In my research on RFID protocols, I wrote a deep-dive doc breaking down one of the most effective attacks on MIFARE Classic cards: the offline nested authentication attack.
This technique lets an attacker recover all sector keys on a card, starting with just a single known key. I like this attack a lot because it shows how a few small, seemingly inconsequential design flaws can build upon each other to break a system that was once considered secure.
If you’re into RFID security, cryptography, or just enjoy figuring out how clever exploits work, definitely check it out! The doc walks through the attack step-by-step, explaining how it works and a bit of the math behind it.