The dirty laundry of stored value washing cards
Aidan Nakache, Equip
RF Village @ DEF CON 33 · Day 1 · RF Village
In "The dirty laundry of stored value washing cards," speakers Alexander and Lou (Aidan Nakache) from Equip unveil critical vulnerabilities within **Mifare Classic** RFID-based stored-value laundry systems, predominantly those powered by Kiosoft. The talk, presented at RF Village, details their meticulous reverse engineering journey to uncover how these ubiquitous cards store monetary value, transaction identifiers, and other sensitive data, ultimately demonstrating how an attacker can manipulate card balances at will.
AI review
Solid, hands-on RFID research that goes well past the usual 'Mifare Classic is broken, here's Mfoc' surface-level treatment. The function-mirror discovery — static byte pairs embedded in the card that literally document the XOR/linear relationships needed to spoof a valid balance — is a genuinely elegant find that elevates this above a routine crypto-weakness demo. Minor ding for novelty: Mifare Classic attacks are a mature space, and the core crypto break isn't new, but the specific Kiosoft data-layout reversal, the Transaction ID bypass at the machine level, and the Flipper Zero tooling…