Proxmark3 developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2009-06-10 14:57:22

djrevmoon
Contributor
Registered: 2008-06-23
Posts: 13

Hitag2 crack ne1?

Hi all,

i was wondering, since the Hitag2 algorithm is practically the same as crypto1, is there anyone who has modified crapto1 to crack hitag2 keys? As far as I can tell, one would need to change some constants, but does hitag2 possess the same weaknesses as crypto1?

Offline

#2 2009-06-10 17:57:48

djrevmoon
Contributor
Registered: 2008-06-23
Posts: 13

Re: Hitag2 crack ne1?

hat wrote:

no it does not have the same weakness as crypto1. The main weakness being exploited in crapto1 (besides weak nonce generation), is the fact that all the taps for the non linear function are odd. Which cleverly allows to split the problem of finding an 48bit key into two smaller problems of finding 24bit keys.

hitag2 however has odd en even taps.

on the other hand, the cipher is similarly lacking nonliniarity. Hence other approaches are sure to work. Like the minisat way they demonstrated at the last 3c

thanks hat, I'll check that out. Maybe someone here has relevant minisat stuff they can share?

Offline

#3 2009-07-27 03:00:15

henryk
Contributor
Registered: 2009-07-27
Posts: 99

Re: Hitag2 crack ne1?

Yes, the minisat stuff applies to hitag, though not as cleanly as for Mifare Classic. The Hitag2 protocol unfortunately give only about 32 bits (plus maybe 1 or 2 bits) of keystream per challenge/response-pair, so you need two challenge/response-pairs to get enough data to break the 48 bit key. Expect to hear about it at HAR2009.

Offline

#4 2009-08-20 17:38:42

modman
Member
Registered: 2009-08-20
Posts: 2

Re: Hitag2 crack ne1?

henryk wrote:

Expect to hear about it at HAR2009.

Hi, I was listening to your lecture @ HAR, very nice :-) Right now I wanted to re-read some of the stuff I heard, but <https://har2009.org/program/attachments … crypto.pdf> seems to be damaged. Where can I get a correct version?

You also used a cli tool named "hitag" to extract data from the sound file, I guess this are your few lines of c code you mentioned. Is this tool available as well?

Regs., modman

Offline

#5 2009-08-23 01:33:57

henryk
Contributor
Registered: 2009-07-27
Posts: 99

Re: Hitag2 crack ne1?

modman wrote:

Hi, I was listening to your lecture @ HAR, very nice :-) Right now I wanted to re-read some of the stuff I heard, but <https://har2009.org/program/attachments … crypto.pdf> seems to be damaged. Where can I get a correct version?

Thanks! Those are Karsten's slides, and apparently the initial upload failed. He says he already uploaded a fixed version into the submission system, but that might take some time to get published on the website.

modman wrote:

You also used a cli tool named "hitag" to extract data from the sound file, I guess this are your few lines of c code you mentioned. Is this tool available as well?

Not yet, this is extremely dirty "learning while experimenting" code and I want to do some things to it before publishing. Shouldn't take more than a week.

Offline

#6 2009-08-25 18:26:20

rule
Administrator
Registered: 2008-05-21
Posts: 416

Re: Hitag2 crack ne1?

I've gathered and uploaded some docs I had laying around concerning the hitag2 chip.
You can find them in the files section.

Offline

#7 2009-08-26 17:00:18

adam@algroup.co.uk
Contributor
From: UK
Registered: 2009-05-01
Posts: 203
Website

Re: Hitag2 crack ne1?

Fixed section two slides are now online here:

https://har2009.org/program/attachments … crypto.pdf

Offline

#8 2009-09-29 20:18:47

thefkboss
Contributor
Registered: 2008-10-26
Posts: 198

Re: Hitag2 crack ne1?

hi
i would like to help.
i don´t know if this could help you.
is the source code to break hitag2
http://cryptolib.com/ciphers/hitag2/

Offline

#9 2010-03-15 05:12:05

CardSaysMoops
Contributor
Registered: 2010-03-07
Posts: 19

Re: Hitag2 crack ne1?

Henryk, any thoughts on posting the HITAG2 decoding tool or folding it into the proxmark 3?
Thanks,
CSM

Offline

#10 2010-04-14 13:03:11

ud
Member
Registered: 2010-01-04
Posts: 3

Re: Hitag2 crack ne1?

Hi,

could someone summarize the state of security of hitag2?
These postings and the slides suggest that the best known attack on hitag2 takes about 6 CPU hours. Is this correct? But in order to carry out the attack, you need two challenge/response pairs? There is no card-only or reader-only attack like we have seen with mifare classic?

ud

Offline

#11 2014-06-09 20:05:04

eskizle
Contributor
Registered: 2011-07-18
Posts: 26

Re: Hitag2 crack ne1?

With this paper:

https://www.usenix.org/sites/default/files/conference/protected-files/verdult_usenixsecurity12_slides.pdf

Does the attack have been implemented on the proxmark ?

Offline

#12 2014-06-09 20:23:40

eskizle
Contributor
Registered: 2011-07-18
Posts: 26

Re: Hitag2 crack ne1?

anything i could find on a possible implementation is:

https://code.google.com/p/cryptanalysis-of-hitag2/

I'm trying to compile. I keep you informed.

Offline

Board footer

Powered by FluxBB