26C3 - 26C3 1.15

26th Chaos Communication Congress
Here be dragons

Henryk Plötz
Karsten Nohl
Tag Day 2 - 2009-12-28
Raum Saal1
Beginn 21:45
Dauer 01:00
ID 3709
Veranstaltungstyp Vortrag
Track Hacking
Sprache der Veranstaltung englisch

Legic Prime: Obscurity in Depth

Legic Prime is an artifact from the time when proprietary cryptography in RFID was considered secure enough. We will demonstrate a break for basically any aspect of Legic Prime's claimed security features. If you rely on Legic Prime's security for anything, start migrating.

Legic Prime uses obscurity as one of the main defenses against misuse, with readers and cards not readily available on the free market. The system employs multiple layers of strange and obscure techniques in lieu of proper encryption and cryptographic protocols, but promises great security and management features which other systems are lacking (and lacking for good reason).

Results to be announced in this talk:

  • Read arbitrary cards, even read protected ones
  • Emulate cards
  • Write to cards (the UID can't be changed, though)
  • Create arbitrary master tokens for the Master Token System Control
Archived page - Impressum/Datenschutz