Professional Documents
Culture Documents
3.1 Notations
3.3 Hitag-2 used in RKE systems
The following notations will be used in the article:
3.3.1 Radio packets dissection
• The binary finite field containing 0 and 1 is
During their study of Hitag-2 based protocols [14],
F2 . The addition operation XOR on this field is
Garcia et al. reverse engineered the RF part used by
⊕. The multiplication operation (logical AND) is
the PCF7946 [1] chip from Philips. This transponder
noted &. Fn 2 is the Cartesian product:
is advertised to use Hitag-2 in RKE contexts, and
Fn = F × · · · × F2 .
2 | 2 {z } an important contribution of their paper has been the
n time dissection of radio packets transmitted from the key
• A string x ∈ Fn 2 composed of n bits will have
to the car, as well as how the fields in these packets
its ith bit noted xi , with 0 ≤ i < n. Hence are connected to the usage of the stream cipher. The
x = x0 . . . xn−1 . For example, in hexadecimal packets transmitted by the PCF7946 transponder are
notation 0x01 (equivalent to 00000001) is an composed of 7 fields listed in Table. 1.
eight-bit string where x0 to x6 are zero, and
Name Size (bits) Description
x7 = 1. The string with n zeros is 0n , and the SYNC 16 Synchronisation (0x0001)
string with n ones is 1n . UID 32 Unique Identifier
BTN 4 Button identifier
CNTRL 10 Low part of RKE counter
• Given the previous notations, (0x010000)i de- KS 32 Hitag-2 keystream
notes the ith bit of the 24-bit string 0x010000. CHK 8 Checksum
Thus (0x010000)7 = 1 and (0x010000)i =
0 for all 0 ≤ i ≤23 and i 6=7. Table 1: Hitag-2 radio packet structure for PCF7946
The unique identifier UID has a length of 32 bits. 3.4 Hitag-2: cryptographic weak-
The BTN button ID is encoded on 4 bits (which allows nesses and attacks
to index 16 buttons on one key). The counter CNTRL
has a length of 10 bits, and the 32-bit keystream The security of Hitag-2 is a subject of research since
KS is the output of Hitag-2. In addition, a 16-bit 2007. Many attacks exploiting weaknesses of the
synchronization sequence SYNC is sent in preamble algorithm in various use cases have been published.
to synchronize the clock on the receiver side. A These attacks are due to the 48 bits key length, the
checksum CHK is computed as an 8-bit sequence re- low degree of the filtering function f (small varia-
sulting from the XOR of all previous bytes in the tions of the inputs lead to small variation of the
packet (except bytes of SYNC). This checksum allows output), and the fact that the internal state is the
error detection. Finally, since the number of bits in same during the first 48 cycles of each session of a
the packet is not a multiple of 8 bits (102 bits), a given transponder.
padding of two bits ’10’ is added after KS, giving a We provide hereafter a brief overview of some at-
total of 104 bits per radio packet. tacks exploiting these weaknesses. The efficiency of
The 10-bit counter CNTRL is in fact a low part of these attacks strongly relies on the use case and the
the 28-bit counter used by the Hitag-2 cipher (L is context where Hitag-2 is considered.
for low). The 18-bit high part of the counter CNTRH • Exhaustive search: a 48-bit key is below mod-
(H for high) is kept secret on both the remote control ern standards, making brute-force attacks prac-
and the ECU sides. Consequently, the counter CNTR tical. Two triplets (id, iv, ks) are required to find
used by the cryptographic function is 28 bits while the key k. Since ks length is 32 bits, an average
only 10 bits are sent over-the-air. of 248−32 = 216 keys produce the same triplet
UID, BTN and CNTRL are sent with the most signifi- through collisions: the second triplet brings dis-
cant bit first. For example, if the lower part of the ambiguation with very high probability. Such
counter is equal to CNTRL = 1, then the 10-bits string exhaustive searches have been implemented on
is sent in the following order: 0000000001. various platforms (CPU, FPGA and GPU): a
summary is given in Table. 2.
3.3.2 Hitag-2 cipher inputs and output
Source Platform Time
In order to produce the authenticator KS, the sender [10] (2009) CPU 2GHz 4 years
[23] (2011) FPGA COPACOBANA Cluster 2 hours
and the receiver will have to feed three inputs to (Spartan 3 - XC3S1000)
the Hitag-2 cipher: a key k, an identifier id and an [15] (2012) GPU Nvidia Tesla C2050 11 hours
authors attack the immobilizer system of sev- internal state at the 32th clock cycle. Namely
eral cars using 134 frames acquired by sniffing a32 . . . a32+15 = k0 . . . k15 (for more details see
the near-field communication between the key Appendix A, and Fig. 6). The bit ks0 is then
and the ECU. The attack consists of filtering produced by using 8 bits among k0 . . . k15 , se-
candidate keys and strongly reduces the 248 ex- lected by the filtering function f (bits 2, 3, 5, 6,
haustive search space: bad candidates are invali- 8, 12, 14 and 15 of the internal state). The other
dated using relations between the keystream and 12 bits used when computing ks0 are other bits
the cipher inputs, and time-memory trade-off of the internal state related to non-guessed key
precomputed tables are used to optimize the pro- bits. Hence, it is possible to compute a correla-
cess. The attack is practical when the adversary tion score by averaging over the 212 non-guessed
has a close access to the anti-start system: only bits: the result reflects the likelihood of realizing
5 minutes on a standard laptop are needed to the observed bit ks0 given the guessed bits of
recover the key. the key. All the captured frames participate to
making this score more accurate, since many
• Correlation attack: the cryptanalysis of bits ks0 are observed. The score on a single
Hitag-2 previously described is not practical bit is very limited: the attack is extended to
in a RKE context since the adversary would bits ks1 . . . ks15 to refine it. The 16 bits of the
have to get 134 radio packets. Waiting for the guessed candidate act on these bits of keystream
legitimate user to open or close her car so many during clock cycles ≤ 32 + 16 (they are thrown
times is hardly practicable. This is why the au- out of the internal state after). Finally, the
thors of [14] have introduced a new cryptanalysis score of a 16-bit length candidate key is denoted
where capturing only 4 to 8 frames is needed k 16 = e
e k0 . . . e
k15 and is computed as an average
to extract the secret key from the transponder. over all the bits of keystream that they produce,
For the sake of succinctness, we will not detail as well as over all the triplets available to the
all the steps of the attack: we will only give an adversary. The same score computation is ex-
overview of its key concepts that will explain tended to the candidate keys of which n bits are
why this cryptanalysis operates poorly in some guessed e kn = e kn−1 , moving n from 16 to
k0 . . . e
RKE contexts that we have discovered (see Sec- 48. At each step, only the best candidates are
tion 4.3.4). kept using a ranking on a fixed size table.
Following the same concepts introduced in [25], The best known attack on Hitag-2 in a RKE
the main idea of the attack is to limit the ex- context is the correlation based cryptanalysis. The
haustive search by identifying good candidate authors of [14] advertise a result in 10 minutes on
keys with a high correlation score (this concept average on a standard laptop, with 4 to 8 captured
is explained hereafter). In the sequel, we sup- frames and a table with a fixed size of 400, 000 candi-
pose that the adversary has recorded several dates in memory. They also discuss a major issue that
radio frames of the same transponder (possibly must be overcome when dealing with the PCF7946
corresponding to different buttons), i.e. she has produced radio frames: the 18-bit high part of the
multiple triplets (id, iv, ks), the value of id be- counter CNTRH (used to produce a part of the iv in-
ing the same for all these triplets. The score of puts of Hitag-2) is not known to the adversary, since
n bit candidates (16 ≤ n ≤ 48) is computed via a it is not sent over-the-air. The authors propose to get
correlation relative to the observed output bits around this issue by observing that it takes 1024 key
ks of the algorithm. pushes on the transponder key to produce a carry
Let’s take the example of the 16-bit length can- to CNTRH. If CNTRH is set to 0 at manufacturing time,
didates: the adversary guesses the 16 lowest the value of CNTRH is presumably low and can be
significant bits k0 . . . k15 of the key k. These inferred using the age of the vehicle. Consequently,
bits are used during the initialization phase of the adversary can repeat the cryptanalysis as many
Hitag-2, and are located on the left part of the times as necessary by forging a new iv and ultimately
find the secret key after a reasonable time. They have sense that most of the physical and logical layers are
validated their assumption on various vehicles. As we known) is proposed to check the parameters accuracy
will see in the next sections, this assumption might regarding the device under test (DUT).
become inadequate for some Hitag-2 based RKE
systems such as the one we have been experimenting 4.1.1 Demodulation
with.
The working frequency of the DUT is 433.92 MHz. A
preliminary step is the analysis of the spectrum (anal-
4 Hardened Hitag-2 RKE unveiled
ysis in the frequency domain). As the RKE system
This section will provide details on some interesting is a narrow bandwidth technology a simple RTL-
points that were discovered during our experiments SDR [27] is used with the related GNU-Radio script.
with a Hitag-2 RKE system at our disposal. As we After setting the center frequency to 433.92 MHz and
will see, some discrepancies have been observed on a bandwidth of 2 MHz, the central frequency of the
our system. As a consequence it has shown to be system has been confirmed.
immune to the correlation attack presented in [14]. The next step is to confirm the modulation type. It
First, we briefly present the radio framework that is known that amplitude and frequency modulations
we have used to capture and dissect the packets. can be used by common RKE systems. The choice
Then, we detail the discrepancies implemented in is related the configuration of the RF IC by the
the hardened RKE system, and why the correlation manufacturer of the key. A waterfall representation
attack fails. (power spectral density in time-domain and frequency
domain) has confirmed that an amplitude modulation
is used by the DUT.
4.1 From RF signal to bits
In the framework of wireless communication security 4.1.2 Decoding
analysis, it is necessary to set-up an environment to
receive and analyse RF signals. Thus, the first task is Once the demodulation has been applied (the signal
to define adequate hardware and software resources obtained after demodulation is represented on Fig. 2
fitting with the characteristics of the signal under test. - time domain waveform), it is necessary to recover
One could list the following parameters to start with: the symbol duration and the type of encoding.
central frequency, channel bandwidth and any details It can be trivially observed that the demodulated
about the complexity of the physical layer. To get frame contains a preamble for synchronization pur-
access to these parameters, it is possible to investigate poses and the same packet repeated twice. In each
the open literature about the technology, standards, packet, a preamble is also present from which we can
FCC certification documents or any related document directly obtain the symbol duration (Fig. 3).
dealing with the integrated circuits used in the device. In order to assess the channel encoding scheme used
If no information is available about the targeted by the DUT, the knowledge of the packet structure
protocol, an empirical reverse engineering can be allows us to eliminate efficiently possible schemes.
applied, starting with the detection of the central In particular, the synchronization preamble and the
frequency. knowledge of the total size of the packets lead us to
The RKE system has been intensively studied, consider a Manchester encoding scheme. As it can
open source signal processing tools are available for be observed, a zero crossing transition appears at
receiving, demodulating and decoding packets (e.g. least once in a symbol duration, a pure NRZ scheme
[6]). During the review of the existing literature, the can be taken out of consideration. Indeed, due to
characteristics of the physical and logical layers have the expected entropy of the data contained in the
been found. A summary of these parameters is given packets (counter, output of an encryption algorithm,
in Table. 3. checksums), there is a low probability of having so
few symbol repetitions.
Parameter Value
Working frequency ISM 433 MHz Finally, the presence of checksums allows for veri-
Modulation ASK/FSK fying the decoding accuracy.
Channel encoding Manchester
Packet format see Table. 1
Symbol duration
SYNC DATA
is to extract the 48-bit key k from the target PCF7946 cryptographic key in the transponder. This approach
transponder. allowed us to indeed discover a hardened RKE system
We have implemented the correlation attack of [14] detailed in this section.
described in 3.4, but it failed at extracting the key
even with hundreds of captured radio packets as 4.3.1 Using blank keys
input.
Many car manufacturers allow legitimate users to
Software implementations are prone to errors, and
program new remote keys for backup purposes (in
in order to set aside such a cause of cryptanaly-
the case a key is lost for example). In the case of
sis failure we have validated our implementation
the PCF7946, the transponder can be switched in a
against crafted frames following the specifications
programming mode where parts of the EEPROM can
given in [14]. In our experimental test cases, the at-
be written with user defined values: this is the case for
tack allowed to recover the correct key with less than
the cryptographic key and some configuration flags.
12 distinct packets with a probability of 23 , and this
For obvious security reasons, this programming mode
probability drastically increases with more packets.
should be permanently disabled using commands that
These expected results confirm the efficiency of the
blow electronic fuses in the transponder after the
cryptanalysis in this setup, and points towards some
sensitive elements have been written in EEPROM.
divergence between the RKE system at our disposal
The protocol set up to communicate with the
and the specifications we have implemented.
transponder in this mode uses the 125 kHz near-field
frequency (see [17] for a complete description), and
4.3 Black box reverse engineering this is generally performed transparently between
the ECU and the blank key after the ECU is put in
In order to understand why our RKE system setup a specific mode with a documented actions sequence.
does not fit the expected specifications, a reverse It is possible to interact with blank keys using
engineering of the way the Hitag-2 output KS is a dedicated NFC reader. As Fig. 4 reveals, we
produced given the elements sent over-the-air in the can read the UID and the secret key k embedded
radio packets was necessary. in the transponder: the key has the default manufac-
One way to achieve this would be to analyze the turing value 0x4f4e4d494b521 documented in the
firmware embedded in the ECU or the one embedded datasheets [2] and in the reference code [28].
in the PCF7946 transponder. However, extracting the Unfortunately, these parts of the blank key’s EEP-
ECU firmware implies tampering with the vehicle, ROM do not reveal other critical elements involved
which was not an option. Moreover, most of the in the Hitag-2 RKE protocol, namely the low and
PCF7946 logic is hardwired, and this transponder is high fields of the counter CNTRL and CNTRH.
hardened against physical tampering: extracting the
key implies hardware reverse engineering, which is 4.3.2 Variations in the Hitag-2 inputs
time and resource consuming.
This leaves us with a black box analysis of the In order to understand how the initialization vector
system. In order to overcome the strong limitations iv input of Hitag-2 is constructed using the fields
of a blind investigation, we used publicly available 1 Thiskey is in fact the transcription in ASCII of MIKRON,
blank remote keys allowing us to set up an arbitrary the name of the company that designed Hitag-2.
-----------------------------
Transponder : PCF7946
Reading with configuration = IDE : AA800820, ISK_Lo : 4D494B52, ISK_Hi : 4F4E
-----------------------------
Read page 0 IDE : AA 80 08 20 ID
Read page 1 : 4D 49 4B 52
Read page 2 : .. .. 4F 4E Secret Key
Read page 3 : 06 .. .. ..
Read page 4 : .. .. .. ..
Read page 5 : .. .. .. .. Configuration
Read page 6 : .. .. .. ..
Read page 7 : .. .. .. ..
Figure 5: Bits order difference in Hitag-2 iv – (a) Article [14] (b) Hardened RKE
We have ∀i ∈ [0, 31] (32 clock cycles): • The low counter CNTRL overflows and a carry is
a48+i =k16+i ⊕ ivi ⊕ f (ai . . . a47+i ) propagated to MSK (every 1024 button pushes).
=(k16+i ⊕ Mi ) ⊕ (ivi ⊕ Mi ) ⊕ f (ai . . . a47+i ) • The ECU detects a replay attack and modifies
MSK with a random value as described in 4.3.3.
Hence, the 32 most significant bits of the key When MSK is modified, capturing two new RF pack-
k16 . . . k47 are xored with the initialization vector ets and performing a brute-force search again to find
iv0 . . . iv31 . Masking these two values with the same the new equivalent key can be a rather expensive
mask M will be offset during this operation. option. However, using results from 5.2, we will
Now, let’s consider a set of radio packets that have present new attacks to efficiently deal with these
been collected from hardened RKE using a PCF7946 situations. Let us assume that the adversary has
transponder. This set is made of triplets (id, iv,b ks)
previously captured two RF packets providing a first
where iv are the values of the initialization vectors
b
equivalent key bk after an exhaustive search. The
where the 18 least significant bits are zeroed (i.e. iv
b
adversary can then choose between two paths:
are only composed of the 14 known bits extracted
from the radio packet). We will name these elements 1. Zero capture and guess: the extraction of the
equivalent triplets. Let iv be the real values of the equivalent key b k through brute-force provides a
initialization vectors including the unknown part MSK, primitive to forge valid packets in a 1024 button
meaning that iv b = iv ⊕ (MSKk014 ). push timeline when there is no ECU resynchro-
The property of Hitag-2 previously exposed allows nization. This means that if the low counter
us to derive the following interesting result: CNTRL has the value x, the adversary can gener-
ate (1024−x) packets that the ECU will consider
Result authentic. The first x packets can also be gen-
A cryptanalysis performed on equivalent triplets erated, but they are useless to the adversary
(id, iv,
b ks) for a transponder with a key k allows since they belong to the “past”. Beyond these
to find an equivalent key such that: (1024−x) packets, there is a carry and the adver-
k = k ⊕ (016 kMSKk014 )
b sary must adapt the equivalent key to generate
legitimate packets for the new frame. Let kb0 be
The keystream authenticators ks generated by the new equivalent key. Abusing the addition
the equivalent key bk are the same as the ones notation, we have kb0 ≈ k ⊕ (016 k(MSK + 1)k014 ).
generated by k as long as MSK is not modified. Since an incrementation of a 18 bits value can
produce at most 18 chained carries, it is possible
This means that given two radio packets, i.e. two to precompute the 18 possible equivalent keys kb0
equivalent triplets, an adversary can perform the derived from b k. Then, it is easy to check which
brute-force attack presented in 5.1 and get an equiv- one of all these possible values indeed opens/-
k in a few minutes. Thanks to the previous
alent key b closes the car, and keeps it as the new equivalent
property, it is possible to forge valid radio packets key.
using bk as long as the unknown value MSK is not It is also important to bring a precision at this
modified. One should notice that it is important that point: when the car receives malformed frames,
the two packets used for the exhaustive search also it does not activate its anti-replay countermea-
share the same mask MSK, meaning that they must sure. Indeed, since the other 17 packets are
belong to the same 1024 low counter session (see the derived from bad guesses for the iv, they will
discussion below). produce non-authentic packets and will simply
be dropped by the ECU.
5.3 Wrapping up the new attacks
2. Recapture and adapt: in this scenario, we
As we have already uncovered, MSK is modified when: suppose that the adversary has an equivalent
key bk associated to a mask MSK, but for some rea- 5.4 Discussing countermeasures
son the 18-bit mask has changed to MSK’ yielding
in a new unknown equivalent key kb0 . In order to Obviously, several misconceptions compose the root
compute kb0 , a new radio packet is captured, pro- cause of the attack presented in this paper, starting
viding a new equivalent triplet associated to this with the use of the Hitag-2 algorithm to produce au-
c0 , ks0 ). thentication codes. This cipher has been known to be
equivalent key that will be noted (id, iv
cryptographically broken for a decade: using obsolete
The adversary performs a fast exhaustive search3
or proprietary cryptography is widely discouraged in
over the 218 elements to find a 18-bit value M
favour of public standards.
such that the observed keystream ks0 is realised
Independently of the cryptographic algorithm, the
by applying Hitag-2 using b k as a key, id and
0 14 management of the secret elements, randomness
iv ⊕ (M k0 ) as inputs. Then, the new equiv-
c
sources and initialization vectors is also an important
alent key corresponds to kb0 = bk ⊕ (016 kM k014 ). point. In particular, the key diversification strategy
It is easy to see that the value M found here among devices has a direct importance regarding the
is in fact the difference between the two masks: impact of the compromise of one particular device,
M = MSK ⊕ MSK0 . as recalled in [14].
Regarding the out-of-band update of secret param-
Both of the scenarios previously described suppose eters, the idea is quite interesting and would be even
a brute-force search using two packets as a preamble, more efficient, in the context of the attack presented
which implies the access to a computing cluster if in this study, if this was performed every time the car
getting the key within minutes is needed (see 5.1). is started. As a consequence, the adversary would
However, one should notice that any efficient crypt- face a very short time window to use the forged au-
analysis of Hitag-2 can replace this step without thentic frames against the RKE system. However, a
modifying the rest of the attacks: the parts that use successful attack against the near-field protocol could
the equivalent keys concept still hold. result in a ban of the legitimate key.
The “zero capture and guess” strategy better fits On the physical layer, several countermeasures
situations where the adversary ensures that no ECU could be implemented in order to increase the adver-
resynchronization occurs (i.e. when the user does sary profile. First, distance bounding protocols [8]
not open the car and start the engine after a rogue seem to be a promising approach to mitigate relay at-
packet has been sent). This is the case when a one- tacks. Additionally, as suggested in [4], RF front-end
shot open/close of the target is needed for example. fingerprinting can also be used for the identification
This scenario uses only two captured packets (hence of the legitimate transponder. Their deployment
the title of the article). would however involve significant costs.
Finally, monitoring and logging systems could be
The “recapture and adapt” strategy complies with
both integrated in vehicles and made accessible to
situations where the adversary knows that the mask
the end users. Indeed, with the integration of several
MSK has changed (either because of an incrementation
information systems into modern cars, it seems rele-
overflow of CNTRL, or because of the ECU counter-
vant to provide users with means to supervise and
measure): a new packet must be captured to adapt
monitor the activity of key functionalities, among
the equivalent key.
which the last time the car was unlocked or the num-
Interestingly, these attacks do not require the full ber of invalid unlock attempts would be of special
recovery of the real secret key k embedded in the interest in this case.
transponder, though information is learnt about the
18 unknown bits of k every 1024 packets (when CNTRL
overflows). Nonetheless, it is possible to generate 6 Conclusion
authentic packets using the equivalent keys, resulting
in the implementation of a software rogue remote Modern transportation vehicles enclose an increas-
control. ing amount of electronic devices in order to manage
both safety and entertainment functionalities. These
This rogue key has been tested against the two
devices expose interfaces which can be accessed from
attack scenarios previously described and validated
inside the vehicle or wirelessly. Therefore, the mecha-
with our target vehicle, using a YARD Stick One [13]
nisms allowing to open vehicles become critical from
and the RfCat framework [5] for the radio part.
an information security point of view.
In this study, an analysis of a Hitag-2 based Re-
3A few seconds on a standard PC. mote Keyless Entry system has been proposed. A
black box methodology for performing this analysis International Conference on Information Security (2009),
has been detailed, with a focus on the physical layer Springer, pp. 167–176.
characterisation and on the rolling code implemen- [11] de Koning Gans, G., Hoepman, J., and Garcia, F. D.
tation. As an outcome, it has been shown that the A Practical Attack on the MIFARE Classic. CoRR
abs/0803.2285 (2008). Web: http://arxiv.org/abs/
tested system was not vulnerable to the most recent 0803.2285.
state of the art attacks. Furthermore, an interest-
[12] Francillon, A., Danev, B., and Capkun, S. Relay
ing countermeasure was shown to be implemented, Attacks on Passive Keyless Entry and Start Systems
resulting in a near-field modification of some param- in Modern Cars. Cryptology ePrint Archive, Report
eters of the RKE protocol when several inconsistent 2010/332, 2010. http://eprint.iacr.org/2010/332.
radio packets are received by the vehicle. [13] Gadgets, G. S. YARD Stick One, 2015. Web: http:
Interestingly, this analysis leads to the design of a //greatscottgadgets.com/yardstickone/.
new cryptanalysis based on an optimized exhaustive [14] Garcia, F. D., Oswald, D., Kasper, T., and Pavlidès,
P. Lock it and still lose it —on the (in)security of automo-
search and taking advantage of a specificity of the tive remote keyless entry systems. In USENIX Security
Hitag-2 algorithm. It has been demonstrated that (Austin, TX, 2016), USENIX Association.
it is possible, for an adversary having captured a [15] Immler, V. Breaking hitag 2 revisited. In Security,
limited number of packets (at least two), to forge Privacy, and Applied Cryptography Engineering. Springer,
valid opening radio frames without finding the se- 2012, pp. 126–143.
cret key. Instead, it is possible to compute equiva- [16] Kamkar, S. Drive It Like You Hacked It. Defcon 23, 2015.
lent keys which allow to obtain the same Hitag-2 Web: https://samy.pl/defcon2015/2015-defcon.pdf.
keystream than with the legitimate secret key. With [17] Kasper, T. Security Analysis of Pervasive Wireless
this approach, the countermeasure could be trivially Devices–Physical and Protocol Attacks in Practice. PhD
thesis, PhD thesis. 2011. Web: https://wiki.crypto.
circumvented by capturing a single supplementary rub.de/Counter/get.php, 2011.
radio packet.
[18] Lemke, K., Sadeghi, A.-R., and Stüble, C. Anti-theft
These attacks are mainly possible due to the per- Protection: Electronic Immobilizers. Springer, Berlin,
sistent use of obsolete and proprietary ciphers. It Heidelberg, 2006, pp. 51–67.
is highly recommended to stick with standardized [19] Miller, C., and Valasek, C. Remote Exploitation of an
encryption algorithms with a proven robustness. Unaltered Passenger Vehicle. Web: http://illmatics.
com/Remote%20Car%20Hacking.pdf.
[20] Plötz, H., and Nohl, K. Breaking Hitag2, HAR2009,
References 2009, 2011.
[1] Philips Semiconductors. PCF7946AT datasheet, [21] Smith, C. The Car Hacker’s Handbook, 2014.
1999. Web: http://www.datasheetq.com/ Web: http://opengarages.org/handbook/2014_car_
datasheet-download/715109/0/Philips/PCF7946. hackers_handbook_compressed.pdf.
[2] NXP. PCF7936AS Securing Transponders (HITAG2) [22] Soos, M., Nohl, K., and Castelluccia, C. Extending
datasheet, 2010. Web: http://www.mouser.com/ SAT Solvers to Cryptographic Problems. Springer, Berlin,
catalog/specsheets/PCF7936AS__3851__C,1.pdf. Heidelberg, 2009, pp. 244–257.
[3] Philips Semiconductors. Hitag2 protocol datasheet, 1996, [23] Štembera, P., and Novotny, M. Breaking Hitag2
2010. with Reconfigurable Hardware. In Digital System Design
[4] Alincourt, E., Ray, C., Ricordel, P.-M., Daré- (DSD) (2011), IEEE, pp. 558–563.
Emzivat, D., and Boudraa, A. Méthodologie [24] Sun, S., Hu, L., Xie, Y., and Zeng, X. Cube cryptanal-
d’extraction de signatures issues des signaux ais. SSTIC, ysis of hitag2 stream cipher. In International Conference
2016. on Cryptology and Network Security (2011), Springer,
[5] ATLAS. RfCat, 2014. Web: https://bitbucket.org/ pp. 15–25.
atlas0fd00m/rfcat. [25] Verdult, R., Garcia, F. D., and Balasch, J. Gone in
[6] Bloessl, B. gr-keyfob. SDR Academy, 2015. Web: 360 seconds: Hijacking with hitag2. In USENIX Security
https://github.com/bastibl/gr-keyfob. (2012), pp. 237–252.
[7] Bogdanov, A. Cryptanalysis of the keeloq block cipher. [26] Verdult, R., Garcia, F. D., and Ege, B. Disman-
Cryptology ePrint Archive, Report 2007/055, 2007. http: tling megamos crypto: Wirelessly lockpicking a vehicle
//eprint.iacr.org/2007/055. immobilizer. In USENIX Security (2015), pp. 703–718.
[8] Brands, S., and Chaum, D. Distance-bounding proto- [27] Wickert, M. A., and Lovejoy, M. R. Hands-on soft-
cols (extended abstract). In EUROCRYPT’93, Lecture ware defined radio experiments with the low-cost rtl-sdr
Notes in Computer Science 765 (1993), Springer-Verlag, dongle. In Signal Processing and Signal Processing Edu-
pp. 344–359. cation Workshop (SP/SPE) (2015), IEEE, pp. 65–70.
[9] Courtois, N. T., and O’Neil, S. FSE Rump Session– [28] Wiener, I. C. Software optimized 48-bit Philips/NXP
Hitag 2 Cipher, 2011. Mifare Hitag2 PCF7936/46/47/52 stream cipher algo-
rithm. Web: http://cryptolib.com/ciphers/hitag2.
[10] Courtois, N. T., O’Neil, S., and Quisquater, J.-J.
Practical algebraic attacks on the hitag2 stream cipher. In
A Description of Hitag-2
Internal state (48 bits) at cycle i will be noted:
αi = ai . . . a47+i ∈ F48
2 .
Functions: a linear function and a non-linear function.
• LFSR – linear function L : F48
2 → F2 such that:
⊕
L(x) =x0 ⊕ x2 ⊕ x3 ⊕ x6 ⊕ x7 ⊕ x8 ⊕ x16 ⊕ x22 ⊕ x23
L(state)
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
⊕ x26 ⊕ x30 ⊕ x41 ⊕ x42 ⊕ x43 ⊕ x46 ⊕ x47
• Non-linear function f : F48 2 → F2 such that:
f (x) =fc (fa (x2 x3 x5 x6 ), fb (x8 x12 x14 x15 ),
fb (x17 x21 x23 x26 ), fb (x28 x29 x31 x33 ),
fa (i) = (0xA63C)i
fa (x34 x43 x44 x46 ))
Non linear functions fa , fb et fc are defined by:
– fa , fb : F42 → F2 with fa (i) = (0xA63C)i
and fb (i) = (0xA770)i
– fc : F52 → F2 with fc (i) = (0xD949CBB0)i
Inputs: the three inputs of the algorithm are:
• a 32-bit initialization vector iv ∈ F32
2
fb (i) = (0xA770)i
• a 48-bit key k ∈ F48
2
• a 32-bit identifier id ∈ F32
2
Algorithm steps: the algorithm is split in two main steps
...
that change the internal state at each clock cycle.
ks4
1. The initialization and randomization phases: they
make the internal state evolve during 80 clock cycles by
fc (i) = (0xD949CBB0)i
ks3
Clock cycles
keystream
using the three inputs. Only the non-linear function f is
used.
ks2
ai = idi , ∀i ∈ [0, 31] (32 cycles)
fb (i) = (0xA770)i
ks1
a32+i = ki , ∀i ∈ [0, 15] (16 cycles)
a48+i = k16+i ⊕ ivi ⊕ f (ai . . . a47+i ), ∀i ∈ [0, 31] (32 cycles)
ks0
2. The nominal phase: apply the LFSR on the internal
state.
a80+i = L(a32+i . . . a79+i ), ∀i ∈ N
function:
The RKE system only use the 32 first bits of the keystream
9
fa (i) = (0xA63C)i
6
5
4
3
2
1
0