Reading the challenge nonce of a Mifare Classic 1k tag

Question

For a research project I would like to read the challenge nonce that the Mifare Classic 1k tag returns during the first phase of the authentication process.

In a paper I found the following snippet of communication log between a valid reader and a tag (sniffed with a Proxmark):

In the figure, messages #7 to #10 correspond to authentication. The authentication request of the reader is 60 04 d1 3d (#07). The first byte 60 stands for an authentication request with key A. For authentication with key B, the first byte must be 61. The second byte indicates that the reader wants to authenticate for block 4. Note that block 4 is part of sector 1 and therefore this is an authentication request for sector 1. The last two bytes are CRC bytes.

This challenge nonce should be random due to the LFSR, which generates random numbers, but a known vulnerability is that the same challenge nonce is returned quite frequently (+- 4 times/hour if constantly doing authentication requests) and that the challenge nonce is constant if a request is made just after powering up the card. (not sure yet if powering up refers to just tapping the card to the card reader). I would like to show this vulnerability, on an old public transport card using a 1k tag (which I don't have the keys of), by doing a lot of authentication requests and analyzing the logged challenge nonces.

In my setup I have a 1k tag, an ACR122U reader, a Windows computer with PC/SC and I make use of the javax.smartcardio library to send APDU commands to the card. I am aware of the fact that the Mifare tag itself does not use APDU, but proprietary commands that are generated from the APDUs by the reader.

To my understanding, using APDU, in an authentication command I already have to specify the key number itself. The reader (or actually PS/CS i think?) then handles the authentication process, just as it automatically handles the anti-collision phase. This way, my setup is on a too abstract level and I am not able to retrieve the challenge nonce returned by the card that I am interested in. Is there a way to set up a more low-level communication with the tag, so I can do only the first step of the authentication phase? (Make an authentication request for a sector and receive the challenge nonce of the tag?)

Many thanks in advance!

Answer 1

Normally you will get a lower level API with (MIFARE) readers when you buy the development package from a seller. Of course, you'd largely forgo a standardized API, but that's what you get when using a proprietary protocol at a low level.