hitag 3
you guys are right.
the hitag 1 / 2 chips use a three pass mutual authentication.
but phillips will not publish the algorithm.
the protocol-datasheet states the following:
- onto the tag there are "logdata" and "password" (both 32 bit values) present in an secured area. the reader also knows this two values
- the logdata is a static key, used for the stream-cipher encryption
the encrypted session is established in the following way:
1.) tag generates a random number [A] and sends it to the reader
2.) reader generates a random number
the value [A], which the reader got from the tag is encrypted together with
the encryption is done with the "logdata", it is the encryption key
reader transmits these two encrypted values back to the tag
3.) tag decrypts [A] and and compares if received [A] matches the original [A]
which it generated in step 1. if there is a match, the tag knows, that the reader
uses an legitimate key --> session established
4.) tag encrypts and sends it to the reader --> reader compares this with the
original -> if the values matches, reader knows, the tag is an legitimate
transponder
the connection is now encrypted.
the reader has to supply the correct "password" now, to read the secured
pages. due to the usage of random values while handshake, an reply attack is impossible.
the exact algorithm is not known.
i suggest with some reverse engineering it may be possible to find it out.
it even may be breakable, because the chip hardware cannot do very complex things (power considerations and so on, you know)
ok. thats what i know about it.
that stuff with [A] and may not be fully correct, but its the general scheme.
i have to do some measurements to get more information.
if there is any information about the encryption, please post it.
i build a reader with an atmel avr device.
encryption could be implemented easily.
thank you.