Mifare Classic是目前RFID系統中最常使用的非接觸式智慧卡。但其中專屬的密碼系統,Crypto-1與鑑別協定含有許多嚴重的漏洞足以讓不肖人士所利用以取得鑑別時使用的金鑰。因此,本研究採取真卡片與假讀卡機的情境取得卡片中的金鑰。在本研究所發展的方法中,可以大幅減少破解金鑰時的搜尋空間。最後更進一步的研究被某地區廣泛使用的卡片內儲值的格式,並成功的修改其內容。
The Mifare Classic is the most widely used contactless smartcard on the market. However, the proprietary cryptosystem of Mifare Classic, called Crypto-1, has very serious vulnerabilities. Adversary can exploit these vulnerabilities to obtain the key used in the authentication. Since the RFID systems are often located in public places with many people and video monitors, this study adopts a scenario of using the fake reader and genuine card in concealed places. Moreover, the developed methods can reduce the key search space. Finally, this study investigates the data format in a widely used store-value card and modifies the stored value successfully.
