Wow, how did we miss this?!? A very interesting article was published at 27C3, concerning the hack of the 13.56MHz iClass RFID system by HID. It’s called HID iClass Demystified, go here to read up. For more gory details, go check out the surprisingly professional research paper Heart of Darkness – Exploring the Uncharted Backwaters of HID iClass Security. Kudos to Milosch Meriac for publishing the work!
For those of you who don’t know and would like the spoiler: He did it. And not only that, he completely owned the entire iClass security system. Like absolutely owned. Like utterly destroyed. And through a software port with no detectable tampering. He goes on to show how a low-cost FTDI dongle can dump the secret keys for the entire realm of iClass Standard Security, which for a no-goodnick means that the thousands of doors protected by it just open freely. Truly scary stuff. It’s very fortunate that this was found by a person honest enough to report it, as Milosch shows that iClass is really no security at all.
Now if this is not mind-blowing enough, let us emphasize that part of Milosch’s hack was to sidestep the code and eeprom protection of the PIC micro. And he did it like it was an afterthought – OK, got protected micro. better dump out the protected code and see if there’s any security holes in this system. WHAT?!?! Amazing, and truly the essence of irony.
Now once you’ve read up on the technique: yes, it’s really elementary. But genius is 1% inspiration and this is a good example.
No Guts, No Glory
Here’s the gist of it. The PIC18F series implements “blocks” of flash. Each is independently code protected, but they ARE NOT PROTECTED from the micro itself reading from other blocks. And in an even greater blunder, the programming logic allows one block at a time to be erased and programmed. Great for flexibility, bad for security.
If you haven’t caught on by now, his method is to use two identical protected chips and insert his own dumper code into a different block on each chip. Although he must sacrificially erase a block to insert his dumper code, by using two chips with different sacrificial blocks he can get a complete copy of all the code – here’s how:
He first erases block 0 and inserts his dumper code at location 0. When the chip starts up, it dumps all remaining blocks out the serial port. Next, he uses the second chip to erase a block other than block 0, then inserts the dumper which will obtain the missing block 0. Brilliant!
In actuality it’s hard to predict where a jump may land, so Milosch erases all blocks on the second chip EXCEPT block 0, and places his dumper at the end of memory. Since blank memory is interpreted by the PIC as a NOP operation, any jump that lands in the blank zone just continues counting up addresses until it reaches the payload. We will illustrate with Milosch’s diagrams from his white paper:
In the first diagram, we can see that only block 0 is erased, and the dumper inserted at 0×0000. In the second, everything is erased EXCEPT block 0, and the dumper is inserted at the top of memory.
Very clever, and very impressive work. It’s worth thinking about when implementing a secure system – where exactly do you draw the lines between trusted and untrusted zone. Hopefully it’s OUTSIDE the sealed and potted enclosure of your secure system. Please take heed of Milosch’s suggestions to HID when designing your own secure system. It might be interesting to try to implement this hack, to see if it’s really as simple as it appears. Maybe we’ll do it, maybe you’ll do it. Either way, let’s post our results for the rest of the community!