Wirelessly lockpicking a smart card reader

Flavio D. Garcia*, Gerhard de Koning Gans, Roel Verdult

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

2 Citations (Scopus)


With more than 300 million cards sold, HID iClass is one of the most popular contactless smart cards on the market. It is widely used for access control, secure login and payment systems. The card uses 64-bit keys to provide authenticity and integrity. The cipher and key diversification algorithms used in iClass are proprietary, and little information about them is publicly available. In this paper, we have reverse engineered all security mechanisms in the card including cipher, authentication protocol and also key diversification algorithms, which we publish in full detail. Furthermore, we have found six critical weaknesses that we exploit in two attacks, one against iClass Standard and one against iClass Elite (a.k.a., iClass High Security). In order to recover a secret card key, the first attack requires one authentication attempt with a legitimate reader and 222 queries to a card. This attack has a computational complexity of 240 MAC computations. The whole attack can be executed within a day on ordinary hardware. Remarkably, the second attack which is against iClass Elite is significantly faster. It directly recovers the system-wide master key from only 15 authentication attempts with a legitimate reader. The computational complexity of this attack is lower than 225 MAC computations, which means that it can be fully executed within 5 seconds on an ordinary laptop.

Original languageEnglish
Pages (from-to)403-420
Number of pages18
JournalInternational Journal of Information Security
Issue number5
Publication statusPublished - 1 Oct 2014


  • Embedded security
  • Practical cryptanalysis
  • Reverse engineering
  • RFID

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software
  • Information Systems
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'Wirelessly lockpicking a smart card reader'. Together they form a unique fingerprint.

Cite this