## NTAG424 Crypto Stack Leak: Sensitive Keys, Nonces, Session Data Never Zeroed After Use
A critical memory-handling flaw in the NTAG424 authentication and communication code leaves sensitive cryptographic material exposed on the stack, creating a direct physical attack vector. The code fails to zero out key material, nonces, and encrypted session data after use, allowing these secrets to persist in memory. This oversight affects core functions including authentication, session key derivation, and key change operations, leaving a persistent trail of secrets that could be harvested by an attacker with physical device access.

The vulnerability spans multiple critical functions. In `ntag424_Authenticate()`, arrays containing random challenges (`RndA`, `RndB`), their encrypted forms (`RndBEnc`), and authentication answers (`answer`, `answer_enc`) are left uncleared. The `ntag424_apdu_send()` function leaves initialization vectors (`iv`, `ive`), padded and encrypted payloads, and MAC verification data on the stack. Similarly, `ntag424_derive_session_keys()` fails to clear intermediate key fragments (`sv1`, `sv2`), and `ntag424_ChangeKey()` leaves key XOR material and key data exposed. None of these buffers are sanitized using secure functions like `memset_s` or `explicit_bzero`.

On a microcontroller, if subsequent function calls do not overwrite the stack, this residual data becomes a prime target. An attacker with physical access could exploit interfaces like JTAG or SWD debug ports to dump memory contents. Techniques such as fault injection followed by a memory dump, or examining persisting stack contents in freed task memory, could successfully extract these cryptographic secrets. This flaw fundamentally undermines the security model of devices relying on this library, as persistent key material negates the ephemeral nature of session keys and challenges, potentially compromising authentication and encryption.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: cryptography, memory_safety, embedded_security, physical_attack, authentication
- **Credibility**: unverified
- **Published**: 2026-04-13 07:22:33
- **ID**: 61459
- **URL**: https://whisperx.ai/en/intel/61459