Chameleon: A Versatile Emulator for Contactless Smartcards

Timo Kasper, Ingo von Maurich, David Oswald, Chris­tof Paar

13th International Conference on Information Security and Cryptology - ICISC 2010, Seoul, Korea, December 1-3, 2010, volume 6829 of LNCS, pages 189-206, Springer.


We develop a new, custom-built hardware for emulating contactless smartcards compliant to ISO 14443. The device is based on a modern low-cost microcontroller and can support basically all relevant (cryptographic) protocols used by contactless smartcards today, e.g., those based on AES or Triple-DES. As a proof of concept, we present a full emulation of Mifare Classic cards on the basis of our highly optimized implementation of the stream cipher Crypto1. The implementation enables the creation of exact clones of such cards, including the UID. We furthermore reverse-engineered the protocol of DESFire EV1 and realize the first emulation of DESFire and DESFire EV1 cards in the literature. We practically demonstrate the capabilities of our emulator by spoofing several real-world systems, e.g., creating a contactless payment card which allows an attacker to set the stored credit balance as desired and hence make an infinite amount of payments.

[SourceForge] [BibTeX] [DOI] [pdf]