Follow us on Twitter!
Understanding is the answer, hatred is the problem, and hackers are the slaves abused and destroyed in the process of peace online - Deshouleres
Wednesday, April 16, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 21
Guests Online: 15
Members Online: 6

Registered Members: 82813
Newest Member: VesuviusSentinel
Latest Articles
View Thread

HellBound Hackers | Computer General | Cryptography

Author

Rfid system derived keys decryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-10-11 19:12
Hi,

I am on research of rfid security systems, I have selected one big network and have got from few tags all secret keys. I know this network use derived key encryption so I am interested is there any chance to get masterkey? Since I am totally noob in cryptographic any help would be very helpfulSmile

Here is the derived keys system 'master key: derived key = ENCRYPT(master key, card id)'

So I have few DERIVED KEYS and CARD IDS

CARD ID : DERIVED KEY
a76161f1 : af4b2bc8fecc
f7b380f1 : 094f18753908


So once again any help ideas or etc would be very helpful! Thanks
Author

RE: Rfid system derived keys decryption

starofale
Member



Posts: 218
Location: England
Joined: 05.12.07
Rank:
Moderate
Posted on 22-10-11 03:39
domc wrote:
is there any chance to get masterkey?


Unlikely, unless it's a poorly designed system.


Try a new search engine
Author

RE: Rfid system derived keys decryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-10-11 10:26
And how to research how system poorly or not designed? From where to start? I can't find from where to start...
Author

RE: Rfid system derived keys decryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-10-11 10:26
And how to research how system poorly or not designed? From where to start? I can't find from where to start...
Author

RE: Rfid system derived keys decryption

starofale
Member



Posts: 218
Location: England
Joined: 05.12.07
Rank:
Moderate
Posted on 22-10-11 14:06
Before I start, I'll just say that I doubt that it's possible to get the master key.

domc wrote:
derived key = ENCRYPT(master key, card id)

Do you know how this ENCRYPT function works? If you do, then take a look at the algorithm and see if you can somehow reverse it using the derived key and card id to get the master key. If this works, that is what I meant by a poorly designed system.

If you don't have the encryption algorithm, finding it out should probably be your first step.


Try a new search engine
Author

RE: Rfid system derived keys decryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-10-11 15:35
Firstly I would like to thank You starofale for replies with help.

One thing I know there is nothing impossible...

I don't know how encrypt works, so I don't have algorithm only thing I know how system works:

CARD UID (uniq id) > READER = (UID (ALGORITHM) = SECRET KEY (DERIVED KEY) >> LOGIN to CARD)

ALGORITHM UNKNOWN
CARD UID KNOWN
SECRET KEY KNOWN


things I can do:
1. I can do SNIFFING attack then reader and card is talking (MAN IN THE MIDDLE)
2. I can emulate card with specified UID and collect all data which reader send to card and card to reader

I have collected more than 60 secret keys (DERIVED KEYS) with dark side and nested attacks from cards

So how I can search for algorithm?
I think there is should be math like X and Y if I am not wrong... Because there is only one unknown from three. And I can collect much data I can use FPGA for calculate. Sorry for that I am wrong or stupid questions I am very noob in cryptographic...


Edited by on 22-10-11 15:39