Mifare 卡安全 [英] Mifare card security
问题描述
几天前,我连接了一个 USB 非接触式智能卡读卡器,并通过 USB Sniffer 工具嗅探了该 USB 端口.之后,我在读卡器上放了一张 1k Mifare 卡,读取了 1 个字节.
Some days ago I connected a USB contact-less Smart-Card reader and sniffed that USB port via an USB Sniffer tool. Afterward, I put a 1k Mifare card on the reader and read 1 byte.
我查看了嗅探器工具的输出,了解到密钥(读取密钥和写入密钥)在没有任何加密的情况下传输到卡上!
I take a look at the sniffer tool output and understand that the keys (read key and write key) transferred to the card without any encryption!
现在我想知道这个机制真的安全吗??!如果我更改读卡器的 API 使其表现得像 Mifare 卡并将其靠近原始读卡器并通过我的计算机嗅探两个读卡器之间的通信,我就不能获得密钥吗?!
Now I want to know is this mechanism really safe??! If I change my reader's API to make it behave like a Mifare card and move it close to the original reader and sniff the communication between two card readers via my computer can't I gain the keys?!
这是否有可能使 Reader 在另一个非接触式读卡器领域中表现得像 mifare 卡?
Is this possible to make a Reader behave like a mifare card in the field of another contactless reader?
更新:据我所知,在发送身份验证命令之前,必须在 mifare 卡上加载密钥!如下所示,我在卡上加载了密钥![默认为FF FF FF FF FF FF].
Update :
As I know it is mandatory to load keys on mifare card, before sending authenticate command!
As you see below, I load keys on card! [It is FF FF FF FF FF FF by default].
同时我嗅到了我的 ACRA122U 所连接的 USB 端口!正如您在下面看到的,密钥是明文发送的!
Simultaneously I sniffed the USB port that my ACRA122U connected to! As you see below, the keys was sent in plain!
我所做的有什么问题?!
注:Hedayat(我的学院)小姐,也证实了!:))
Note: Miss Hedayat (My Colleage), also confirmed it! :))
推荐答案
您不是在嗅探读卡器和 MIFARE Classic 卡之间的通信,而是检测 PC 和读卡器 (USB CCID) 之间的通信.
You are not sniffing the communication between the reader and the MIFARE Classic card but between the PC and the reader (USB CCID).
为了与 MIFARE Classic 卡通信,您必须将访问密钥加载到读卡器上.这就是加载身份验证密钥"命令(在您的屏幕截图中)所做的.对于 ACR122U,密钥存储在阅读器的易失性存储器中.其他读卡器也可能支持非易失性钥匙槽(请参阅读卡器文档和非接触式存储卡的 PC/SC 规范部分).
In order to communicate with a MIFARE Classic card, you have to load the access keys onto the reader. That's what the "load authentication keys" command (in your screenshot) does. In the case of the ACR122U, keys are stored into volatile memory on the reader. Other readers may support non-volatile key slots too (see the readers' documentation and the PC/SC specification section on contactless memory cards).
之后,当您发出认证命令时,读卡器将执行 MIFARE Classic 相互认证,这基本上是一个挑战响应认证和密钥协商协议.因此,读卡器不会将实际密钥发送到卡,而是从卡接收随机数,用密钥加密随机数,并将加密后的随机数返回给卡.然后卡将使用相同的密钥解密随机数,从而验证读卡器是否使用了正确的密钥.
Later, when you issue an authentication command, the reader will perform the MIFARE Classic mutual authentication, which is basically a challenge response authentication and key agreement protocol. So instead of sending the actual key to the card, the reader will receive a random number from the card, will encrypt the random number with the key and will return that encrypted random number to the card. The card will then decrypt the random number with the same key and can thus verify if the reader used the correct key.
这篇关于Mifare 卡安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
