Chameleon Mini: Mifare Cracking via the Reader Attack
by Lab401 Lee August 27, 2017
LAB401 ACADEMY: Mifare Cracking: Reader Attack with Chameleon Mini RevE Rebooted
INTRODUCTION:
Lab401's Chameleon Tiny is a compact, highly capable tool typically used for 13.56MHz emulation (Mifare, Ultralight, etc).
When a reader begins communication with a Mifare Tag, it will send a series of keys to attempt card decryption. The first of these keys can be sniffed by the Chameleon Mini and easily decoded.
Armed with this key, we are able to use LibNFC's mfoc tool with the DL-533N, or the Proxmark 3 to perform a nested / hardnested attack to successfully crack all keys and dump the card.
This attack is especially useful when we have:
A new generation MIFARE tag that resists classic attacks
Access to the card's reader
Check out the step by step video below.
Interested in getting started with these tools? We've made the Pentester Pack that contains all the tools from this tutorial - and some extra Magic Mifare cards.
Buying in a pack gives a massive saving of 66 Euros - check out the pack here.
How to deauthenticate some Wi-Fi-connected cameras using the flipper ESP32-S2 developers board, how to sniff for deauthentication frames and how you can protect yourself against deauthentication attacks.
The latest iCopy-X firmware updates finally unleash the device as a complete standalone solution for pentesters and security professionals by adding two new killer features: Writing previously saved / uploaded dumps, and running custom LUA scripts directly from the menu.