Be Excellent To Each Other :: View topic

Lave wrote:

I watched a video of some people clone a swedish card (that uses the same system as the Oyster aparently) then entered the building it contained.

But I couldnt get all the details as it was in the foreign, so thanks for the info.

Linky? I'd be interested.
There's a lot you can do with the fact that many operators leave the default key in place (FF FF FF FF FF FF)

Or it could have been a simple replay attack. Mifare classic can't avoid that, DESFire can.

Edit: Sorry mimi, forgot which thread I was ranting in there

Ahem.

How about little felt monkehs with a mifare chip and antenna in them?

OK, looks like they do have the secret key there (you can see them replacing the default one in the PC app).

If, as they claim, they got that by talking to the card reader on the door, then they must also have a working copy of the algorithm on the PC, and probably brute-force decrypted to get the key (I think that's what the laptop was doing at the start?).

The actual card cloning part is then straight forward, no hackery needed.

So, if you're determined you can do that, but if it was a building that was supposed to be properly secure then they wouldn't be relying on a single, weak method of verification anyway.

I've haven't really read about it, so I'm not sure what the new problem is thats greater than this one from back in march.

Author:	Dr Lave [ Mon Jul 21, 2008 23:24 ]
Post subject:	Hack my Oyster
kalmar wrote: Lave wrote: I watched a video of some people clone a swedish card (that uses the same system as the Oyster aparently) then entered the building it contained. But I couldnt get all the details as it was in the foreign, so thanks for the info. Linky? I'd be interested. There's a lot you can do with the fact that many operators leave the default key in place (FF FF FF FF FF FF) Or it could have been a simple replay attack. Mifare classic can't avoid that, DESFire can. Edit: Sorry mimi, forgot which thread I was ranting in there Ahem. How about little felt monkehs with a mifare chip and antenna in them? It's hard to find the original stuff, as the new news has eclipsed the old news when googling. This is a basically what I saw though: http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/ From March. I don't know the ins and outs of it all, because the thesis means I can't spend all hours of the day reading up on some geeky topic. For the next 42 days at least. Then I'll be all over it.

Author:	kalmar [ Mon Jul 21, 2008 23:38 ]
Post subject:	Re: Hack my Oyster
OK, looks like they do have the secret key there (you can see them replacing the default one in the PC app). If, as they claim, they got that by talking to the card reader on the door, then they must also have a working copy of the algorithm on the PC, and probably brute-force decrypted to get the key (I think that's what the laptop was doing at the start?). The actual card cloning part is then straight forward, no hackery needed. So, if you're determined you can do that, but if it was a building that was supposed to be properly secure then they wouldn't be relying on a single, weak method of verification anyway.

Author:	Dr Lave [ Mon Jul 21, 2008 23:41 ]
Post subject:	Re: Hack my Oyster
kalmar wrote: OK, looks like they do have the secret key there (you can see them replacing the default one in the PC app). If, as they claim, they got that by talking to the card reader on the door, then they must also have a working copy of the algorithm on the PC, and probably brute-force decrypted to get the key (I think that's what the laptop was doing at the start?). The actual card cloning part is then straight forward, no hackery needed. So, if you're determined you can do that, but if it was a building that was supposed to be properly secure then they wouldn't be relying on a single, weak method of verification anyway. It's pretty much all my University uses. But then they are idiots and whenever there is a power cut they have to hire a guards to cover each door! I've haven't really read about it, so I'm not sure what the new problem is thats greater than this one from back in march.

Author:	kalmar [ Mon Jul 21, 2008 23:45 ]
Post subject:	Re: Hack my Oyster
Lave wrote: I've haven't really read about it, so I'm not sure what the new problem is thats greater than this one from back in march. I think it was that they showed you how to get the algo out of the card, or actually physically published it (which would be a bit naughty tbh). Haven't actually seen the article myself either though.

Author:	Dr Lave [ Mon Jul 21, 2008 23:48 ]
Post subject:	Re: Hack my Oyster
Ah that makes sense. But I suppose if they have got it and they didn't publish, then the oyster card is only secure through (minimal) obscurity, so it's just as fucked pretty much. Cheers!

Be Excellent To Each Other https://www.beexcellenttoeachother.com/forum/

Hack my Oyster https://www.beexcellenttoeachother.com/forum/viewtopic.php?f=3&t=1382	Page 1 of 1

Page 1 of 1	All times are UTC [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/