26C3 - 26C3 1.15

26th Chaos Communication Congress
Here be dragons

Speakers
Henryk Plötz
Karsten Nohl
Schedule
Day Day 2 - 2009-12-28
Room Saal1
Start time 21:45
Duration 01:00
Info
ID 3709
Event type Lecture
Track Hacking
Language used for presentation English
Feedback

Legic Prime: Obscurity in Depth

Legic Prime is an artifact from the time when proprietary cryptography in RFID was considered secure enough. We will demonstrate a break for basically any aspect of Legic Prime's claimed security features. If you rely on Legic Prime's security for anything, start migrating.

Legic Prime uses obscurity as one of the main defenses against misuse, with readers and cards not readily available on the free market. The system employs multiple layers of strange and obscure techniques in lieu of proper encryption and cryptographic protocols, but promises great security and management features which other systems are lacking (and lacking for good reason).

Results to be announced in this talk:

  • Read arbitrary cards, even read protected ones
  • Emulate cards
  • Write to cards (the UID can't be changed, though)
  • Create arbitrary master tokens for the Master Token System Control