9

How can I clone an encrypted Mifare DESfire EV1 Card? Tried a 13.56Mhz Reader/writer from eBay but didn't work properly... I need to find any possible way of doing this.

user146719
  • 91
  • 1
  • 1
  • 2

2 Answers2

8

You would need to extract the key of the card, which is what these cards generally protect against. Authentication protocols in general depend on a challenge response. In case of Mifare EV1 this is done with AES or 3DES. Basically the nonce (incase of DESfire 2 nonces) are encrypted:

  • Reader sends b1,b2
  • Card replies 3DES(b1)
  • Card replies 3DES(b2)
  • Reader verifies if these nonces have the correct encrypted value and authenticates or rejects

You can't just clone the card, it's not a simple card that simply supplies an ID. In case of this smart card you would need to extract the key which isn't easy.

There is some documentation on how to do this with side-channel attacks.

Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196
2

I'm doing a security feasibility study at the moment. Short answer: No, you can not (at this point) MIFARE Classic has been hacked some years ago, so NXP upgraded their security. At the moment there is no 'solution' available to clone DESfire.(or DNA version) Cloning requires reading encryption keys, file structure, ... but without the the proper secret keys, this is not possible. (or would take an almost infinite amount of time)

  • Can you publish your study? I'm working on a thesis that touches that subject and I'd love to reference your study. – Mike May 14 '19 at 15:49