Google Code Prettify

2015年4月12日日曜日

ACR122U-A1(黒いOctopusリーダー)とACR122U-A9(白いNFCリーダー)

白と黒のACR122Uを2つ持っててどうしても2つの挙動が違うので、調べまくりました。中国語の情報ソースによりますと、
ACR122Uっていろんなバージョンがあって、黒い筐体のACR122U-A1だと書き込みできないし、ビープ音もでない。香港のOctopus社やMTR駅カスタマーサービスにて販売しているのがこのタイプ。使えない。ACR122U-A9は一般的に白い筐体にNFFCってロゴがついているもの。A1の問題は無いようで。

NFC工具——ACR122U常识介绍より引用
ACR122U分几个不同的版本,各个不同的版本之间价格相差不算小。其中黑色版本的A1,背面P/N:ACR122U-A1的已经停产不短时间了。据说该卡不支持很多卡片的写入,特别是写入。注意:该版本不带蜂鸣器。

另外常见的是A9,一般是白色的,在正面是有NFC的LOGO,背面标识为P/N:ACR122U-A9。该版本带有了蜂鸣器。

推荐大家还是购买ACR122U-A9吧,自己实际测试了一下,还是A9的使用更舒服,更人性。

2015年4月11日土曜日

MIFARE Classicの分析

MIFARE Classicカードの分析です。要点と情報源をまとめました。

Technical Background
  • Introduced in 1995 by NXP
  • “Advanced technology for RFID identification”
  • Based on ISO/IEC 14443 Type A 13.56 MHz standard
NFC Utilities
Backtrack ... Linux Distribution for Penetration Testing tools
Kali Linux ... Backtrackの後継

VMware image at offensive security
Download Location

Latest image


Checking card on the reader
george@netbook-linux ~/nfc/libnfc-1.7.0-rc7 $ sudo nfc-list 
nfc-list uses libnfc 1.7.0-rc7 
NFC device: ACS / ACR122U PICC Interface opened 
1 ISO14443A passive target(s) found: 
ISO/IEC 14443A (106 kbps) target: 
ATQA (SENS_RES): 00 04 
UID (NFCID1): 3e d1 11 f3 
SAK (SEL_RES): 08

Dump RFID/NFC Card Data
Place your card on your reader, then run MFOC using the following command;
sudo ./mfoc -P 500 -O dump.mfd
The -P flag specifies the number of probes used in the attack. The more probes used, the faster the attack will complete at the expense of system resources. The default is 20 and it can greatly speed up the attack to use a larger number. 
The -O flag will specify the name of the file that you are dumping the card data to.

Dump Blank Card Keys
Remember that in order to write data to a card, you must hold the keys for each sector. Blank cards usually contain a series of default keys, so dumping them to a file using MFOC takes just seconds. To dump the keys to a file, run the following command;
sudo ./mfoc -P 500 -O keys.mfd

Clone RFID/NFC Card Data
To copy the card data onto a blank card INCLUDING the UID (providing you are using a magic card), run the following command;
sudo ./nfc-mfclassic W A path/to/dump.mfd path/to/keys.mfd 

Display dump data by Hex and Ascii
root@kali:~# od -v -t x1z -Ax keys-test.mfd 
000000 53 54 61 68 0e 08 04 00 69 73 73 69 35 36 34 30  >STah....issi5640<
000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  >................<
000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  >................<
000030 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff  >.........i......<
000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  >................<
000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  >................<
000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  >................<
000070 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff  >.........i......<
000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  >................<
000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  >................<


Reference information

Hacking the NFC cards for fun and honor degrees

George Smart - NFC Experiments

alphazo / gist:3303282 dump card, reading keys