Topic: Mifare ultralight C 3DES authentication

Hello,

Does anyone has information on how to authentication a mifare ultralight C (using Triple DES) algorithm or has a library?

Thanks for your help !

Re: Mifare ultralight C 3DES authentication

Hi

I have never tried to use a Mifare Ultralight C (I don't have such tags to test) but AFAIK, it should be somewhat similar to (3)DES with Mifare DESFire tags, and the libfreefare [1] actualy performs well for that.  You may want to give it a try. The HACKING file in the project's root give you some pointers about how to start hacking the libfreefare.

References:
  1. http://code.google.com/p/nfc-tools/wiki/libfreefare

Re: Mifare ultralight C 3DES authentication

Hello,

Thanks for your quick answer.

I've seen in another posts that some function had been written for mifare DESfire on this library.

In fact, I've developped my own hardware with an CLRC632 IC reader, one year ago. I've ported some function of the library of the librfid project. I use an 8-bit microcontroller (atmega), so I had to reduce drastically size code.

But I recently see that attack are more and more easier to do on "old generation" mifare that are based on crypto-1 algorithm.

So I was wondering if I had to redesign my board with a SAM (but I have no information on these IC or library example, and these information are protected by a NDA from NXP, and the IC are expensive and not easy to find),
-OR-
if it would be possible (theoritically and/or technically) to implement on software the "role" of the SAM (I mean using the simple transceive function of the CLRC632 for sending APDU data), and to run cryptographic function (AES and 3DES) for authentication on a microcontroller (let's say an ARM Cortex). The goal is to run new authencitation function used by mifare plus and ultralight C.

Is there way to find information on the frame format to send or is reverse engineering required? I've seen some part of information on API gived by USB reader (ACR122 and so on).

Thanks

Re: Mifare ultralight C 3DES authentication

george.dujardin wrote:

In fact, I've developped my own hardware with an CLRC632 IC reader, one year ago. I've ported some function of the library of the librfid project. I use an 8-bit microcontroller (atmega), so I had to reduce drastically size code.

I see… This is clearly not the libfreefare's targetted audience :-)

george.dujardin wrote:

So I was wondering if I had to redesign my board with a SAM (but I have no information on these IC or library example, and these information are protected by a NDA from NXP, and the IC are expensive and not easy to find),
-OR-
if it would be possible (theoritically and/or technically) to implement on software the "role" of the SAM (I mean using the simple transceive function of the CLRC632 for sending APDU data), and to run cryptographic function (AES and 3DES) for authentication on a microcontroller (let's say an ARM Cortex). The goal is to run new authencitation function used by mifare plus and ultralight C.

I have never experimented with a SAM so maybe I don't see some obvious limitation, but the SAM is just a SmartCard, and I see no reason you could not build a SmartCard with all features you want in it, and with the components you want.

george.dujardin wrote:

Is there way to find information on the frame format to send or is reverse engineering required? I've seen some part of information on API gived by USB reader (ACR122 and so on).

I guess (again, never tried) it may depend on the chip that interconnects the SAM and the PICC (via the antena). So maybe the answer is in your device's documentation.  If not, maybe we can hopefully imagine that there is some "standard" that all SAM are expected to implement.  I don't have any idea about where to look at for such "standard specifications" but would be interrested in beeing informed about the results of your search regarding all this.

Thanks!