Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hi all,
i was wondering, since the Hitag2 algorithm is practically the same as crypto1, is there anyone who has modified crapto1 to crack hitag2 keys? As far as I can tell, one would need to change some constants, but does hitag2 possess the same weaknesses as crypto1?
Offline
no it does not have the same weakness as crypto1. The main weakness being exploited in crapto1 (besides weak nonce generation), is the fact that all the taps for the non linear function are odd. Which cleverly allows to split the problem of finding an 48bit key into two smaller problems of finding 24bit keys.
hitag2 however has odd en even taps.
on the other hand, the cipher is similarly lacking nonliniarity. Hence other approaches are sure to work. Like the minisat way they demonstrated at the last 3c
thanks hat, I'll check that out. Maybe someone here has relevant minisat stuff they can share?
Offline
Yes, the minisat stuff applies to hitag, though not as cleanly as for Mifare Classic. The Hitag2 protocol unfortunately give only about 32 bits (plus maybe 1 or 2 bits) of keystream per challenge/response-pair, so you need two challenge/response-pairs to get enough data to break the 48 bit key. Expect to hear about it at HAR2009.
Offline
Expect to hear about it at HAR2009.
Hi, I was listening to your lecture @ HAR, very nice :-) Right now I wanted to re-read some of the stuff I heard, but <https://har2009.org/program/attachments … crypto.pdf> seems to be damaged. Where can I get a correct version?
You also used a cli tool named "hitag" to extract data from the sound file, I guess this are your few lines of c code you mentioned. Is this tool available as well?
Regs., modman
Offline
Hi, I was listening to your lecture @ HAR, very nice :-) Right now I wanted to re-read some of the stuff I heard, but <https://har2009.org/program/attachments … crypto.pdf> seems to be damaged. Where can I get a correct version?
Thanks! Those are Karsten's slides, and apparently the initial upload failed. He says he already uploaded a fixed version into the submission system, but that might take some time to get published on the website.
You also used a cli tool named "hitag" to extract data from the sound file, I guess this are your few lines of c code you mentioned. Is this tool available as well?
Not yet, this is extremely dirty "learning while experimenting" code and I want to do some things to it before publishing. Shouldn't take more than a week.
Offline
I've gathered and uploaded some docs I had laying around concerning the hitag2 chip.
You can find them in the files section.
Offline
Fixed section two slides are now online here:
Offline
hi
i would like to help.
i don´t know if this could help you.
is the source code to break hitag2
http://cryptolib.com/ciphers/hitag2/
Offline
Henryk, any thoughts on posting the HITAG2 decoding tool or folding it into the proxmark 3?
Thanks,
CSM
Offline
Hi,
could someone summarize the state of security of hitag2?
These postings and the slides suggest that the best known attack on hitag2 takes about 6 CPU hours. Is this correct? But in order to carry out the attack, you need two challenge/response pairs? There is no card-only or reader-only attack like we have seen with mifare classic?
ud
Offline
With this paper:
https://www.usenix.org/sites/default/fi … slides.pdf
Does the attack have been implemented on the proxmark ?
Offline
anything i could find on a possible implementation is:
https://code.google.com/p/cryptanalysis-of-hitag2/
I'm trying to compile. I keep you informed.
Offline
Pages: 1