Abstract
The use of Radio-Frequency Identification (RFID) technology has grown significantly in access control and payment systems. Cards based on the MIFARE Classic standard are widely adopted due to their low cost but introduce known security vulnerabilities. This article presents a practical analysis of these vulnerabilities, focusing on the structural weaknesses of the proprietary CRYPTO-1 encryption algorithm. The methodology included a literature review and practical experiments using the Proxmark3 penetration testing tool with the Iceman Firmware. Standard cards and "Chinese Magic Cards" were evaluated using Nested, Darkside, and Hardnested attacks. The results demonstrated systematic vulnerabilities in the card sectors. The Nested attack recovered keys with default policies in 1 to 3 seconds, while the Hardnested attack compromised non-default keys within a few minutes. After key extraction, full memory reading and complete device cloning were successfully achieved. We conclude that the MIFARE Classic standard remains highly vulnerable to structural and cloning attacks. The most effective mitigation is migrating to more robust technologies, such as MIFARE Plus or DESFire EV2. For systems that cannot be immediately upgraded, we recommend periodic key rotation, the removal of default keys, and the implementation of anti-replay mechanisms in the readers.

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Copyright (c) 2026 Rafael de Sa Mascarenhas
