Create mfc_notes.md

Signed-off-by: Oleg Moiseenko <807634+merlokk@users.noreply.github.com>
2024-11-11 01:55:38 +08:00 · 2023-11-21 21:56:37 +02:00 · 2023-11-21 21:56:37 +02:00 · 3a612dead9
commit 3a612dead9
parent 34a9eb76ad
1 changed files with 45 additions and 0 deletions
--- a/doc/mfc_notes.md
+++ b/doc/mfc_notes.md
@ -0,0 +1,45 @@
+# mfc card types
+
+Some information about MFC cards and their vulnerabilities
+
+## original card
+the first cards original and first China's clones
+
+Have the first version of the PRNG. `Weak PRNG`
+
+Vulnerable:
+1. card-only dark side attack (`hf mf darkside`)
+2. card-only nested attack (`hf mf nested`)
+3. decode card-reader trace (`data list`)
+
+## Fixed PRNG cards
+the first cards original and first China's clones
+
+Have the next version of the PRNG. `Strong PRNG`. The nested auth has not changed. Dark-side attack is not possible.
+
+Vulnerable:
+1. card-only hardnested attack (`hf mf hardnested`)
+2. decode card-reader trace
+
+## Static nonce cards
+
+The first revision of China's cards tried to fix holes in the card's auth
+Cards have static nonce instead of dynamic. The nonce is just the same for each authentication.
+
+Have the next version of the PRNG. The nested auth has not changed. Dark-side attack is not possible.
+
+Vulnerable:
+1. card-only staticnested attack (`hf mf staticnested`)
+2. decode card-reader trace
+
+## Static encrypted nonce cards
+
+For the first auth, it has the first version of the PRNG. `Weak PRNG`
+
+For the nested, the card has a nonce that is some function of auth+card's data instead of dynamic. 
+The nonce is just the same for each auth with the same parameters.
+
+(in progress...)
+
+Vulnerable:
+1. decode card-reader trace