Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2015-12-22 12:07:31

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

32c3 - talk about HITAG S

Someone going to 32c3 this year?  There will be a talk about Hitag S


Sicherheit von 125kHz Transpondern am Beispiel Hitag S
Ralf Spenneberg, Hendrik Schwartke, Oguzhan Cicek
Der Hitag S Transponder wird in verschiedensten Applikationen eingesetzt. Während Angriffe für den Hitag 2 bereits bekannt sind, gilt der Hitag S in der Literatur noch nicht als gebrochen. Wir haben die beschriebenen Angriffe auf den Hitag S übertragen. Wir sind in der Lage den Schlüssel zu brechen und Informationen wie das Kennwort zu ermitteln, obwohl diese zusätzlich vor Lesezugriff geschützt sind. In Abhängigkeit des gewählten Angriffs benötigen wir für das Brechen des Schlüssels zwischen mehreren hundert Tagen und 5 Minuten. Wir haben einen Emulator gebaut, der jeden Hitag S Transponder nachbilden kann. Wird der Transponder in einem Schließsystem eingesetzt, können wir so eine Schlüsselkopie erstellen. Basierend auf unseren Ergebnissen und den Erfahrungen mit anderen Transpondern aus dem 125kHz Bereich können wir nur vor dem Einsatz in sicherheitskritischen Bereichen warnen.

Presention: https://events.ccc.de/congress/2015/Fah … /7166.html

Last edited by iceman (2015-12-22 12:12:00)

Offline

#2 2015-12-30 14:34:32

ikarus
Contributor
Registered: 2012-09-20
Posts: 249
Website

Re: 32c3 - talk about HITAG S

Yep, I was there (and still am smile )

You can watch the talk on media.ccc.de.
Unfortunately it is one of the rare talks in German.

To wrap things up: Hitag S is broken. They developed some attacks that  - depending on
some factors - can crack the keys within 5 minutes and hundreds of days...
Also they build an emulator to emulate Hitag S tags.

They promised to release their paper on January 1st, 2016. They also promised to release (some of) the code
they developed for the proxmark3. We will see...

Greetings from the 32C3!
  ikarus

Offline

#3 2016-01-01 22:54:59

jump
Contributor
Registered: 2015-04-29
Posts: 57

Re: 32c3 - talk about HITAG S

Don't know if this is related to the talk at 32C3 but here is a recent advisory about Hitag S: http://seclists.org/bugtraq/2016/Jan/4

This attack still requires 5 days of computation using SAT solver based on 2 sniffed challenges.

Offline

#4 2016-01-02 17:54:35

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: 32c3 - talk about HITAG S

that is cool, ill have to look into the sat solver solution sgain. i never got it to work last time i tried it.

Offline

#5 2016-02-08 10:56:09

Joshm
Member
Registered: 2016-02-03
Posts: 5

Re: 32c3 - talk about HITAG S

any news regarding the code to communicate with Hitag S transponders and readers?

Offline

#6 2016-02-11 21:54:21

ikarus
Contributor
Registered: 2012-09-20
Posts: 249
Website

Re: 32c3 - talk about HITAG S

@jump

jump wrote:

Don't know if this is related to the talk at 32C3 but here is a recent advisory about Hitag S: http://seclists.org/bugtraq/2016/Jan/4

Related... This is the advisory from the team that held the talk at the 32C3.
You can find the PDF version of it on their website.

@Joshm
As far as I know, no code has been released yet. I wrote a mail to them. Lets wait and hope they will share their knowledge with us. wink


Edit:
(German) sildes of the talk.

Last edited by ikarus (2016-02-11 21:58:34)

Offline

#7 2016-02-13 17:01:39

ikarus
Contributor
Registered: 2012-09-20
Posts: 249
Website

Re: 32c3 - talk about HITAG S

Got a response. They said the code is unfinished and undocumented and therefore has not been released yet.
The guy who wrote the code (Oguzhan Cicek) is very busy with earning his masters degree. He will try to get
the code ready soon (during the next semester break).

Offline

#8 2016-02-13 17:57:24

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: 32c3 - talk about HITAG S

If we are lucky!

Offline

Board footer

Powered by FluxBB