04.09.2023
48 min
1888
The discovery of a backdoor in Shanghai Fudan Microelectronics’ FM11RF08S smart cards has sent a serious message to the security industry. Despite assurances of reliability, these cards turned out to be vulnerable due to a hidden mechanism that allows access to protected data. We analyze how the CRYPTO-1 protocol works, why an independent audit of security systems is important, and how to avoid similar risks in the future. Learn more about how embedded backdoors can threaten your data.
Smart cards have long been an integral part of modern access systems. It seems that just holding the card to the reader and the office door will automatically open. But what if such a card can be hacked by anyone with minimal technical skills?
In 2020, Shanghai Fudan Microelectronics presented a new model of smart cards FM11RF08S, claiming that it is resistant to all known hacking methods. However, a group of security experts discovered a critical vulnerability: a built-in backdoor that allows you to gain full access to the information stored on the card.
This incident became a vivid example of how dangerous the lack of independent auditing in the development of security systems can be. The disclosure of the backdoor demonstrated that relying only on manufacturers’ statements is a risky path.
MIFARE Classic is one of the most widely used contactless card standards. Despite its popularity, the security of this standard remains in question. Over the years, hackers have repeatedly demonstrated its vulnerability, turning hacking MIFARE Classic into a kind of competition.
Manufacturers have chosen the path of least resistance. Instead of completely revising the architecture, they release temporary solutions in the form of updates, trying to ensure compatibility with outdated equipment. This approach creates security risks that accumulate over decades of use of outdated technologies.
This situation emphasizes the importance of thoroughly testing each element of the security system, especially when it comes to mass-market devices.
In 2020, Shanghai Fudan Microelectronics released a new model of smart card based on the MIFARE Classic standard. The manufacturer declared it invulnerable to all known hacking methods. Marketing claims emphasized “improved security,” “elimination of vulnerabilities,” and “innovative security features.” However, the technical documentation contained only a general mention of “enhanced cryptographic protocol,” without specific details.
The hacker community was skeptical of these claims, preparing to quickly solve a new problem. But unexpectedly, the cards remained inaccessible even after several years. It seemed that the developers had really eliminated all vulnerabilities.
Then a research team led by Philippe Theven decided to investigate the new system in more depth. Their work led to stunning discoveries that later changed the perception of the security of these cards.
To understand the vulnerability of the new system, it is important to understand the basic principles of the CRYPTO-1 protocol, which is used to authenticate MIFARE Classic cards:
The user presents the card to the reader.
The reader sends an authorization command, specifying the target memory block and the key to access (for example, KeyA).
The card responds with a generated four-byte pseudo-random number (Nonce).
The reader combines the Nonce with the previously known key KeyA, using the CRYPTO-1 cipher.
The card performs the same calculations in parallel. If the results match, the authentication is successful.
All subsequent communication is encrypted, and access to new memory blocks requires re-authentication.
The nested authentication process plays a key role in Theven’s team’s discovery. How exactly, will become clear after analyzing the backdoor found. This story not only demonstrates the technical prowess of the researchers, but also emphasizes the need to critically approach manufacturers’ claims about the security of their products.
A team of researchers led by Philippe Theven began analyzing the differences between the implementation of the CRYPTO-1 algorithm in the new card model and the original MIFARE Classic version.
The new cards used constant Nonce values during nested authentication — numbers that should normally be random turned out to be fixed. While in classic MIFARE Classic cards, these values were generated dynamically using a Linear Feedback Shift Register (LFSR).
Experienced hackers knew that if you hold the card near the reader for a long time and run the authentication process repeatedly, the generated Nonces begin to repeat themselves, becoming predictable.
The peculiarity of the Nonce values in MIFARE Classic allowed the implementation of so-called Nested attacks.
The developers of the FM11RF08S cards chose a different approach. During the first authentication, the card worked according to the standard algorithm. However, during nested authentication, an interesting feature arose: for each memory block, the card issued the same Nonce value. Further analysis showed that these values are formed depending on three parameters: the sector number, the card’s unique identifier (UID) and the access key value. As a result, each FM11RF08S card had its own set of constant Nonces, which were tied to specific combinations of sectors and keys.
At first glance, the implemented approach looked promising. The classic Nested attack no longer worked, since the attacker could no longer predict the Nonce value, regardless of the duration of the card observations. But, as often happens in security issues, by closing one vulnerability, the developers inadvertently created a new one.
The problem arose when using the same access key for authentication in two different memory blocks. With nested authentication, the card issued different Nonces for these blocks, but encrypted both with the same key. This allowed attackers to collect pairs of encrypted Nonces and recover the original key without the need for brute force. The researchers called this method a Reused Keys Nested Attack.
For example, if a card uses an unknown key KeyX in several memory blocks, the algorithm for selecting it looks like this:
Initial authentication is performed using a known key, which allows an encrypted connection to be established with the card.
Nested authentication is performed in the blocks where KeyX is used, while simultaneously saving each encrypted Nonce issued by the card.
Next, an “offline” search of possible key values is performed: for each Nonce, the computer generates hundreds of theoretically possible keys that could encrypt it.
The resulting sets of potential keys are compared for different Nonces, and the key that is present in all sets is determined — this is the desired KeyX.
The main advantage of this attack is its speed, as the entire key selection process is performed on the computer without the need to access the card again. However, the method requires two important conditions: the presence of at least one valid access key and the use of identical keys in different sectors of the card’s memory.
Although this method allows access only to duplicate keys and does not guarantee a complete crack, it was a significant discovery in the research of Philippe Théven’s team. And the most interesting research was yet to come.
The researchers used phasing – they sent non-standard commands and garbled byte sequences to the card, observing the card’s reaction.
According to the protocol, the card should be selective in its response. During the authentication phase, it was supposed to respond to only three commands: authentication with keyA (code 60**), authentication with keyB (code 61**), and the HLTA stop command (code 5000). However, Philippe Théven’s team discovered a violation of the protocol: the card sent a Nonce in response to any command in the 6*00 series, from code 6000 to 6f00, regardless of the memory block.
Interested in the unusual behavior of the card, the researchers conducted a more detailed analysis. They used a card with known keys, configured different values of keyA and keyB, and systematically tested all possible variants of the 6*00 series commands. The results were divided into four groups depending on the card’s reaction:
Group 1: 6000, 6200, 6800, 6a00 → Nonce: 4e506c9c (authentication successful).
Group 2: 6100, 6300, 6900, 6b00 → Nonce: 7bfc7a5b (authentication successful).
Group 3: 6400, 6600, 6c00, 6e00 → Nonce: 65aaa443 (authentication failed).
Group 4: 6500, 6700, 6d00, 6f00 → Nonce: 55062952 (authentication failed).
When the researchers changed keyA, the Nonces for groups 1 and 3 changed. When keyA and keyB were set to the same values, the number of Nonces decreased from four to two: one Nonce for groups 1 and 2 (successful authentication) and another for groups 3 and 4 (unsuccessful authentication). For the last two groups, the card seemed to expect another key, keyC.
This anomaly suggested to the researchers that this behavior could be used to select a key. Understanding the dependencies between commands and Nonces helped to understand the card’s mechanisms better and opened up opportunities for more sophisticated attacks.
And then the researchers realized: “What if the mysterious keyC is used in all blocks of the map?” And if that’s true, then… Bingo! This key can be subjected to the well-known key reuse attack. The algorithm turned out to be surprisingly simple:
Perform initial authentication using keyA.
Perform multiple nested authentications using anomalous commands in other memory blocks and store the resulting Nonces.
Compute all possible key values for each collected Nonce.
Match the resulting sets of keys and determine the one that is common to all of them.
Using a Python script, the researchers were able to find the key in less than two minutes. And here it is, keyC, which turned out to be a universal master key. Its capabilities allowed authentication without taking into account the values of keyA or keyB. Moreover, it allowed reading any data blocks, even those to which access was prohibited by standard keys.
The real shock came when this key was tested on other FM11RF08S cards. KeyC worked on all copies regardless of the batch or date of manufacture.
This was not a bug or a random error. This was a full-fledged backdoor — a deliberately built-in mechanism that provides privileged access to the card, bypassing standard protections. The existence of such a key was a serious blow to the security of FM11RF08S and all systems that used these cards. However, this discovery was only the beginning of a large-scale exposure.
The discovered backdoor allowed access to the service memory sections where the keys keyA and keyB were stored, but their values were masked. For most hackers, this would be the ultimate goal — a critical vulnerability found, time to write a report. However, Philippe Theven’s team decided to go further.
Their new goal was to restore the values of the keys keyA and keyB, which would open up the possibility of unhindered cloning or emulation of any FM11RF08S card. To do this, they created the following algorithm:
Authentication with keyC. They authenticated themselves to the card block using the master keyC. The card sent the Nonce in plaintext, which the researchers stored.
Encrypting the Nonce. The reader encrypted the Nonce with keyC and returned it to the card. The card verified the value, and an encrypted channel was established between the devices.
Nested authentication with keyA. In the same sector, a nested authentication with keyA was initiated. The card sent the same static Nonce, but now encrypted with keyA.
The key point was the XOR operation that the team applied between the plain Nonce and its encrypted version. This allowed them to calculate the key stream. Next, using a modified version of the static nested attack, the researchers recovered the value of keyA. The process required going through several tens of thousands of possible keys, which took only 3-4 minutes on a modern computer.
The team significantly accelerated this process by using statistical methods and improved analysis techniques:
32 random keys? 17 minutes.
16 keys with keyA = keyB? Half an hour at most.
24 keys, where 8 are repeated? 40 seconds.
In the end, the backdoor didn’t just open a breach in the security, it completely destroyed it. The manufacturer turned the card into a symbolic house of cards: a bank vault where each cell has a unique code, but behind the wall is a button that opens all the cells at once.
Possession of the master keyC allowed the attacker not only to access the data, but also to create complete copies of the cards. This turned any security system that used the FM11RF08S into a game of chance, where the attackers always had a winning combination.
The story of FM11RF08S will probably go down in textbooks as a classic example of how not to do security systems. The discovered backdoor turned the “most secure implementation of MIFARE Classic” into a sieve, putting millions of devices around the world at risk. Including at important facilities: airports, power plants and industrial enterprises.
How to eliminate the risk? Unfortunately, there is only one solution, and it is like extracting a bad tooth – completely abandoning the use of compromised cards. And their number… well, let’s just say that the bill runs into the millions.
Shortly after the first FM11RF08S hack, an identical backdoor with the same master key was found in older Shanghai Fudan Microelectronics cards (FM11RF08 and FM11RF32), as well as in products from other manufacturers — NXP Semiconductors before 2009 and Infineon before 20.
This suggests that the backdoor was deliberately implemented from production many years ago. Maybe to simplify debugging? Were there any agreements with government agencies? Or… we can only guess. But the fact remains: security systems around the world have been using cards with built-in vulnerabilities for years.
This story provides three important lessons. First: reputation does not guarantee security. Second: the principle of “security through obscurity” in cryptography is untenable. Securing algorithms only creates the illusion of protection — the only reliable solution is to use open algorithms tested by the expert community. Third: Trust, but verify. Independent auditing and penetration testing are not unnecessary expenses, but a vital necessity.
The FM11RF08S incident will likely go down in the textbooks as an example of how not to design security systems. The backdoor discovery turned the “most secure implementation of MIFARE Classic” into a vulnerable tool, putting millions of devices worldwide at risk. It’s especially troubling that these cards were used in critical infrastructure such as airports, power plants, and industrial facilities.
Unfortunately, there’s only one solution: to completely abandon the compromised cards. It’s a painful but necessary step, like pulling a bad tooth. The problem is that there are millions of such cards.
The discovery of the backdoor in FM11RF08S was the beginning of a massive exposure. Soon, the same backdoor with the same master key was found in older models of Shanghai Fudan Microelectronics (FM11RF08 and FM11RF32), as well as in cards from other manufacturers: NXP Semiconductors (before 2009) and Infineon (before 2010).
This raises reasonable suspicions that the backdoor was deliberately introduced at the production stage. Was it done to simplify maintenance? Perhaps it is a consequence of agreements with government agencies? The exact reason is unknown, but the fact remains: security systems have relied on technologies with built-in vulnerabilities for years.
This story highlights three important principles to follow in the field of security:
Reputation does not equal security. Well-known brands or time-tested solutions do not guarantee protection against errors or hidden risks.
“Security through obscurity” is a myth. In cryptography, hiding algorithms does not create reliable protection. True security is provided by open algorithms that are tested and recognized by the expert community.
Trust, but verify. Independent auditing and penetration testing are not a luxury, but a necessity that helps to identify weaknesses before attackers exploit them.
The FM11RF08S story has become a bitter but important lesson for the security industry, showing how critical it is to design systems with transparent algorithms and subject them to thorough testing.
