Hide/Show Apps

Brute Force Cryptanalysis of MIFARE Classic Cards on GPU

MIFARE Classic is the most widely deployed contactless smartcard on the market. However, many active and passive attacks are provided after its proprietary stream cipher CRYPTO1 was reverse engineered. The short 48-bit key of the CRYPTO1 cipher, leaked parity bits and the encrypted error code that is sent after a failed authentication (which is corrected in the hardened new cards) allow the adversary to perform offline brute force attack and avoid detection. Such an attack requires wireless interaction with a card for less than a second and then a brute force attack which was shown to take around 9 days on a single GTX280 GPU. We optimized this brute force attack on modern GPUs by using bitsliced implementation technique and observed that a brute force attack on a GTX970 GPU can be performed in less than 5 hours. Although this attack is not applicable to hardened MIFARE Classic cards, a similar attack using the short key length and the leaked parity bits can be performed when a single key is known, possibly using the default keys for unused sectors. Such an attack requires wireless interaction with a card for less than a second and then a brute force attack which was shown to take approximately one month on a single GTX460 GPU. Our bitsliced implementation of this attack takes less than 7 hours on a GTX970 GPU.