 The RFID transponder, RFID transponders are used pretty extensively these days. Pretty much every one of you uses them for some type of, especially, popular as access control systems. This talk is about transponders that are used for non-mission critical uses, like automation of laundry, but some people may think that if it works well there, we might as well just use it somewhere else. Well, that's kind of daring sometimes, but our speakers... How to look if they can attack these systems or transfer the knowledge they gain from attack systems that have been broken in the past to new ones, and they will show us why it's a bad idea to use the high-tech ass for access control systems. So give us a welcoming applause for our talkers, Ralf Spenneberg, Ozan Cicciak, I'm happy to be here, I'm Ralf Spenneberg, this is Ozan, the third guy is unfortunately ill and couldn't make it, but with three people on the stage it would have been a little ridiculous for the 30 minutes we have anyway. So let's have a look. We do pen testing, security analysis, and obviously RFID systems, why are we interested in this? A couple of things for the background, the people among you who know these type of systems, the ones where you pay in the canteen or for key systems or wireless payment, for example, they usually use some type of transponder technology. And depending on the frequency that transponders use, there are three commonly used areas in the spectrum, the high-frequency, low-frequency, and the ultra high-frequency transponders. We only use the low-frequency ones, those are used first and foremost in places where you need a very close contact. Their reach is rather short and they usually are very low-powered. So you can even, if you have a passively powered transponder then you cannot do a lot of calculation, for example. This may be different for high-frequency transponders. With the low-frequency transponders you can only solve this problem by using an active transponder that has its own power source. Low and high-frequency transponders are used in excess control systems, for examples, for doors. High-frequency ones are used for systems where you need a very high distance that you can bridge. For example, in logistics, high-frequency is usually libraries, laundromats. The high-tech S is a 125 kHz transponder. There's three different varieties, the 32, 256, and 2048 bits. There's an authentication mechanism built in, it has a 48-bit key and the password is 24-bit. That's obviously easily to decrypt. This password is saved in the key itself, with which the transponder can identify itself and it uses an undocumented decryption cipher. It is unbroken so far, as we know, or at least it counts as such, and we looked at it and we knew of a broken system and tried to transfer what we learned there to this high-tech S. Well, why didn't we do it? In our own building, we had an RFID access control for the doors and it was built in 2007 and we always had a bad feeling about it and we thought about it for a while and looked at it and we actually broke it pretty bad, told the manufacturer about it and they actually fixed it for the January 1st, 2016 and we'll publish a paper that details what exactly was broken and what they had to fix and how we broke it. So we looked for an alternative and looked at other access control systems from other manufacturers and the manufacturer also advertised the system as unbroken so far because it had the high-tech. Well, let's talk about the access control systems for a start. There's two different types, online and offline. The online one is you basically touch the key, it sends a signal to it and the lock actually communicates with a server and tries to identify you. Here you only send some identification number and that is used. So basically all you need to do is you need to send this ID and the manufacturer guarantees that this ID is unique. Sometimes there's access control systems that have high frequency transponders that also have the authentication of transponder, user authentication of transponder. Access control systems are like the one we have in our building and that are used in this case. They save the authentication on the tag. So if I can read the tag and write it again and the information isn't very secure I can even change the authentication of a tag. With a lot of systems that's actually the case because they have a very awful box and there are some advisories about this and that's also the case with the high-tech S. So if I can read the transponder and emulate it I can copy a key. So the problem is that sometimes you can just do that while you walk past someone. So if somebody has their key in their back pocket I can read the key because they might not be using an RFID shield. So you can make a copy of their key very easily. So a transponder should make sure that that doesn't happen. I give the word to Osan. The first thing we did was we had a look at the authentication. That's what happens between the reader and the tag. So every transponder in the reach. Every transponder responds with their 32-bit ID and then the reading device sends a... Sends a select ID and then they get all the information by that chip which size of the transponder does it want to authenticate which data may I write or read and which modulation is used, which speed is used. All those information can be read out of the configuration from the chip. When you read it wants to authenticate and the read-write module goes ahead, takes a 30-bit random number. They generate some secret data and this 30-bit data is communicated to the transponder as a challenge. The transponder has the same secret data, then the read and write key knows the key. So now the transponder contacts the three password bytes and the configuration byte and sends it to the reader device. If the reader device can decrypt it and reads the password they have authenticated to each other, afterwards the unsecured data connection can be established. The next question is how is the secret data thought and how is encrypted and decrypted? If you look at the memory layout and look at the already broken transponder then you can see large differences especially there where the configuration bytes are and the password and the key is also saved differently. Additionally with the data bank their read-write module that wants to authenticate has a special code. It's called the FLPS HTA 130 and it's used by all the high-tech specific tags and we have rotated it more specifically and especially the commando service and you want to see which commands can be sent to the code processor and there are specific commands for the high-tech one, two and S. However there is no high-tech S-specific commandants to write data to the EEPROM so we can assume that there are similar commands with the others. In addition the code processor that uses three different transponder has very unlikely three completely different ciphers so we have assumed that the cipher from high-tech S is similar or the same as with high-tech two. Tech two cipher is already known for a couple of years and it has been published, it looks like this, basically there are two things, one a non-linear two-step function and an 8-bit shift register. One of the properties of the cipher will be used in the following tags and that is if you look at the intellectualization of the cipher you can recognize that the out-bits will only be used after the beginning has been used. So first we have to put an initial data in the register so we do that by putting the 32-bit UID of the user and the last 18 bits of the key and initialize the cipher with that. So the shift register is initialized to that and it's shifted 32 times and the last place on the right is always updated and when I have 60 bits of the key in the 18-bit shift register and shift 32 times they will not fall out in the initial situation, they are still in the first place so what they've done with this cipher, they've used the Proxima, that is a tool, RFID tool and we have implemented the HTSF cipher with this cipher and we have created a transponder in the motors with the key we know and then it was possible to authenticate as a high-tech S system so that's we now know we know that it's exactly the same cipher. The cipher wasn't used for the same thing but it's the same. So first of all we need some hardware so we have the Proxima 3 that's a general purpose RFID tool so it can do low as well as high frequency RFID chips and we have some software for that for example a reader and a write device and an emulator to look if we want to have broken a key to emulator transponder so for the first attacks maybe there is the possibility of a relay attack if you remember. In the authentication we only have one random number and that is decided upon by the read write device so if an attacker reads the complete communication for example with a product smug he can send the challenge code again to the transponder and the transponder just answers because as attacker I can just can't decrypt his information in this password but with the simple read attack I can run the same codes as a read write device. Again the Ralph has talked about it before technology is a bit crazy brute force attacks it's an 84 bit key the cipher is not really complicated if you put in a couple of service you can calculate the key within a couple of weeks another attack and that's an attack especially in high-tech too and it's run in gun in 360 seconds use next to 2012 and it has 120 challenges and if once I have them I just need five minutes for the attack it's just a mathematical calculation and it uses a different issue of the cipher we are not going to talk about further and then there is a more design issue on their side you can if you look at the configuration bits there are three bits that are especially interesting the output if in that case the transponder wants to authenticate if the alcoone print the alcoone cannot be changed and lock key and password uses the key protects the key and the password from reading and writing but you can choose them differently so you can send transponders that want to communicate but they also want to protect the assertions but you can change the configuration with and the configuration the transponder is not protected for that about that for that another possible attack this largely effective is the set solver the set solver with like critical set of mini set is mathematically-optimated algorithms that try to solve solutions that try to prove the satisfiability and with the example here a set solver wants to try to find values a b and c to make it all true the set solver originally come from the electronics but they can solve many solutions by that if I can change the problem into a formula and that's exactly what we want to do we want to say hey this is the set solver please build a formula and solve it so first of all before we start to create the formula we need the key stream bits how do we reach them the first the easiest thing is the easy data are the first 32 bits negated so if I negate them back I get the first 32 bits then the contu bit is sent encrypted and not encrypted so if I X all them I've got the next 8 bits so I can per authentication get a 40 key be key screen bits because I want to know the initial state of 84 bits for which I can calculate this bitch and the fewer bits I have the higher the the probability is that the original state is wrong the high tech 2 that's not a problem because also the data communication is encrypted I get much closer than 40 bits how do we solve that with the high text s we take two ciphers so two different encryptions and read the key stream bits out of that as above and we always try to find the initial state for that and then we use the options from the slide before the initial state of the 16 first 16 bit from the key and if I authenticate twice there is no change and you always say hey the first initial states are the same in the first 16 bits this formula is created and the set solvers solve it usually within five days and the result is initial state so 16 bit of the key so how do I get the rest of the data the key is 84 bits I only have 16 of them well brute force the other 32 bits are not that large and on the other hand I can also do a rollback what's a rollback well the initial state is the state of the initialization and in the initialization there are three parameters the random number the uid and the key so I know the result the uid and the random number and so now I can calculate the only one that's unknown with the xor so I calculate the previous state with the and get another key and that's immediately there are 32 operations and once I have the key that still doesn't mean that I have the can read all of the transponder because there are some there's a bit that protects a key and the password and do know the key and the password was encrypted beforehand and it was run encrypted in the authentication and know the key if I have the complete transponder I have to do the complete responder then I can emulate the transponder completely for example in the with this proxmark 3 or you can also build your own thing it's pretty simple actually so you need the the traces you need to collect the traces you have to break the key with the set solver and to to read all of the things from transponder and then you can clone the transponder okay that means if I have a access control system and that uses this height I guess transponder that means you somebody could possibly for example while I plug in the key into the lock or if I have the transponder in front of the reader they could read the authentication um challenges while I do that so for example with the with the set solver you need two challenges or 150 for the cryptographical attack that means you probably need access to the to the reader to get all the 150 challenges but that means that I could break the key that's used by this this tag and you can not only read the key but you can also read all the other data that this key has and that means I can actually create the clone for the whole key and so if if the other data on the key is not properly secured that means you could possibly extend the data and change the key to be one of of the master keys that can access the more rooms so we looked around for for other systems for low frequency transponders and most that we saw all that we saw were already broken or they used the use systems that are as easily broken as the as the ones we talked about so the problem is that low frequency transponder don't have enough energy to use secure systems so that means if you want to make a secure access control system you need high frequency transponders high frequency transponder doesn't mean that the that the system is secure like for example the my fair system and that has broken as well it has been broken as well so if you support a desk fire system you can still use the my fair classic system so they the systems are backwards compatible so these are broken already so if it's been in access in in operation for eight years it might still support an old standard so the modern systems can be secure but they don't have to be so we looked around which which vendors actually use low frequency or even the high tech s system and a lot of them seem to do that but that doesn't mean that if your vendor is on this list that your system is necessarily broken sometimes they also use alternatives like for example the ulman and sucker system is also offered with high frequency transponders like desk fire but if you bought the low frequency system if you bought the low frequency system you can only use the high tag tag and another one that is also very insecure and for the other one the cloning of the transponder is actually trivial so you only need to build a small bit of hardware for 20 25 euros and you can you can clone the key immediately that and the clone is not is not distinguishable from the original and there's no way to check who it really was so if you if you talk to the vendors and you ask them how they can sell something like that then they'll say well this has been it's seven years it's been seven years and we don't really see a need to inform our customers that this is insecure or they answered they answered oh we never said that this is secure we don't do security we only do access systems and then you go and look on the on the website and look for the word security and unsurprisingly it doesn't even exist on their website so the question is now did the vendor know this for a long time and they just never told anyone i mean the question is where are all these systems deployed hospitals schools are there any questions thank you for your attention thank you very much i'm gonna certainly take more care with my with my systems we have five minutes for questions if you have questions please go to the microphones i one question is there a way to collect pairs of challenges without having the key itself no all the point is reader has to believe that it actually talks to the transponder and has to send the transponder some data if you have access to the transponder i.e the the id if you can collect it with some certainly then you can write then you can build an emulator that pretends to be this key and you can go to the to the reader and or to the tag and read the the challenge but once at least you need a valid id that you need to find well we actually found one system that actually didn't even uh collect the id's internally you can probably just use any id but that's only one system i read the ct magazine and there was a an article uh about Mercedes that are open via relay attacks so for example somebody is driving by the streetcar well we didn't try it but it's really easy with the transponder there's no timing attacks will you release the proxmark software yeah i believe yeah at least parts of it but yeah i think so oh nxp is actually the manufacturer behind this and they have been contracted by us by four or five months ago we didn't get an answer and then we repeated the contract maybe 40 days ago nxp knows about it and they contacted their customers if there's a customer here that actually uses these parts in their systems well don't trust the ed i d t of the customers if it's critically important for your application then your application is broken anyway well just just the fact these locking systems actually depends on they're actually made up of about 500 000 locks if you record all the communication could you actually use sound interfaces for this i don't know never tried all used oscilloscopes if the sound card is good enough to resolve the 125 kHz and it's probably possible it'll be doable you probably have to look at emulation it's probably not easy but yeah okay give us an applause thanks for this talk