The MIFARE Classic is the most widely used contactless smart card chip in the world. Its
communication is based on the open ISO-14443-A standard, but the entire authentication and
encryption protocols are proprietary. Several academic researchers have cracked the encryption, and
even proposed attacks to recover the secret keys. However, none of their attacks have been released
so far. In this project, we analyse their attack descr iptions and implement three attacks on the
MIFARE Classic chip. The most critical attack recovers ANY secret key requiring wireless access
to just the card only in less than five minutes on inexpensive commercial off-the-shelf hardware
and without any pre-computation. Using our attacks, we expose the vulnerabilities of the Imperial
College’s access control system and show our ability to masquerade as any valid Imperial College
personnel. Most importantly, we crack the internal structure of the Oyster card and locate the
exact data bytes that represent the current credit and past transaction records. The impact of
our findings are so severe that London’s transport operators stand to lose millions of pounds if our
findings were made public.