Signed-off-by: Oleg Moiseenko <807634+merlokk@users.noreply.github.com>
1.5 KiB
mfc card types
Some information about MFC cards and their vulnerabilities
original card
the first cards original and first China's clones
Have the first version of the PRNG. Weak PRNG
Vulnerable:
- card-only dark side attack (
hf mf darkside
) - card-only nested attack (
hf mf nested
) - decode card-reader trace (
data list
)
Fixed PRNG cards
the first cards original and first China's clones
Have the next version of the PRNG. Strong PRNG
. The nested auth has not changed. Dark-side attack is not possible.
Vulnerable:
- card-only hardnested attack (
hf mf hardnested
) - decode card-reader trace
Static nonce cards
The first revision of China's cards tried to fix holes in the card's auth Cards have static nonce instead of dynamic. The nonce is just the same for each authentication.
Have the next version of the PRNG. The nested auth has not changed. Dark-side attack is not possible.
Vulnerable:
- card-only staticnested attack (
hf mf staticnested
) - decode card-reader trace
Static encrypted nonce cards
For the first auth, it has the first version of the PRNG. Weak PRNG
For the nested, the card has a nonce that is some function of auth+card's data instead of dynamic. The nonce is just the same for each auth with the same parameters.
(in progress...)
Vulnerable:
- decode card-reader trace
reader-only attack
The readers have a random generator bug. With it, we can recover a key for the sector it tries to authenticate.