“BREAKMEIFYOUCAN!”: Exploiting Keyspace Reduction and Relay Attacks in 3DES and AES-protected NFC Technologies

Transcript

1. BREAKMEIFYOUCAN! Exploiting Keyspace Reduction and Relay Attacks in 3DES and

   AES-protected NFC Technologies Philippe Teuwen · Nathan Nye Tiernan Messmer · Steven Mauch · Struan Clark · Zinong Li · Zachary Weiss · Lucifer Voeltner 30 May 2026 - Hardwear.io USA 1

2. WHO'S WHO NATHAN NYE Staff Security Engineer PHILIPPE TEUWEN Senior

   Principal Hardware Security Organizing Hardware CTFs since 2017 MIFARE Classic: exposing the static encrypted nonce variant 2024 EEPROM: It Will All End in Tears 2021, w/ Iceman 2 Working on space vehicles since 2023 Ultra-Efficient MIFARE Classic Attacks and New Frontiers in Smartcard Security 2023

3. WHO'S WHO NATHAN NYE Staff Security Engineer PHILIPPE TEUWEN Senior

   Principal Hardware Security Organizing Hardware CTFs since 2017 MIFARE Classic: exposing the static encrypted nonce variant 2024 EEPROM: It Will All End in Tears 2021, w/ Iceman 3 Working on space vehicles since 2023 Ultra-Efficient MIFARE Classic Attacks and New Frontiers in Smartcard Security 2023

4. WHAT IS NEXT? 4

5. NXP MIFARE ULTRALIGHT FAMILY 2001 Ultralight Auth: None OTP 2008

   Ultralight C Auth: 2TDEA (3DES) 2012 Ultralight EV1 Auth: 32-bit plain pwd 2022 Ultralight AES Auth: AES-128 Comms: optional CMAC 2011 NTAG 20x Auth: 32-bit plain pwd 2013 NTAG 21x Auth: 32-bit plain pwd 2022 NTAG 22x DNA Auth: 32-bit pwd / AES-128 Secure Unique NDEF w/ CMAC Ubiquitous in transport, hospitality, events, anti-counterfeiting,... 5

6. NXP MIFARE ULTRALIGHT FAMILY 2001 Ultralight Auth: None OTP 2008

   Ultralight C Auth: 2TDEA (3DES) 2012 Ultralight EV1 Auth: 32-bit plain pwd 2022 Ultralight AES Auth: AES-128 Comms: optional CMAC 2011 NTAG 20x Auth: 32-bit plain pwd 2013 NTAG 21x Auth: 32-bit plain pwd 2022 NTAG 22x DNA Auth: 32-bit pwd / AES-128 Secure Unique NDEF w/ CMAC Ubiquitous in transport, hospitality, events, anti-counterfeiting,... 6

7. MIFARE ULTRALIGHT C 7

8. ULC: 3-PASS MUTUAL AUTHENTICATION AUTHENTICATE Generate RndB Encrypt 8 READER

   CARD

9. ULC: 3-PASS MUTUAL AUTHENTICATION AUTHENTICATE e k (RndB) Generate RndB

   Encrypt Generate RndA Decrypt, rotate RndB Encrypt 9 READER CARD

10. ULC: 3-PASS MUTUAL AUTHENTICATION AUTHENTICATE e k (RndB) e k

    (RndA || RndB') Generate RndB Encrypt Generate RndA Decrypt, rotate RndB Encrypt Rotate RndB Decrypt, verify RndB', rotate RndA Encrypt 10 READER CARD

11. ULC: 3-PASS MUTUAL AUTHENTICATION READER CARD AUTHENTICATE e k (RndB)

    e k (RndA || RndB') e k (RndA') Generate RndB Encrypt Generate RndA Decrypt, rotate RndB Encrypt Rotate RndB Decrypt, verify RndB', rotate RndA Encrypt Rotate RndA Decrypt, verify RndA' 11

12. ULC: 3-PASS MUTUAL AUTHENTICATION AUTHENTICATE e k (RndB) e k

    (RndA || RndB') e k (RndA') PLAINTEXT No integrity, no confidentiality Generate RndB Encrypt Generate RndA Decrypt, rotate RndB Encrypt Rotate RndB Decrypt, verify RndB', rotate RndA Encrypt Rotate RndA Decrypt, verify RndA' 12 READER CARD

13. CARD RELAY ATTACK: UNLOCKING THE CARD e k (RndB) AUTHENTICATE

    13 RELAY B READER RELAY A

14. CARD RELAY ATTACK: UNLOCKING THE CARD e k (RndB) AUTHENTICATE

    14 RELAY B READER e k (RndA || RndB') e k (RndB) AUTHENTICATE RELAY A

15. CARD RELAY ATTACK: UNLOCKING THE CARD e k (RndB) AUTHENTICATED

    AUTHENTICATE 15 e k (RndA') RELAY B READER timeout e k (RndA || RndB') e k (RndB) AUTHENTICATE RELAY A

16. CARD RELAY ATTACK: UNLOCKING THE CARD e k (RndB) AUTHENTICATED

    AUTHENTICATE UNLOCKED UNLOCK ACK e k (RndA') 16 Proof-of-Concept: Two Flipper Zero devices over 433 MHz Sub-GHz link 🍿 https://youtu.be/ZXG-vxopeeE READER timeout e k (RndA || RndB') e k (RndB) AUTHENTICATE RELAY A RELAY B 🍿

17. RELAY ATTACK: UNLOCKING THE CARD e k (RndB) READER timeout

    Card can wait indefinitely AUTHENTICATE e k (RndA || RndB') e k (RndB) AUTHENTICATE UNLOCKED AUTHENTICATED UNLOCK ACK e k (RndA') CARD RELAY A 17 Proof-of-Concept: Two Proxmark3 RELAY B

18. READER RELAY A ASSESSING KEY DIVERSIFICATION AUTHENTICATED? CARD RELAY B

    18 Proof-of-Concept: Two Flipper Zero devices over 433 MHz Sub-GHz link I'm XYZ I'm ABC

19. MIFARE ULTRALIGHT C: KEYSPACE 2112 19 5,192,296,858,534,827,628,530,496,329,220,096 possible keys =

20. No KDF? → PARTIAL KEY OVERWRITE ATTACK 2112 228 effective

    keyspace left per card Page 44 UNKNOWN Page 45 ZEROED Page 46 ZEROED Page 47 ZEROED Card 1: 20

21. No KDF? → PARTIAL KEY OVERWRITE ATTACK 2112 228 effective

    keyspace left per card Page 44 UNKNOWN Page 45 ZEROED Page 46 ZEROED Page 47 ZEROED Card 1: Page 45 UNKNOWN Page 46 ZEROED Page 47 ZEROED Card 2: Page 46 UNKNOWN Page 45 ZEROED Page 47 ZEROED Card 3: Page 47 UNKNOWN Page 45 ZEROED Page 46 ZEROED Card 4: Page 44 ZEROED Page 44 ZEROED Page 44 ZEROED 21

22. ONLINE BRUTE-FORCE OPTIMIZATIONS READER AUTHENTICATE e k (RndB) 00..00 ||

    e k (RndB') e k (RndA') OR NAK Generate RndA Decrypt, rotate RndB Encrypt RndA||RndB' → Encrypt only RndB' Rotate RndA Decrypt, verify RndA' → Length > 1? READ block 0 CARD anticollision WAKEUP 22 100+ keys/sec ≈25 days with 4 readers

23. GOING HYBRID & OFFLINE OPTIMIZATIONS precompute e k (RndA ||

    RndB') READER e k (RndB) collect a pair offline brute-force d k' (... || …) = 6 DES ops d k' (...) = 3 DES ops 2 2 23 ≈55% cost reduction 2 cards: ≈21 days + $120 & 6h of GPU Page 44 Recovered from Card 1 Page 46 Recovered if 3rd card… Page 47 ZEROED 2/3 Cards: Page 45 Recovered from Card 2 Key 1 Key 2

24. REMEMBER EEPROM TEARING? 24 EEPROM WRITE 1. Erase all bits

    2. Write 1's

25. REMEMBER EEPROM TEARING? 25 EEPROM WRITE 1. Erase all bits

    2. Write 1's

26. FURTHER KEYSPACE REDUCTION BY TEARING 26 TEARING REMAINING PAGE UP

    TO HW ≤ 3 → only 3683 candidates! Page 44 ALMOST ERASED Page 45 ZEROED Page 46 ZEROED Page 47 ZEROED FAST BUT 2-3 "ONE-BITS" PER CARD → need about 56 cards for an average HW key ≈1 hour with 1 reader and ≈56 cards

27. NON-GENUINE "ULC" CARDS 27

28. NON-GENUINE "ULC" CARDS Hotel cards with weird behaviors 28

29. NON-GENUINE "ULC" CARDS Hotel cards with weird behaviors 29

30. NON-GENUINE "ULC" CARDS Hotel cards with weird behaviors Giantec GT23SC4489

    Get their ULC-compatible samples Compare 30

31. NON-GENUINE "ULC" CARDS 🤔 Hotel cards with weird behaviors 31

32. NON-GENUINE "ULC" CARDS USCUID-UL Analyze known ULC-compatible magic cards 🤔

    Hotel cards with weird behaviors 32

33. NON-GENUINE "ULC" CARDS Search ISO14443-A Part 3 with "3DES" Get

    Feiju samples Confirm ULC-compatible with weird behaviors 33

34. NON-GENUINE "ULC" CARDS Search ISO14443-A Part 3 with "3DES" Feiju

    FJ8010 Get Feiju samples Confirm ULC-compatible with weird behaviors 34

35. 3 NON-GENUINE ICs: ALL PREDICTABLE PRNGs 64-BIT NONCES GENERATIONS 16-bit

    linear-feedback shift registers → only 216 - 1 possible values (vs 264) 35

36. 3 NON-GENUINE ICs: ALL PREDICTABLE PRNGs 64-BIT NONCES GENERATIONS 36

    16-bit linear-feedback shift registers → only 216 - 1 possible values (vs 264) Values depend on timing → 99.99% collision chance with just 40-100 nonces ( < 1 second)

37. UNLOCKING NON-GENUINE ICs: NO RELAY NEEDED CARD READER MODE Get

    most frequent nonce 37

38. UNLOCKING NON-GENUINE ICs: NO RELAY NEEDED CARD READER READER MODE

    Get most frequent nonce EMULATOR MODE Replay nonce Get reader response 38

39. UNLOCKING NON-GENUINE ICs: NO RELAY NEEDED CARD READER READER MODE

    Get most frequent nonce EMULATOR MODE Replay nonce Get reader response Auth with most frequent nonce AUTHENTICATED UNLOCKED UNLOCK CARD READER MODE 39 🍿 Proof-of-Concept: a Flipper Zero device and a Feiju FJ8010 🍿 https://youtu.be/Qc-m9IYFof0

40. SINGLE-CARD FULL KEY RECOVERY 1 2 3 Offline brute-force using

    LFSR validation Unlock PKO Works even if KDF is used 40

41. SINGLE-CARD FULL KEY RECOVERY 1 2 3 Offline brute-force using

    LFSR validation Unlock PKO Works even if KDF is used CONNOR MILLIGAN: Hey, let's go GPU! → now 5 seconds to - test if card is vulnerable - perform PKO - brute-force (CUDA) - write back the key 🍿 41 Proof-of-Concept: a Proxmark3 RDV4 and a Feiju FJ8010 🍿 https://asciinema.org/a/1tYCGTewRe93SLf4

42. NON-GENUINE CARDS: A HIDDEN THREAT Cards based on Giantec GT23SC4489

    29% of sampled hotel cards 16-bit LFSR, fix seed no mitigation possible Cards based on USCUID-UL ICs 5% of sampled hotel cards 16-bit LFSR, fix seed no mitigation observed Cards based on Feiju FJ8010 1% of sampled hotel cards 16-bit LFSR, fix seed 35% of 74 sampled hospitality cards used non-genuine "ULC-compatible" ICs. All enable full key recovery from a single card in 5 seconds. 42

43. 43 Page 44 UNKNOWN KDF + NXP IC? “MANY 1-CARD”

    ATTACK Page 45 UNKNOWN Page 46 UNKNOWN Page 47 UNKNOWN Card n: Reader n

44. Page 44 UNKNOWN Card n: Page 45 UNKNOWN Page 46

    ZEROED Page 47 ZEROED Page 45 UNKNOWN Page 46 UNKNOWN Page 47 UNKNOWN Reader n Card n KNOWN Page 44 KDF + NXP IC? “MANY 1-CARD” ATTACK

45. 45 Page 44 UNKNOWN Page 45 UNKNOWN Page 46 ZEROED

    Page 47 ZEROED Page 46 UNKNOWN KNOWN Page 45 UNKNOWN Page 46 UNKNOWN Page 47 UNKNOWN GPU (Offline) Page 46 UNKNOWN Page 44 KNOWN Page 44 KNOWN Page 44 Card n: Reader n KDF + NXP IC? “MANY 1-CARD” ATTACK Card n

46. MIFARE ULTRALIGHT AES 46

47. MIFARE ULTRALIGHT AES CHARACTERISTICS ULTRALIGHT C (3DES) ULTRALIGHT AES Keys

    112-bit auth key 128-bit DataProtKey + UIDRetrKey Lock permanently pages Optional Optional Session integrity No Optional Failed auth counter No Optional Per key memory layout Four 28-bit pages Four 32-bit pages 47

48. MIFARE ULTRALIGHT AES: KEYSPACE 48 2128 340,282,366,920,938,463,463,374,607,431,768,211,456 possible keys =

49. MIFARE ULTRALIGHT AES: PKO ATTACK 49 2128 232 effective keyspace

    left per card ≈ 18x slower than ULC

50. MIFARE ULTRALIGHT AES: PKO ATTACK 50 2128 232 effective keyspace

    left per card ≈ 18x slower than ULC Page ZEROED → Tearing? Page ERASED ≠ ?!

51. MIFARE ULTRALIGHT AES: PKO ATTACK 51 2128 232 effective keyspace

    left per card ≈ 18x slower than ULC Page ZEROED → Tearing? Page ERASED ≠ ?! RECOVER "KEY" OF ERASED PAGES Page 48 ZEROED SLIGHTLY ERASED Page 49 ZEROED Page 50 ZEROED Page 51 ZEROED Erase slightly a null key → Find bitflips → Erase more → Find more bitflips → …

52. MIFARE ULTRALIGHT AES: PKO ATTACK 52 2128 232 effective keyspace

    left per card ≈ 18x slower than ULC Page ZEROED → Tearing? Page ERASED ≠ ?! RECOVER "KEY" OF ERASED PAGES Page 48 ZEROED SLIGHTLY ERASED Page 49 ZEROED Page 50 ZEROED Page 51 ZEROED Erase slightly a null key → Find bitflips → Erase more → Find more bitflips → … Page 48 32-bit MASK 1/4 Page 49 32-bit MASK 2/4 Page 50 32-bit MASK 3/4 Page 51 32-bit MASK 4/4

53. MIFARE ULTRALIGHT AES: WITH TEARING 53 MASKED KEYS EEPROM content

    = AES-128 key ⊕ 128-bit mask Key erased → EEPROM content = 0 = mask ⊕ mask → key = mask

54. MIFARE ULTRALIGHT AES: WITH TEARING 54 MASKED KEYS EEPROM content

    = AES-128 key ⊕ 128-bit mask Key erased → EEPROM content = 0 = mask ⊕ mask → key = mask Key = 0 → EEPROM content = 0 ⊕ mask = mask

55. MIFARE ULTRALIGHT AES: WITH TEARING 55 MASKED KEYS EEPROM content

    = AES-128 key ⊕ 128-bit mask Key erased → EEPROM content = 0 = mask ⊕ mask → key = mask Key = 0 → EEPROM content = 0 ⊕ mask = mask recovered mask is unique per card, but we erased the original key…

56. MIFARE ULTRALIGHT AES: WITH TEARING 56 MASKED KEYS EEPROM content

    = AES-128 key ⊕ 128-bit mask Key erased → EEPROM content = 0 = mask ⊕ mask → key = mask Key = 0 → EEPROM content = 0 ⊕ mask = mask recovered mask is unique per card, but we erased the original key… UIDRetrKey mask ≡ DataRetrKey mask

57. MIFARE ULTRALIGHT AES: WITH TEARING 57 MASKED KEYS EEPROM content

    = AES-128 key ⊕ 128-bit mask Key erased → EEPROM content = 0 = mask ⊕ mask → key = mask Key = 0 → EEPROM content = 0 ⊕ mask = mask recovered mask is unique per card, but we erased the original key… RECOVER DataProtKey BITS Sacrifice UIDRetrKey → get card mask PKO with tearing on DataProtKey → recover a few bits UIDRetrKey mask ≡ DataRetrKey mask 1 2

58. TEARING: A FEW MORE TRICKS • Repeat bruteforce to reveal

    weak bits • "Revive" bits via distance and temperature • Late-erasing bit characterization 12.625 bits per page, incl. 0.875 errors 58 REVEALING MORE BITS FULL AES-128 KEY RECOVERY ≈2 hours with 1 reader and ≈20 cards

59. UNLOCKING ULC/ULAES WITHOUT RELAY Proxmark3 Standalone Mode HF_DOEGOX_AUTH0 AUTHENTICATE sniffer

    AUTHENTICATED READER CARD 59

60. UNLOCKING ULC/ULAES WITHOUT RELAY Proxmark3 Standalone Mode HF_DOEGOX_AUTH0 AUTHENTICATE sniffer

    reader AUTHENTICATED READER CARD 60

61. UNLOCKING ULC/ULAES WITHOUT RELAY Proxmark3 Standalone Mode HF_DOEGOX_AUTH0 AUTHENTICATE sniffer

    reader AUTHENTICATED UNLOCK ACK UNLOCKED READER CARD 61 🍿 Proof-of-Concept: a Proxmark3 RDV4 and an Ultralight C 🍿 https://youtu.be/VttbLykcyFQ

62. NTAG 223 DNA NTAG 224 DNA 62

63. NTAG 223/224 DNA: SUNCMAC KEY RECOVERY NFC Forum Tag Type

    2 supporting Secure Unique NDEF with CMAC https://example.com/tag=04AA2BD2335780x000001xB188AC6F69140B92 63 UID counter CMAC unauthenticated oracle

64. NTAG 223/224 DNA: SUNCMAC KEY RECOVERY NFC Forum Tag Type

    2 supporting Secure Unique NDEF with CMAC https://example.com/tag=04AA2BD2335780x000001xB188AC6F69140B92 64 UID counter CMAC unauthenticated oracle unlock if needed PKO + offline brute-force of 4*2³² ≈2.5 h even if diversified keys SINGLE-TAG FULL KEY RECOVERY

65. NTAG 223/224 DNA: KEY RECOVERY WITH TEARING WITH TEARING Keys

    masked in EEPROM NTAG 223 DNA: only one key 65

66. NTAG 223/224 DNA: KEY RECOVERY WITH TEARING WITH TEARING Keys

    masked in EEPROM NTAG 223 DNA: only one key Collect CMACs online - Tear progressively from UUUU to MMMM - Write own key key = ZZZZ - Tear progressively from ZZZZ to MMMM 66

67. NTAG 223/224 DNA: KEY RECOVERY WITH TEARING WITH TEARING Keys

    masked in EEPROM NTAG 223 DNA: only one key Collect CMACs online - Tear progressively from UUUU to MMMM - Write own key key = ZZZZ - Tear progressively from ZZZZ to MMMM Crack CMACs offline - Recover progressively the mask from ZZZZ to MMMM - Recover the unknown key from MMMM to UUUU 67

68. NTAG 223/224 DNA: KEY RECOVERY WITH TEARING WITH TEARING Keys

    masked in EEPROM NTAG 223 DNA: only one key Collect CMACs online - Tear progressively from UUUU to MMMM - Write own key key=ZZZZ - Tear progressively from ZZZZ to MMMM Crack CMACs offline - Recover progressively the mask from ZZZZ to MMMM - Recover the unknown key from MMMM to UUUU 68 ≈38 seconds SINGLE-TAG FULL KEY RECOVERY 🍿 Proof-of-Concept: a Proxmark3 RDV4 and a NTAG 223 DNA 🍿 https://asciinema.org/a/W1AvmnTq9Wb4YzLq

69. FINAL WORDS 69

70. PRACTICAL ATTACK TIMELINES ULC 4-card online (4 readers) 25 days

    ULC 2-card hybrid (+ GPU) 21 days + $122 ULC with tearing (~56 card) 1 hour UL AES (20 cards + heat) 2 hours NTAG SUNCMAC (1 tag + tearing) 38 seconds Non-genuine ULC (single card) 5 seconds 70

71. MITIGATIONS & RECOMMENDATIONS Permanently lock key pages no key overwrite

    = no PKO attack Prevent brute-force enable AUTH_LIMIT authentication attempt counter on UL AES / NTAG 224 Derive unique per-card keys use UID + site key via secure KDF (AN10922) Enable post-auth message integrity activate SEC_MSG_ACT on UL AES Detect non-NXP ICs use our non-auth fingerprinting techniques Migrate to DESFire EV3 get encrypted sessions by default 71

72. RESOURCES & RELEASED TOOLS Paper: https://eprint.iacr.org/2026/100.pdf • by Nathan Nye,

    Philippe Teuwen, Tiernan Messmer, Steven Mauch, Struan Clark, Zinong Li, Zachary Weiss, Lucifer Voeltner FAQ: https://breakmeifyoucan.com Tools merged in • Proxmark3 • Flipper Zero • Chameleon Ultra 72

73. THANK YOU We thank everyone who contributed to or supported

    this research. • Zero Club — Research ◦ NVX, AG, Strudel, Torron, Zach, eltrick ◦ Aaronjamt, legendofandor, haw8411, and everyone else • MishaMyte — Initial testing, first real-world static key recovery • Connor, chick3nman — GPU 3DES bruteforce implementations • HenryGab — Peer review • Iceman — PM3 firmware release, community leadership 73 QUESTIONS?