mfoc
Crack MIFARE Classic RFID card keys
SYNOPSIS
mfoc [-h] [-v] [-o
PARAMETERS
-h
Show help message and exit.
-v
Verbose output (debugging).
-o
Output key file (default: keys.txt).
-k
Read known keys from
-P
Use PRNG from
-x
Set delay in us between commands.
-O
Only recover A keys.
-f
Force cracking of already known keys.
-i
Interface selection; use number from output of nfc-list.
-m
Read Mifare Dump
-q
Quiet mode, don't print status messages to stdout.
DESCRIPTION
mfoc (Mifare Classic Offline Cracker) is a powerful command-line tool used for offline analysis and cracking of MIFARE Classic RFID cards. It works by exploiting weaknesses in the CRYPTO1 encryption algorithm used on these cards. The tool captures data from the card during interaction and then performs intensive calculations to recover the cryptographic keys offline, without repeatedly interacting with the card. This is crucial for ethical considerations and efficiency. Once the keys are recovered, they can be used to read, write, and clone the card.
The utility is a standard tool in security research and penetration testing and is commonly used to evaluate the security of systems relying on MIFARE Classic technology. Understanding how mfoc works is essential for identifying and mitigating potential vulnerabilities. Be aware of legal implications when using this tool!
CAVEATS
MIFARE Classic cards are considered insecure due to the CRYPTO1 vulnerability. Using mfoc on systems without authorization is illegal and unethical.
Performance depends heavily on the card and reader used.
ETHICAL CONSIDERATIONS
Using mfoc to crack MIFARE Classic cards without authorization is illegal and unethical. Only use it on systems you own or have explicit permission to test.
KEY RECOVERY
mfoc works by capturing data and then using various algorithms to derive the cryptographic keys. The effectiveness of the tool depends on the quality and quantity of data captured.
HISTORY
mfoc was developed to address the security flaws in MIFARE Classic cards. Its development and usage have been pivotal in raising awareness about the vulnerabilities of these cards and in encouraging the adoption of more secure RFID technologies.
The tool gained popularity in the security research community and became a standard instrument for pentesting.
SEE ALSO
nfc-list(1), nfc-read(1), nfc-write(1)