The Mifare Classic cards was created by a company called NXP Semiconductors (old Philips Electronics).
The card utilize the standard ISO 14443 Type A protocol for communication on frequency 13.56 MHz (High Frequency)
The cryptography utilized in the Mifare Classic cards (CRYPTO1) was decided to be maintained in secrecy by NXP Semiconductors. (security by obscurity)
More than 3,5 billions cards was produced over the years and more than 200 millions still in use on systems today.
Keys with only 48 bit of length (Brute-force feasible –
with FPGA aprox. 10h to recover one key)
• The LFSR (Linear Feedback Shift Register) used by RNG is predictable (constant initial condition).
– Each random number only depends of the quantity of clock cycles between: the time when the reader was turned up and the time when the random number is requested.
• Since an attacker controls the time of protocol, he is able to control the generated random numbers and that way recover the keys from communication.
In 2008 a research group from Radboud University published the full CRYPTO-1 cipher by analyzing the communication between tag and reader
So, don't use MiFare Classic cards system anymore, upgrade to MiFare Plus now.
Contact us for more information.