Smart card readers for MiFare Classic cards

Question

While reading papers on how to attack MiFare Classic cards to figure out how secure is it, I have noticed many times that researchers talk about "genuine readers" and I couldn't understand very well what is meant by this term. Aren't all the readers deal in the same way with the cards? i.e. a reader at the place to be attacked can be replaced by any reader bought from the market.

Or is there some kind of key or per card reader configuration that gives every place that uses a card reader its unique identity that can't be replaced with any other new card reader bought from the market?

Answer 1

Usually "genuine reader" (or rather "genuine reader system") refers to the reader (including its control software) as it is in use in a live application (access control gate, vending machine, etc.) Thus, this reader (again reader + control software) knows how to access the cards (including the knowledge of the keys necessary to access any protect information on the card).

This term is used to differentiate from a reader that can (technically) communicate with the same card technology but does not (necessarily) have information on how to access the card (or at least does not have knowledge of any necessary secret keys).

For instance with MIFARE Classic, an attacker can compute the keys from any genuine card using any suitable (in terms of the key breaking attack) reader, even if the reader does not (yet) have knowledge about the actual keys of the card. The only requirement is to have a genuien card (i.e. a card that works in the system under attack).