Microscope-wielding boffins crack Tube smartcard | The Register

[Peter Tomlinson]

This is (by the current standard of ukcrypto with its avalanche of 
activity) an old story, and I have tried to calm Uncle Roger [1] down. 
No, the information released indicates that Oyster has NOT become 
penetrable, but it might be possible to at least confuse some very 
simple building access control systems - I'm told that the information 
released is actually not quite enogh to directly repeat what they did. 
NXP [2] put out a statement that explained a little but was rapidly 
withdrawn (I have a copy), and NXP have apparently entered into 
discussions with the team that published the results of the investigation.

It may be that The Register has decided to re-publish this now because 
NXP said that the hackers had agreed not to publish any more until at 
least March, but I have not seen or heard anything. What NXP have 
actually done this month is release a preliminary press statement about 
an enhanced product line known as Mifare Plus - but you will learn more 
about that [3] from Googling Mifare Plus than you will from the NXP web 
site.

Mifare's stream cipher uses a long feedback shift register and a poor 
RNG (apparently its deterministic and not random).

Peter

PS Sorry if I seem a little bored by this. Its been a hard day.

[1] Roger Ford, MR Technical Editor.
[2] The spin-off from Philips that now owns the Mifare product line
[3] Including Philips' previous use of that product name for something 
that didn't last long if indeed it happened

Ian Batten wrote:
> There was a hint about this in this month's Modern Railways, and I was 
> going to ask on this august list if anyone had any details.  Looks 
> like these _are_ the details.
>
> ian
>
> http://www.theregister.co.uk/2008/03/12/mifare_classic_smartcard_crack/
>