RFID attacks and proxmark hands-on @ KirilsSolovjovs +4fd9 About - - PowerPoint PPT Presentation

+4fd9

RFID attacks and proxmark hands-on

@KirilsSolovjovs

+4fd9

• Programming → sysad →

networking

• IT security for the past 10+ y
• Owner and Lead

Researcher at Possible Security

• Hacking and breaking things

–

http://kirils.org/

–

http://possiblesecurity.com/news/

About me

+4fd9

• RFID basics
• RFID standarts
• Hacking tools
• Proxmark

+ Lots of demos

Contents

+4fd9

• NFC is a subset of RFID

– 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag

Let’s get this out of the way: RFID vs NFC?

+4fd9

• Microchip
• Antenna
• No power source

RFID tag

+4fd9

• Radio Frequency Identification

RFID

+4fd9

• LF
• 125 kHz
• 134.2 kHz
• ...

Typical RFID frequencies

• HF
• 13.56 MHz
• ...

+4fd9

• ISO/IEC 14443A

– Mifare

• ISO/IEC 14443B
• ISO/IEC 15693

RFID standards

• em4xxx
• HID Global

–

iClass

–

Hitag2

–

Indala

• TI

+4fd9

• RFID readers
• RFID duplication “gun”
• Frequency scanner
• BLEkey
• hackRF… ?
• Proxmark III !

Tools

+4fd9

Proxmark III

+4fd9

Proxmark III RDV 2 / 4

+4fd9

• Problematic for UID-based protocols
• BLEKey

– Bluetooth connected UID

sniffer / storage

Wiegand interface

+4fd9

• Duplicating contents of one card into another
• Often involves breaking some cryptography or defeating some other protection

Card cloning

+4fd9

Mifare Ultralight

+4fd9

Mifare Classic

+4fd9

+4fd9

• https://github.com/Proxmark/proxmark3/wiki/Kali-Linux

Proxmark III setup

+4fd9

• reading cards...
• attacks…

–

+ mfkey

Proxmark III magic

+4fd9

Proxmark III snooping