HID iCLASS™ security demystified
As rumors are flying high, we would like to make some clarifications concerning the key vulnerabilities we found. The most important finding of our research is that HID iCLASS Standard Security cards can be easily read and copied with low cost consumer USB RFID readers due to the fact that the same two keys were used world-wide for all HID iCLASS Standard Security installations.
An in-depth description of our security analysis can be found in our white paper Heart of Darkness - exploring the uncharted backwaters of HID iCLASS security.
Meet us on recon.cx in Montreal on July 14-16, 2012
Meet Milosch and Brita of the OpenPCD hardware team on recon.cx in Montreal, Canada! We will give a comprehensive 2 day training session about exploiting RFID systems Holistic NFC hacking - emulating the guts out of RFID with lots of practical real world examples, how recent RFID hacking tools are used and have a hands-on-world-premiere of a new RFID hacking/emulation tool based on OpenPCD 2.
Sniffing iCLASS cards
You can use OpenPICC SnifferOnly 13.56MHz to sniff iCLASS RFID card/reader transactions and decode the sniffed data verbosely.
- visit our Q&A Section
- very nicely documented tutorial on Dumping iClass Keys directly from the PIC RAM
- Dismantling iClass and iClass Elite - cool paper about details on HIDs iCLASS High Security authentication and related security fallacies
- Exposing iClass Key Diversification - Paper about iClass Standard Security card key diversification.
- The iCLASS On-Air-Protocol is compatible to PicoPass. Enjoy page 43 which reveals that the actual card authentication doesn't use DES, but is "based on a proprietary symmetric cryptographic algorithm". This is especially exciting as we were able to extract the reader firmware that contains this crypto algorithm.
- iClass Card Cloning using an RW300 Reader/Writer - Paper about iClass High Security Key derivation
- HID iClass R10CGNN and 6100CGN Reader Firmware Programmer Pinout
- iCLASS Levels of Security - Explains which security mechanisms are used for each particular security level. It shows that for iCLASS high security the 3DES content encryption key (as used in Standard Security mode) can't be modified. Only iCLASS Elite seems to allow changing the 3DES content encryption key.
- iCLASS card memory map
- Contactless Smart Card Readers: HID OMNIKEY Developer Guide - talking to an iCLASS™ enabled OMNIKEY RFID reader.
- CP400 security FAQ - Explains the difference between the different security levels of iCLASS™.
- Understanding Card Data Formats - card data payload format
- Format and Facility (Site) Code explained
- Glossary of iCLASS™ Terms
For active development please use:
Cloning and modifying HID Standard Security iCLASS™ Cards
- Every HID Standard Security iCLASS™ card can be copied, read, decrypted and modified using an off-the-shelf HID Omnikey USB reader (HID Omnikey 5312 and 6321 do fine - CLi versions are not needed) as the same encryption and authentication keys are shared across all HID iCLASS Standard Security installations. The used readers can be bought in most online computer stores - as they're the Volkswagen of RFID.
- A Standard Security HID iCLASS RFID card can be read without the owners knowledge or consent wirelessly. Imagine for example copying a card from a back pocket or wallet in a subway without physical contact.
- The keys needed for this attack were already extracted from old readers - but are valid for the latest HID iCLASS readers in Standard Security mode as well.
- Once the content of a HID iCLASS Standard Security RFID card is read, it can be copied to a second Standard Security card. Blanks card are not needed for this attack.
- Any Standard Security ICLASS Card can be overwritten with the content of any other Standard Security iCLASS card. As the card hardware ID is not transmitted to the back end it can't discover that a copy was presented to the system.
- The back end system can't detect card copies, unless the attacker doesn't enter the building with his card copy while the the original owner is in the building (or vice versa) - creating a collision using the same card entering twice without leaving before. It's impossible to detect such a mismatch in systems where you don't have to swipe cards before leaving the site. Counters on the card won't help as long as these counters are not transmitted to the back end system and processed correctly or if these counters can be predicted.
- New HID iCLASS Standard Security cards and tokens can be easily obtained over the internet in large quantities.
iCLASS Biometrics & PIN code security
- HID Standard Security iCLASS cards with PIN code/biometrics don't provide additional security as such cards can be read/copied from other users, decrypted, modified if needed and re-encrypted. The fingerprint template can be changed to the fingerprint template of the attacker on HID Standard Security iCLASS cards - allowing the attacker to enter with his own finger print using the modified original card or a card copy.
iCLASS Reader Security and High Security mode
- Extracting the High Security key from a reader is equally simple as extracting the Standard Security key. The only difference is that the High Security Key is stored at a different memory offset in the configuration EEPROM. The extracted high security key can't be used right away in an Omnikey desktop reader, as the card key derivation algorithm seems to be different for High Security Mode cards. It is possible to copy the extracted key to a configuration card or to the attackers reader.
- Interestingly the configuration card for high security mode stores only 64 bit as authentication key from the original 128 bit high security key (all bits significant). As a result the High Security key which is stored in the reader configuration is only 64 bits. The content encryption 3DES key wasn't changed by the High Security configuration cards we tested - it remained the same as in standard security mode configuration. It looks like there are several levels of "High Security". The "High Security" cards we tested don't provide high security as they depend solely on a 64 bit secret and are thus vulnerable to brute-force attacks.
Cloning and modifying iCLASS reader configuration cards
- Any Configuration Card for HID iCLASS Standard Security RFID Readers can be copied and/or modified with the described HID Omnikey 5312 and 6321 readers . The 3DES content encryption key and DES authentication key for configuration cards are the same as for Access Control Standard Security Cards. Again - blank cards are not needed for copying configuration cards, any standard security card can be used as a target for the copy.
- Denial of Service of Standard Security Reader Installations is possible as attackers can create rogue configuration cards that turn Standard Security readers into High Security mode with a key only known by the attacker - rendering them unusable.
Cloning and modifying HID High Security iCLASS™ Cards
- iCLASS High Secrity doesn't automatically mean that a 3DES key distinct from the High Security key has been used. We haven't seen High Security Systems yet with distinct payload key yet - but we believe they exist.
- Although read requests can be sniffed easily and decode in most cases as the same 3DES keys are used as in Standard Security for content encryption, it isn't possible to copy one card content to a second card without knowing the card key, as write request require a cryptographic signature. This is also true in case of pre-authenticated cards in Man-In-The-Middle attacks.
- High Security and Elite Cards can't be copied, modified or read without knowing the customer specific keys - High Security Level 2 cards can be sniffed and decrypted.
- Switching quickly from Standard Security mode to Elite Security is mandatory in order to increase the effort for possible attackers. It needs to be understood, that we don't claim that iCLASS High Security Level 3 (Elite or Field Programmer) mode is sufficiently secure for Access Control. The attack complexity for iCLASS High Security systems is higher than for iCLASS Standard Security mode systems. This increase of attack complexity hopefully gives the existing users the time needed to migrate to more secure cards and readers. In the longer run we discourage users from using iCLASS cards as the On-Air Protocol is not hardened against Man-In-The-Middle attacks and 32 bit signatures are used during the authentication sequence of the card.
Analyzing a modern cryptographic RFID system
This section provides additional material for the talk Analyzing a modern cryptographic RFID system at the 27th Chaos Communication Congress in Berlin about HID iCLASS™.
- Heart of Darkness - exploring the uncharted backwaters of HID iCLASS security
- Analyzing a Modern Cryptographic RFID System - HID iCLASS demystified
- The source code can be found in our git repository for occasional browsing - download as zip or tar.bz2 archive.
Breaking Microchip PIC18F CPU copy protection
One of the challenges of breaking iCLASS RFID readers, was to extract the Firmware and the security keys of RW400 readers without leaving visible traces like breaking the case open. This challenge could be solved by finding a vulnerability in PIC18FXX2/XX8 micro controllers that allows dumping the firmware by only accessing the ICSP pins.
This attack is described in full length in our paper Heart of Darkness - exploring the uncharted backwaters of HID iCLASS security.
Data sheets of the attacked PIC18F452 CPU:
A Spin-Off project for breaking the Copy Protection of the PIC18FXX2/XX8 is the upcoming OpenICSP project that provides a low level ICSP interface for PIC micro controllers - probably useful for evaluation security of other PIC micro controllers.
A first release of our code can be found in our repository. Full zip and tar.bz2 archives are available for download here. This is a very early hack for security evaluation of the PIC18 micro controller. The 12V programming voltage currently is switched manually - we will clean up the code and the hardware in the next few months and release it under http://www.OpenICSP.org .
As you can see in the picture on the right a standard TTL-232R-5V-WE cable from FTDI was used to access the CPU Debug interface on a low level. The 2-way switch in the picture was used to switch between 12V VPP programming voltage and 5V programming voltage manually. This manual switching of VPP will be done in software on a dedicated OpenICSP hardware release.