Hi! I have written an article for Pentest Magazine recently and now it is published!

The topic is “Mifare Classic NFC Cards Cryptography Flaws Explained” and there I tried to describe some vulns caused by bad design and implementation of proprietary crypto-1 cryptosystem, and explain them for people who don’t have to deal with crypto every day.

So, there are three reasons to read this article:

  1. Mifare Classic is everywhere! Public transport, hotels, etc. Some cards were patched or emulated with Mifare Plus, but it is just another reason to test them, isn’t it?
  2. If you are penetration tester, but not RFID NFC hacker, you will know possible vulnerability sources in proprietary crypto software or hardware. Not all of them, but a nice part.
  3. if you are Software Developer or just responsible for design and implementation of some proprietary (or free) crypto in your products, you will know the wrong way to do this.

You can get corresponding Pentest Magazine issue here. Enjoy!