Project Project Walrus Walrus Make the most of your card cloning - - PowerPoint PPT Presentation

project project walrus walrus
SMART_READER_LITE
LIVE PREVIEW

Project Project Walrus Walrus Make the most of your card cloning - - PowerPoint PPT Presentation

Apr 25, 2023 227 likes •673 views

Project Project Walrus Walrus Make the most of your card cloning devices Make the most of your card cloning devices Whois Team Walrus Daniel Underhay Matthew Daley @dunderhay bugfuzz.com Security Consultant at Aura Information Security

slide-1
SLIDE 1

Project Project Walrus Walrus

Make the most of your card cloning devices Make the most of your card cloning devices

slide-2
SLIDE 2

Whois Team Walrus

Daniel Underhay

@dunderhay

Security Consultant at Aura Information Security

Matthew Daley

bugfuzz.com

Senior Security Consultant at Aura Information Security

slide-3
SLIDE 3

Backstory – More Red Teaming J

  • Phishing and social engineering attacks targeted at staff
  • Bypassing lock and access control systems
  • Attempts to physically access the premises
  • Attempts to remove sensitive data
  • Assessment and attempted infiltration of any internet-connected

services or devices

  • And more...
slide-4
SLIDE 4

Access Control Systems

  • Restrict entrance to a property, building or room to authorized persons
  • Electronic locks
  • Card or biometric access readers

and software

  • Some of these cards are easily

cloned

slide-5
SLIDE 5

Where Do We Find These

  • Building entrance
  • Elevators
  • Office doors
  • Areas that require additional privilege:

q Server rooms q Secure rooms

slide-6
SLIDE 6

Card Cloning Devices

slide-7
SLIDE 7

Proxmark3

  • Created by Jonathan Westhues
  • Industry standard card cloning device
  • Low Frequency: 125kHz and 134kHz

(HID Prox II, HITAG, and EM4100)

  • High Frequency: 13.56Mhz

(Mifare Classic/Ultralight, and iClass)

slide-8
SLIDE 8

Chameleon Mini

  • Created by Kasper & Oswald
  • Portable tool for ISO14443/ISO15693/NFC

security analysis

  • Emulate and clone contactless cards
  • High Frequency: 13.56Mhz

(Mifare Classic 1K/4K 4B/7B/Ultralight)

slide-9
SLIDE 9

Tastic RFID Thief

  • HID Maxiprox 5375
  • Long range RFID card reader
  • Modified by Bishop Fox
  • Low Frequency: 125kHz

(HID Prox II)

  • Range ~ 0.5 meters
slide-10
SLIDE 10

Difficulties with Card Cloning

  • No common tool that controls all the devices
  • No common database to store cloned cards
  • Cloning cards surreptitiously can be tricky
  • Existing standalone mode on Proxmark3 is sketchy (no feedback)
  • Devices are often not very ‘user friendly’
slide-11
SLIDE 11

An Idea

slide-12
SLIDE 12

PoC || GTFO

slide-13
SLIDE 13

Wireframing

slide-14
SLIDE 14

Introducing Walrus

  • Walrus provides a common interface for your card cloning devices
  • Cards are stored in a common wallet instead of in separate databases
  • Reliable card cloning during red team engagements using your Android

phone instead of your laptop – much less suspicious

  • No need to use your device’s limited physical interface or a

cumbersome command prompt – use a simple, quick GUI instead

  • Easy to use, rated for users aged years 3+ on Play Store
slide-15
SLIDE 15

Cloning Cards with Walrus - Proxmark3

slide-16
SLIDE 16

Walrus - Proxmark3

slide-17
SLIDE 17

Walrus - Proxmark3

slide-18
SLIDE 18

Walrus - Proxmark3

slide-19
SLIDE 19

Walrus - Proxmark3

slide-20
SLIDE 20

Walrus - Proxmark3

slide-21
SLIDE 21

Walrus - Proxmark3

slide-22
SLIDE 22

Walrus - Proxmark3

slide-23
SLIDE 23

Walrus - Proxmark3

slide-24
SLIDE 24

Walrus - Proxmark3

slide-25
SLIDE 25

Walrus - Chameleon Mini

slide-26
SLIDE 26

Walrus Bulk Read Mode (Walrus- Driving)

slide-27
SLIDE 27

How Many Devices Can It Take?

slide-28
SLIDE 28

How Many Devices Can It Take?!

slide-29
SLIDE 29

Tastic RFID Thief to Walrus?

?

slide-30
SLIDE 30

Tastic RFID Thief + Bluetooth

+

HC-06

slide-31
SLIDE 31

Tastic RFID Thief BLE Edition

slide-32
SLIDE 32

Disclaimer

  • Bad actors ahead
  • Only clone cards if you have been given permission to do so
  • UI is out of date and has been upgraded
slide-33
SLIDE 33

Video of lumpy

slide-34
SLIDE 34

Help us Test!

Open alpha release on Play Store now! Search for “Walrus cloning” or visit

https://play.google.com/store/apps/details?id =com.bugfuzz.android.projectwalrus

slide-35
SLIDE 35

Future Plans

  • Modify the Bishop Fox Tastic RFID Thief PCB
  • Add features:

q Brute force emulation mode q Sharing cards between Android devices q Gamification?

  • Add support for additional devices:

q Generic Wiegand support via Team Walrus Arduino software q Magspoof q BLEKey q ESP-RFID-Tool q More?

slide-36
SLIDE 36

Tastic RFID Thief PCB

slide-37
SLIDE 37

PCB Modification

slide-38
SLIDE 38

Gamification (Maybe)

  • Wie-Gotta Catch ‘em All
  • Not a public database
slide-39
SLIDE 39

MagSpoof v2

  • Created by Samy Kamkar
  • Commercialized by Rysc Corp
  • Emulate magnetic stripe or credit card data
slide-40
SLIDE 40

BLEKey

  • Created by Mark Baseggio and Eric Evenchick
  • A Bluetooth Low Energy (BLE) enabled tap

for the Wiegand devices

  • Installed in a reader to passively sniff

Wiegand data

  • Data can be offloaded to a phone

via Bluetooth

  • Inject card data
  • Cheap
  • Emulate cards on that reader
slide-41
SLIDE 41

ESP-RFID-Tool

  • Created by Corey Harding
  • A Wi-Fi enabled tap for the Wiegand devices
  • Installed in a reader to passively sniff

Wiegand data

  • Data can be offloaded to a phone

via Wi-Fi AP

  • Inject push-to-exit signal
  • Cheap

HTTPS://GITHUB.COM/RFIDTOOL/ESP-RFID-TOOL HTTPS://BLOG.APRBROTHER.COM/PRODUCT/ESP-RFID-TOOL

slide-42
SLIDE 42

Thank you!

Getting Started:

http://project-walrus.io

Open alpha release on Play Store now:

https://play.google.com/store/apps/details?id= com.bugfuzz.android.projectwalrus

Open source (GPLv3). Code is on Github:

https://github.com/megabug/Walrus

slide-43
SLIDE 43