Chameleon: A Versatile Emulator for Contactless Smartcards

We develop a new, custom-built hardware for emulating contactless smartcards compliant to ISO 14443. The device is based on a modern low-cost microcontroller and can support basically all relevant (cryptographic) protocols used by contactless smartcards today, e.g., those based on AES or Triple-DES. As a proof of concept, we present a full emulation of Mifare Classic cards on the basis of our highly optimized implementation of the stream cipher Crypto1. The implementation enables the creation of exact clones of such cards, including the UID. We furthermore reverse-engineered the protocol of DESFire EV1 and realize the first emulation of DESFire and DESFire EV1 cards in the literature. We practically demonstrate the capabilities of our emulator by spoofing several real-world systems, e.g., creating a contactless payment card which allows an attacker to set the stored credit balance as desired and hence make an infinite amount of payments.

[1]  Christof Paar,et al.  EM Side-Channel Attacks on Commercial Contactless Smartcards Using Low-Cost Equipment , 2009, WISA.

[2]  Christof Paar,et al.  An Embedded System for Practical Security Analysis of Contactless Smartcards , 2007, WISTP.

[3]  Bart Jacobs,et al.  Dismantling MIFARE Classic , 2008, ESORICS.

[4]  Flavio D. Garcia,et al.  Wirelessly Pickpocketing a Mifare Classic Card , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[5]  Michael Silbermann Security Analysis of Contactless Payment Systems in Practice , 2010 .

[6]  Christof Paar,et al.  All You Can Eat or Breaking a Real-World Contactless Payment System , 2010, Financial Cryptography.

[7]  Flavio D. Garcia Proof of concept , cloning the OV-Chip card Public transport system in The Netherlands , 2008 .

[8]  Jean-Louis Lanet,et al.  Smart Card Research and Advanced Application, 9th IFIP WG 8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14-16, 2010. Proceedings , 2010, CARDIS.

[9]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[10]  Martín Abadi,et al.  Code-Carrying Authorization , 2008, ESORICS.

[11]  David Evans,et al.  Reverse-Engineering a Cryptographic RFID Tag , 2008, USENIX Security Symposium.

[12]  Patel,et al.  Information Security: Theory and Practice , 2008 .

[13]  Nicolas Courtois,et al.  The Dark Side of Security by Obscurity - and Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime , 2009, SECRYPT.

[14]  Flavio D. Garcia,et al.  A Practical Attack on the MIFARE Classic , 2008, CARDIS.