 We are talking about NFC, NFC near field communication and about MIFARE ultralight system, NFC ultralight chips are used for communication, near field communication and in our country they have been used especially for the transportation system like buses, metro, trams. And in the past there has been some people who discovered some, they hacked the system of the communication between those chips. And so in 2008 the MIFARE classic which is a type of NFC chip, they managed to exploit the MIFARE classic while in 2011 two American guys managed to exploit NFC ultralight one, which is the one I will be speaking about NFC ultralight. In my country, so in Italy, it has been used for transportation system, so if you take a bus you will take a ticket, multiple ride ticket, which has a chip and NFC MIFARE ultralight inside. And so what is it? FAD chip are designed to work at target frequency, 13.56 megahertz frequency. And there are a lot of kinds as I told you before and there is MIFARE classic, ultralight, a lot of types. And the ultralight is cheap, but it has a problem. It has no hardware encryption. So how we came to this hack? Well, we started studying NFC communication NFC chips when from January the local transportation system in Turin updated their stamping machines and so it was possible to use those tickets to ride the bus or what else. And we tried to exploit the same vulnerability they discovered in 2011, the one I was telling you something before. But the point is that we didn't know anything about the structure of this ticket. So we tried with that vulnerability but we failed. And that was the point, we failed. We tried to... And so, you know, if you don't know what are you dealing with, it is, let's say it is tricky to solve it. So we decided to study better those kind of technology and so we discovered that we tried to make some little experiments, make experience, and so we decided to stamp one ticket after the other and comparing the results, we had an NFC reader and we read the dumps of those tickets. And we were comparing them to find if there were some similarities, something similar to compare it and to find, for example, how was the data saved on the ticket. And so we managed to plug down some empirical results of this. But this is the point where I was getting you. Assume that you know where exactly the time of the last stamp of your ticket is being stored. Now, if you have an NFC phone with an NFC reader and writer, you can actually change the field where the time of your last stamp is stored. And so that in this way you can easily bypass the system of stamping, the stamping machine, and you can stamp by yourself your ticket. And this is where we wanted to get the point we were looking for. But the problem is that it is not so reliable that kind of thing. You have an NFC reader and a lot of things to deal with. So it was not the point. And if you want to add something about that, the point is that we managed to solve our problem because when we looked more in, we paid more attention about how the ticket was made. And we, let's say, we came to a solution and we found that the answer to hack those tickets and find a way to make them unlimited was in the lockbites. The lockbites are a sector of that ticket. And he will speak about that now. Okay. This is the ticket of my city, the five rights ticket. So you can stamp it till five times and then it expires, theoretically. This is how it's composed. We will look at lockbites and OTP data. Okay. OTP is the only security function in the OTP. There are four bytes. And by default, they are all set to zero. When you stamp the ticket, there is an OR operation that turns one bit to one. And so you can turn it back to zero. So that's the only way you can stamp the ticket without any fraud or something like that, theoretically. So there is 36 possible rights on each ticket. And so there is no fraud. And we will speak about it later. The data sector. It will be funny now. No, I saw one of your slides coming in. It's not going to be funny. We have decided to brand this. You've heard of Spot the Fed. This is now Shot the Noob. No, we are not. He is of legal drinking age in Italy. And this stage is actually technically part of Italy. Oh, wait. I'm sorry. Audience, raise your hand if it's your first time at DEF CON. You, sir. Get up here. On stage. Sometimes. I can get off. I don't know if I'll be able to. There are steps on the other side. All right. New people at DEF CON. You took my bag. That was strong. The data sector was used in the past attack, the 2011 attack for store the rights. But this sector is readable and writable. So you can just swipe it and get a free, a new ticket. But in our day fix it. And so in Tarin doesn't work anymore. So we thought about just the code timestamp from the VARIDETOR machine and reproduce it without touching the OTP sector. So the rights remain the same, but we can stamp it by ourselves. But we are not getting the point because we lack of NFC hardware. So we are... We are poor. Yeah. If you want some dams of our ticket, we will give you at the Q&A session. No problem. Okay. These are some empirical results. We can speak more later. Just doesn't matter. Okay. The lock sector. This is the most important part of our talk because that's the point where we found the solution. There are two bytes. The first one is the red one and the second one is the orange. Okay. Each bit of all these bytes can lock a sector and make it read only. Okay. So what we did is just lock the bit in lock bit sector that make read only the OTP data. So the machine tried to validate it, but ops, it read only and I cannot. So that's... When we first made our test on the road, we found a little problem because it's not good by that you're five rides taken and then have always five rides when they test it. We forgot to took one of the rides. Yeah. And so it was not good. What are you going to say to the man who is going to check your ticket? Yeah. Do I know? Yeah. Okay. So what we did is we tried to validate it. Okay. How to fix it? The lock attack is quite easy to be fixed in theory because you just need to check if the OTP bits is read only or not and if it's read only, refuse to validate. But the name problem is the time attack because... Yeah. The point is there are two vulnerabilities we found, but we exploit just one because we lack of time and of hardware as he explained before. So the time vulnerability would be very easy to be exploit if we can actually decode the data. And what if... Imagine if you have... If you know exactly how the data is encoded and where it is exactly located inside your ticket, it will be really easy to exploit this because if you have an NFC reader writer, you can write the data each time you want. So you can pick your ticket, put on your NFC phone and just type the actual data, so the actual time, if it is 5.15, then you put your ticket over your phone and then you can write 5.15 each time you want. And so you can bypass the validating system and so you can still have four rides left and you are just adjusting the time. And that will be really hard to be fixed because all the data written inside the ticket is not encrypted hardware speaking. And so if you are able to decode this, it will be very hard to fix it. While the lock attack and so the exploit he was speaking about will be easy to be fixed because if the stamp machine checks if the lock bit is on or off and then with a feedback way, the stamp machine can immediately know if your ticket is fake or not. So now we are going to study and study more about those kind of tickets and try to decode data and if you would like to help us, well, we are open minded and so we will give you the dumps and any help will be very accepted very well. That is the point. So we also thought about a solution for the time attack but it should require a fireman upgrade that theoretically enables the software encryption on the ticket. Because if you encrypt the ticket, you can just timestamp your ticket with your phone but we spoke of that with our transport company. They say, yeah, yeah, never did anything. We are still waiting that our vulnerability is fixed on the sub ground. We don't really know about that. And okay, we are working about a tool that should do it in any way that we can do everything automatically. Actually, it is written in Python and works on a Linux computer. You need a printer. Okay. Of course. Just, okay. That is the tool we use for decoding and writing the tickets. It is an NFC reader you can find everywhere. It is cheap. You can get free rides for your life. We start selling these if you want at the door after the talk. No. Okay. And we also wanted to buy Proxmark for further study but we really lack of money so we are also open to the nation. We accept Bitcoin. Yeah, Bitcoin of course. I don't know. And so I think that's it. If you have questions about how we get into it but I think, well, I don't know if you got the meaning of what we were speaking about. You know, it is a little bit difficult to speak in another language when you are outside. Well, but we try. And I think it has been a very good experience. I think, I hope you enjoyed this talk and I hope you got the clue. For us it was a very big, not surprise, but we were very happy to find something like that and to have been accepted here to explain you what we found. And if you want to test the vulnerability on your city, we are glad to receive feedback and also invitation for lunch, dinner, a coffee, everything. I think that speaking about things more in details wouldn't be so appreciated by you. I don't know if you will appreciate to speak about the very detail of those tickets but if you want in the Q&A you can ask us for further information and details about those tickets. So, you know, do you have any questions or? Yeah. They advertising on their website. Google. That was convenient. So there is a similar system that is in use in the Bay Area and so I am especially interested in what you were talking about with the time stamp because the San Francisco system, the way it works is you swipe to get on the bus the first time and you have 90 minutes to be able to do it. Okay. So you have the same system there. So it just amounts to changing the time stamp on that and you change it to now and you get 90 minutes from now to be able to ride and you can do that. That's your free for life system. Is that correct? Yeah. There is the work in progress because just a second. Okay. If you see, we are just guessing where the real time stamp is stored because we didn't have an MPC phone. So going on the tram with the computer, five tickets and an MPC, this is not so good. There's nothing suspicious about that at all. It happens all the time. In San Francisco anyway you see that stuff all the time. Okay. So if you have an invitation for San Francisco. To have you. Oh, okay. Thank you. Another question. Yeah. Is this research, are you going to get arrested when you go back? No. No. Wait. We sent a mail to the company explaining that we found this vulnerability. Yesterday. Not geeks so they can't reply very fast and so we are waiting now for a reply. No. We are publishing a white paper about that and we send it today to them but I hope they won't fix on the sub ground because I take sub ground very often. Okay. So if you want to read our white paper, it will be available. Yeah. We will share with you. Yeah. Most of the tool. Yeah. It's very bad written but works. Yes. Anyone else? No invitation?