project project walrus walrus
play

Project Project Walrus Walrus Make the most of your card cloning - PowerPoint PPT Presentation

Apr 25, 2023 •227 likes •666 views

Project Project Walrus Walrus Make the most of your card cloning devices Make the most of your card cloning devices Whois Team Walrus Daniel Underhay Matthew Daley @dunderhay bugfuzz.com Security Consultant at Aura Information Security

  1. Project Project Walrus Walrus Make the most of your card cloning devices Make the most of your card cloning devices

  2. Whois Team Walrus Daniel Underhay Matthew Daley @dunderhay bugfuzz.com Security Consultant at Aura Information Security Senior Security Consultant at Aura Information Security

  3. Backstory – More Red Teaming J • Phishing and social engineering attacks targeted at staff • Bypassing lock and access control systems • Attempts to physically access the premises • Attempts to remove sensitive data • Assessment and attempted infiltration of any internet-connected services or devices • And more...

  4. Access Control Systems • Restrict entrance to a property, building or room to authorized persons • Electronic locks • Card or biometric access readers and software • Some of these cards are easily cloned

  5. Where Do We Find These • Building entrance • Elevators • Office doors • Areas that require additional privilege: q Server rooms q Secure rooms

  6. Card Cloning Devices

  7. Proxmark3 • Created by Jonathan Westhues • Industry standard card cloning device • Low Frequency: 125kHz and 134kHz (HID Prox II, HITAG, and EM4100) • High Frequency: 13.56Mhz (Mifare Classic/Ultralight, and iClass)

  8. Chameleon Mini • Created by Kasper & Oswald • Portable tool for ISO14443/ISO15693/NFC security analysis • Emulate and clone contactless cards • High Frequency: 13.56Mhz (Mifare Classic 1K/4K 4B/7B/Ultralight)

  9. Tastic RFID Thief • HID Maxiprox 5375 • Long range RFID card reader • Modified by Bishop Fox • Low Frequency: 125kHz (HID Prox II) • Range ~ 0.5 meters

  10. Difficulties with Card Cloning • No common tool that controls all the devices • No common database to store cloned cards • Cloning cards surreptitiously can be tricky • Existing standalone mode on Proxmark3 is sketchy (no feedback) • Devices are often not very ‘user friendly’

  11. An Idea

  12. PoC || GTFO

  13. Wireframing

  14. Introducing Walrus • Walrus provides a common interface for your card cloning devices • Cards are stored in a common wallet instead of in separate databases • Reliable card cloning during red team engagements using your Android phone instead of your laptop – much less suspicious • No need to use your device’s limited physical interface or a cumbersome command prompt – use a simple, quick GUI instead • Easy to use, rated for users aged years 3+ on Play Store

  15. Cloning Cards with Walrus - Proxmark3

  16. Walrus - Proxmark3

  17. Walrus - Proxmark3

  18. Walrus - Proxmark3

  19. Walrus - Proxmark3

  20. Walrus - Proxmark3

  21. Walrus - Proxmark3

  22. Walrus - Proxmark3

  23. Walrus - Proxmark3

  24. Walrus - Proxmark3

  25. Walrus - Chameleon Mini

  26. Walrus Bulk Read Mode (Walrus- Driving)

  27. How Many Devices Can It Take?

  28. How Many Devices Can It Take?!

  29. Tastic RFID Thief to Walrus? ?

  30. Tastic RFID Thief + Bluetooth + HC-06

  31. Tastic RFID Thief BLE Edition

  32. Disclaimer • Bad actors ahead • Only clone cards if you have been given permission to do so • UI is out of date and has been upgraded

  33. Video of lumpy

  34. Help us Test! Open alpha release on Play Store now! Search for “ Walrus cloning ” or visit https://play.google.com/store/apps/details?id =com.bugfuzz.android.projectwalrus

  35. Future Plans • Modify the Bishop Fox Tastic RFID Thief PCB • Add features: q Brute force emulation mode q Sharing cards between Android devices q Gamification? • Add support for additional devices: q Generic Wiegand support via Team Walrus Arduino software q Magspoof q BLEKey q ESP-RFID-Tool q More?

  36. Tastic RFID Thief PCB

  37. PCB Modification

  38. Gamification (Maybe) • Wie-Gotta Catch ‘em All • Not a public database

  39. MagSpoof v2 • Created by Samy Kamkar • Commercialized by Rysc Corp • Emulate magnetic stripe or credit card data

  40. BLEKey • Created by Mark Baseggio and Eric Evenchick • A Bluetooth Low Energy (BLE) enabled tap for the Wiegand devices • Installed in a reader to passively sniff Wiegand data • Data can be offloaded to a phone via Bluetooth • Inject card data • Cheap • Emulate cards on that reader

  41. ESP-RFID-Tool • Created by Corey Harding • A Wi-Fi enabled tap for the Wiegand devices • Installed in a reader to passively sniff Wiegand data • Data can be offloaded to a phone via Wi-Fi AP • Inject push-to-exit signal • Cheap HTTPS://GITHUB.COM/RFIDTOOL/ESP-RFID-TOOL HTTPS://BLOG.APRBROTHER.COM/PRODUCT/ESP-RFID-TOOL

  42. Thank you! Getting Started: http://project-walrus.io Open alpha release on Play Store now: https://play.google.com/store/apps/details?id= com.bugfuzz.android.projectwalrus Open source (GPLv3). Code is on Github: https://github.com/megabug/Walrus

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Run your Research On the Effectiveness of Lightweight Mechanization C Klein, J Clements, C

Run your Research On the Effectiveness of Lightweight Mechanization C Klein, J Clements, C

Run your Research On the Effectiveness of Lightweight Mechanization C Klein, J Clements, C Dimoulas, C Eastlund, M Felleisen, M Flatt, J A McCarthy, J Rafkind, S Tobin-Hochstadt, R B Findler 1 The Koala, the Orangutan, and the Walrus ftp>

799 views • 50 slides
Sasha McFarland Lisanne Aerts Sheyna Wisdom The Chukchi Sea ~56% is shallower than 50 m

Sasha McFarland Lisanne Aerts Sheyna Wisdom The Chukchi Sea ~56% is shallower than 50 m

Sasha McFarland Lisanne Aerts Sheyna Wisdom The Chukchi Sea ~56% is shallower than 50 m Covered by sea ice >8 months of the year, with partial coverage through the summer Pacific Walrus in the Chukchi Sea Pagophilic

827 views • 29 slides
Project Project Project Evolution of project Structured Collaborative Project Unstructured

Project Project Project Evolution of project Structured Collaborative Project Unstructured

Alain Fournier Presentation: Project Management Tools for Increasing Project Success! Alain is a Project and Portfolio Management Solutions Executive with Microsoft Canada specializing in Cloud Productivity Solutions Have over 20 years of

428 views • 21 slides
evaluations An unsuccessful project? An unsuccessful project? An unsuccessful project? A

evaluations An unsuccessful project? An unsuccessful project? An unsuccessful project? A

Effective post project evaluations An unsuccessful project? An unsuccessful project? An unsuccessful project? A successful project? Agenda for today Who are LCMB? The context for post project evaluation The project lifecycle Post project

476 views • 32 slides
BPR4GDPR Project Presentation Project ID Project acronym: BPR4GDPR Project title:

BPR4GDPR Project Presentation Project ID Project acronym: BPR4GDPR Project title:

BPR4GDPR Project Presentation Project ID Project acronym: BPR4GDPR Project title: Business Process Re-engineering and functional toolkit for GDPR compliance Contract number: 787149 Funded under the H2020 call DS-08-2017

421 views • 22 slides
HIT MODERNIZATION PROJECT HHS // IHS HIT Modernization Project PROJECT PURPOSE The HHS IHS HIT

HIT MODERNIZATION PROJECT HHS // IHS HIT Modernization Project PROJECT PURPOSE The HHS IHS HIT

HHS // IHS HIT MODERNIZATION PROJECT HHS // IHS HIT Modernization Project PROJECT PURPOSE The HHS IHS HIT Modernization Project is sponsored by the U.S. Department of Health and Human Services Office of the Chief Technology Officer (HHS OCTO)

712 views • 13 slides
NORTH FORK BIOENERGY PROJECT PROJECT STATUS Project Overview Project Team and Organization

NORTH FORK BIOENERGY PROJECT PROJECT STATUS Project Overview Project Team and Organization

2 nd Annual Rural Community Development Initiative Capacity Building and Wood Utilization Workshop NORTH FORK BIOENERGY PROJECT PROJECT STATUS Project Overview Project Team and Organization Major Milestones Accomplishments

631 views • 12 slides
2013 Project Excellence Awards Project Requirements In-house design project Project

2013 Project Excellence Awards Project Requirements In-house design project Project

2013 Project Excellence Awards Project Requirements In-house design project Project constructed or near completion Judging Criteria Unique design considerations Constructability Post-construction performance Stakeholder

682 views • 29 slides
This project goes under eight different steps. This project goes under eight different steps.

This project goes under eight different steps. This project goes under eight different steps.

This project goes under eight different steps. This project goes under eight different steps. Chapter One: The first step is about narrating some facts, by which my project and research were based on. Egypt is located in north east africa,

690 views • 46 slides
Agenda 1. Introductions 2. Sign-in 3. Project Location 4. Project Background 5. POE

Agenda 1. Introductions 2. Sign-in 3. Project Location 4. Project Background 5. POE

Agenda 1. Introductions 2. Sign-in 3. Project Location 4. Project Background 5. POE Drainage Alternatives 6. Project Benefits 7. Open Forum 8. Adjourn Project Location Project Background ASCG Inc. completed a Project Development

321 views • 15 slides
Trees Algorithms CSE 373 SU 18 BEN JONES 1 Announcements - Project 3 Due Tonight - Project

Trees Algorithms CSE 373 SU 18 BEN JONES 1 Announcements - Project 3 Due Tonight - Project

Minimum Spanning Data Structures and Trees Algorithms CSE 373 SU 18 BEN JONES 1 Announcements - Project 3 Due Tonight - Project 4 Assigned Today - Same partners as project 3 - We will re-run project 3 grading on project 4, just like the

704 views • 59 slides
Presentation Agenda Project History/Background Project Overview Current Project Status

Presentation Agenda Project History/Background Project Overview Current Project Status

Presentation Agenda Project History/Background Project Overview Current Project Status Project Opportunities 1 1 Pre-Solicitation Conference June 2018 www.newnicebridge.com 2 Welcome and Introductions Project Team MDTA

776 views • 38 slides
1 We will begin with some background information on the project. We will then talk about why we

1 We will begin with some background information on the project. We will then talk about why we

Welcome. My name is Mark Frechette. I am the project director for the New York State Department of Transportations (NYSDOT) I 81 Viaduct Project. Thank you for being here tonight. The project team has been working hard and we are excited to

548 views • 39 slides
PROJECT INFORMATION SESSION May 14, 2020 TOPICS TO COVER Project Purpose Project

PROJECT INFORMATION SESSION May 14, 2020 TOPICS TO COVER Project Purpose Project

WETLAND & RIPARIAN INVENTORIES FOR UGB EXPANSION AREAS PROJECT INFORMATION SESSION May 14, 2020 TOPICS TO COVER Project Purpose Project Approach Who is Involved What is Needed to Make it Happen How the Project Will

581 views • 46 slides
I-84 Danbury Project Project Advisory Committee (PAC) Meeting No. 3 September 24, 2019 0

I-84 Danbury Project Project Advisory Committee (PAC) Meeting No. 3 September 24, 2019 0

I-84 Danbury Project Project Advisory Committee (PAC) Meeting No. 3 September 24, 2019 0 Agenda PAC Membership and Recap of Outreach Efforts Perspective Gathering Exercise Project Need Project Need Check-in Project Purpose

940 views • 54 slides
ORMONDE MINING BARRUECOPARDO TUNGSTEN PROJECT Project Permitted Project Funded Project

ORMONDE MINING BARRUECOPARDO TUNGSTEN PROJECT Project Permitted Project Funded Project

ORMONDE MINING BARRUECOPARDO TUNGSTEN PROJECT Project Permitted Project Funded Project Upside Mar 2017 1 ORMONDE MINING Disclaimer The content of this document has not been approved by an authorised person within the meaning of the

712 views • 21 slides
Do Code Clones Matter? Software Engineering Seminar Spring Semester 2010 Dan Tecu Paper

Do Code Clones Matter? Software Engineering Seminar Spring Semester 2010 Dan Tecu Paper

Do Code Clones Matter? Software Engineering Seminar Spring Semester 2010 Dan Tecu Paper presented today: Do Code Clones Matter? Juergens, E.; Deissenboeck, F.; Hummel, B.; Wagner, S. ICSE'09, May 16-24, 2009, Vancouver, Canada 09 th of March

628 views • 24 slides
Clone Objectives Describe how to make a copy of a reference type ICloneable interface

Clone Objectives Describe how to make a copy of a reference type ICloneable interface

Clone Objectives Describe how to make a copy of a reference type ICloneable interface Clone method Object.MemberwiseClone method Discuss special cases string field reference field inheritance 2 Motivation:

640 views • 24 slides
Pseudorandom States, No-Cloning Pseudorandom States, No-Cloning Theorems and Quantum Money

Pseudorandom States, No-Cloning Pseudorandom States, No-Cloning Theorems and Quantum Money

Pseudorandom States, No-Cloning Pseudorandom States, No-Cloning Theorems and Quantum Money Theorems and Quantum Money Zhengfeng Ji (UTS:QSI) QCrypt 2018, Shanghai 1 . 1 A Joint Work With A Joint Work With Yi-Kai Liu Fang Song (NIST and

257 views • 24 slides
Lecture 26 Empirical Studies of Clone Evolution Clone Genealogies EE 382V Spring 2009 Software

Lecture 26 Empirical Studies of Clone Evolution Clone Genealogies EE 382V Spring 2009 Software

Lecture 26 Empirical Studies of Clone Evolution Clone Genealogies EE 382V Spring 2009 Software Evolution - Instructor Miryung Kim Todays Agenda (1) Class Presentation Meiru Che Amal Banerjee Course Evaluation I

531 views • 26 slides
Sub-clones: Considering the Part Rather than the Whole Robert Tairas Department of Computer and

Sub-clones: Considering the Part Rather than the Whole Robert Tairas Department of Computer and

Sub-clones: Considering the Part Rather than the Whole Robert Tairas Department of Computer and Information Sciences University of Alabama at Birmingham Jeff Gray Department of Computer Science University of Alabama This research is

489 views • 18 slides
Automatic Mining of Functionally Equivalent Code Fragments via Random Testing Lingxiao Jiang and

Automatic Mining of Functionally Equivalent Code Fragments via Random Testing Lingxiao Jiang and

Automatic Mining of Functionally Equivalent Code Fragments via Random Testing Lingxiao Jiang and Zhendong Su Introduction Functional Clones EqMiner w/ Evaluation Conclusion Cloning in Software Development How New Software Product

498 views • 38 slides
Java Language Constructs II Department of Computer Science University of Maryland, College Park

Java Language Constructs II Department of Computer Science University of Maryland, College Park

CMSC 132: Object-Oriented Programming II Java Language Constructs II Department of Computer Science University of Maryland, College Park Announcements Regarding TA Room Usage No food or drinks are allowed in the TA room. Please do

588 views • 12 slides
Time Protection: The Missing OS Abstraction Qian Ge, Yuval Yarom, Tom Chothia, Gernot Heiser

Time Protection: The Missing OS Abstraction Qian Ge, Yuval Yarom, Tom Chothia, Gernot Heiser

Time Protection: The Missing OS Abstraction Qian Ge, Yuval Yarom, Tom Chothia, Gernot Heiser qian.ge@data61.csiro.au www.data61.csiro.au Top secret Time Protection: The Missing OS Abstraction qian.ge@data61.csiro.au 2 Enforcing time

1.08k views • 40 slides

More recommend