Bit coding01Card to reader: 106 kbit/s : 100% ASK : Modified Miller001Type A Subcarrier : f0/16 = 847 kHz Data rate : 106 kbit/s Subcarrier modulation : OOK Bit coding : Manchester10 8. Mifare mappings 9. Mifare 1K Electrical Mapping Sector Block Block 0: Manufacturer information (UID,...) (UID )00 1 2 3Security block10 1 2 3150 1 2 3Data block1 block 1 sector Mifare 1K= 16 bytes y = 64 bytes = 16 sectors = 1024 bytes = 1KbytesA block, is the smallest addressable element AC are defined for each block 10. Mifare 4K Electrical Mapping31 32390 1 2 3 0 .. 150 .. 158 sectors of 16 blocks o00 1 2 332 sectors of 4 blocks sSector Block Block 0: Manufacturer information (UID,...) (UID ) Data block y Security block1 block = 16 bytes Sector 0 to 31 = 64 bytes for each sector Sector S t 32 t 39 = 256 b t f each sector to bytes for h t Mifare 4K = (32 x 64) + (8 x 256) = 2048 + 2048 = 4096 bytes = 4Kb 4Kbytes A block, is the smallest addressable element Sector t S t 0 to 31 : AC are d fi d f each bl k defined for h block Sector 32 to 39: AC are defined for 5 blocks 11. Mifare Data Block Types Mifare data blocks exist in 2 formats: Transparent blocks Value blocks: data read or written are not interpreted by the card : special format and coding dedicated to purse functions (Increment / Decrement commands)Value format: Value: 4 bytes number in hexadecimal V4 V3 V2 V1 loaded d t d in l d d and stored i reverse order i th bl k d in the block V1V2V3V4V1V2V3V4V1V2V3V4XXXXX : means complement of X = (X Xor FF)Example: Value = 12 34 56 78 7856341287A9CBED78563412FF00FF00 12. Mifare security Each sector is protected by a Security Block Each block in a sector has its own Access Conditions (AC) 00 01 02 03 04 0506 07 0809Key A (6 bytes)Access Cond Cond. (3 bytes)Data (1 byte)10 11 12 13 14 15BKey B (6 bytes)Security Block formatAAuthentication with a sector can be done with key A or key B Proprietary symmetric algorithm To access a sector: authentication with Key A or Key B is mandatory a session key is created for the authenticated sector all communication b t ll i ti between th reader and a sector i ciphered with th session k the d d t is i h d ith the i key 13. Mifare Manufacturer Code Block Block 0 sector 0 is called the Manufacturer block, the content : is written by the chip manufacturer (NXP Infineon) (NXP, can be read without authenticating with sector 0 can never be modified (write is not allowed)Mifare cards can be ordered with 4 or 7 bytes UID y 00 01 02 03 04 UID (4 bytes)LRCUID (7 bytes)05 06 07 08 09 10 11 12 13 14 15 08 04 00XX XX XX XX XX XX XX XX08 04 00XX XX XX XX XX XXUID : Unique IDentifier LRC: Longitudinal R d d LRC L it di l Redundancy Ch k on UID Check XX..XX: Chip manufacturer reserved areas Chip information: 08 : SAK 04 00 : ATQA 14. Access conditions 15. Mifare Access ConditionsAccess conditions are d fi d defined: A di i for each block : Mifare 1K and Mifare 4K sectors 0 to 31 for 5 blocks : Mifare 4K sectors 32 to 39Access conditions f each bl k are stored i th sector A diti for h block t d in the t Security Block Access conditions f a data block (transparent or value) ( ) for for the Security Block itselfEight sets of access conditions are available for the four following commands Read / Write / Add / Subtract 16. Mifare Data Block Access Conditions A.C. Set No.AddA.C. Set SelectionWriteAC2 AC1 AC0Transfer a seTransferRestoreReadSubtractRestoreA or BA or B0000A or B1001A or Bnevernever2010A or Bnevernevernever3011Bnevernever4100Bnevernever5101nevernevernever6110BB7111neverneverB A or B B A or B neverA or BA or BA or B never 17. Mifare Security Block Access Conditions y A.C. Set No. NoA.C. Set Selection . AC2 AC1 AC0Key A ReadWriteAC + B9 ReadWriteKey B ReadWrite0000never A or BA or B neverA or B A or B1001never A or BA or B A or BA or B A or B2010neverneverA or B neverA or B never3011neverBA or BneverB4100neverBA or B neverneverB5101neverneverA or Bnever never6110neverneverA or B nevernever never7111neverneverA or B nevernever neverBB 18. Mifare Access Condition Storage 00 01 02 03 04 0509Key A (6 bytes)Security Block06 07 08 Access Cond. (3 bytes)Data (1 byte)AC1 76 5AC2AC2 4 32Byte 61076 510 11 12 13 14 15 Key B (6 bytes)AC0AC0 4 32Byte 71076 5AC1 4 32Byte 8ACn: complemented value of AC (AC Xor FF)10 19. Access Conditions Definition exampleR Block 0 Block 1 Block 2Transparent N Transparent A/B Value A/BWAN N BAC2 AC1 AC0SN N N N B A/BAC n 7 AC n 2 n AC n 6Key A R W Block 3SecurityAC + B9 R WKey B R WNA/B BNNN1 0 11 1 11 0 0AC2 AC1 AC0 AC n 5101 20. Access Conditions Calculation AC2AC1AC0Block 0111Block 1010Block 2110Block 310111 0 10 1 1 11 0 017637454AC2210AC165AC0Security Block Access Conditions: 1 0 0 0 0 01 01 1 0 1 0 1 1717654 32Byte 60Inversed654 321 0 0 1 0 1 1 101Byte 707Inversed654 321Byte 8InversedAC1AC2AC2AC0AC0AC10 21. Mifare weaknesses 22. Mifare weaknesses Mifare cryptography is proprietary and has been broken Key length is small (48 bits) algorithm is badly designedIt is now possible to make Mifare 1K, 4K clone cards as oduced e ge e a o o a e cards called NXP has introduced a new generation of Mifare ca ds ca ed MifarePlus: AES-128 cryptography Certification AEL4+ ISO 14443 -1, -2, -3, -4 compliant 23. Mifare emulation 24. Mifare emulation on contactless JavaCards Infineon and NXP propose on some of their smart card chips to h t have Mifare 1K or 4K emulation Mif l ti Mifare zoneMifare Classic protocolEEPROM zoneContactless JavaCard with Mifare emulationISO14443-4 (T CL) (T=CL) protocolContactless reader 25. Mifare emulation on contactless JavaCards An incompatibility problem may happen on the ATS available ATS check A card will supports ATS only if it is compliant with ISO14443-4 (T=CL). This is known when the card answers the SAK 26. Mifare emulation on contactless JavaCards WUPA (0x52) ATQA (0x00 02)ANTICOLLISIONANTICOLLISIONSEL: 0x93 NVB: 0x20CARD ANSWERSELECTSELECTSEL: 0x93 NVB: 0x70 IUD: 0x12345678 BCC: 0x08 CRC_A: CRC A: A23Cb8 x x xb7 x x xb6 x 1 0b5 x x xb4 x x xb3 1 0 0SELECT ACKNOLEDGE (SAK)Mifare Classic 4KIUD: 12345678 BCC 08SAK SAK: 20 CRC_A: 70FCb2 x x xb1 x x xMeaning Cascade bit: IUD not complete IUD complete, card compliant with ISO14443-4 IUD complete, card NOT compliant with ISO14443-4 p , pSelect AcKnowledge (SAK) coding Card type Mifare Classic 1KANTICOLLISION AnswerMifare Classic SAK 0x08 (NXP) 0x88 (Infineon) 0x18SAK valuesMifare emulation SAK 0x28 0x38 27. www.justaskgemalto.com