RFID technologies are becoming more and more prevalent in our lives. This motivated us to study them, and in particular to study the MIFARE ULTRALIGHT chips, which are widely used in public/mass transport systems. We focused on multiple-ride tickets, and were surprised that MIFARE ULTRALIGHT chips do not seem to use any type of encryption. We were excited at the idea of simply cloning a new, unused ticket onto older ones to "refill" them. Our excitement was cut short by a security feature called OTP. OTP, in the context of MIFARE chips, is a sector of the data that can be edited (initialized) only one time. In this way, the ticket can store how many rides you still have, and this value cannot be changed back.
After much tinkering, we were able to completely bypass this security feature, by (ab)using a separate security feature, the so-called "lockbyte sector". Join us in this session to learn how we found out how to use security features of the chip against each other, and obtain endless free rides with a 5-ride ticket.
bughardy (@_bughardy_) In 2013 bughardy ended his high school studies in Italy and has been admitted at Politecnico of Torino ( Turin ) in Telecommunication Engineering. His interests are Network Security and Hacking, He loves WiFi networks, and wireless connectivity. Bughardy is currently working with Eagle1753 on a WiFi security book. In dark nights, he dreams of one day being a pentester.
Eagle1753 (@Eagle1753) is a student at Politecnico of Torino (Turin).Eagle1753 is currently working together with bughardy on a WiFi security book, and is interested in wireless networks of any kind. He likes to study how things work, is very fond of Physics, in particular he loves electricity and sparks. He started programming databases, and one day hopes to become a developer in Robotics. According to his opinion, everyday life is a challenge and we all need challenges in order to go further in life.