The Mifare Classic cards was created by a company called NXP Semiconductors (old Philips Electronics).
The card utilize the standard ISO 14443 Type A protocol for communication on frequency 13.56 MHz (High Frequency)
The cryptography utilized in the Mifare Classic cards (CRYPTO1) was decided to be maintained in secrecy by NXP Semiconductors. (security by obscurity)
More than 3,5 billions cards was produced over the years and more than 200 millions still in use on systems today.
Keys with only 48 bit of length (Brute-force feasible –
with FPGA aprox. 10h to recover one key)
• The LFSR (Linear Feedback Shift Register) used by
RNG is predictable (constant initial condition).
– Each random number only depends of the quantity of
clock cycles between: the time when the reader was
turned up and the time when the random number is
requested.
• Since an attacker controls the time of protocol, he is able
to control the generated random numbers and that way
recover the keys from communication.
In 2008 a research group from Radboud University published the full CRYPTO-1 cipher by analyzing the communication between tag and reader
So, don't use MiFare Classic cards system anymore, upgrade to MiFare Plus now.
Contact us for more information.