26C3 - 26C3 1.15
26th Chaos Communication Congress
Here be dragons
| Speakers | |
|---|---|
|
Henryk Plötz |
|
Karsten Nohl |
| Schedule | |
|---|---|
| Day | Day 2 - 2009-12-28 |
| Room | Saal1 |
| Start time | 21:45 |
| Duration | 01:00 |
| Info | |
| ID | 3709 |
| Event type | Lecture |
| Track | Hacking |
| Language used for presentation | English |
| Feedback | |
|---|---|
|
Did you attend this event? Give Feedback |
Legic Prime: Obscurity in Depth
Legic Prime is an artifact from the time when proprietary cryptography in RFID was considered secure enough. We will demonstrate a break for basically any aspect of Legic Prime's claimed security features. If you rely on Legic Prime's security for anything, start migrating.
Legic Prime uses obscurity as one of the main defenses against misuse, with readers and cards not readily available on the free market. The system employs multiple layers of strange and obscure techniques in lieu of proper encryption and cryptographic protocols, but promises great security and management features which other systems are lacking (and lacking for good reason).
Results to be announced in this talk:
- Read arbitrary cards, even read protected ones
- Emulate cards
- Write to cards (the UID can't be changed, though)
- Create arbitrary master tokens for the Master Token System Control