rfid attacks and proxmark hands-on · +4fd9 nfc is a subset of rfid – 13.56mhz – iso/iec 14443...

+4fd9

RFID attacksand

proxmark hands-on

@KirilsSolovjovs

+4fd9

● Programming → sysad → networking

● IT security for the past 10+ y● Owner and Lead

Researcher at Possible Security

● Hacking and breaking things– http://kirils.org/

– http://possiblesecurity.com/news/

About me

+4fd9

● RFID basics● RFID standarts● Hacking tools● Proxmark

+ Lots of demos

Contents

+4fd9

● NFC is a subset of RFID– 13.56MHz– ISO/IEC 14443– NFC device can be both a reader and a tag

Let’s get this out of the way:RFID vs NFC?

+4fd9

● Microchip● Antenna● No power source

RFID tag

+4fd9

● Radio Frequency Identification

RFID

+4fd9

● LF● 125 kHz● 134.2 kHz● ...

Typical RFID frequencies● HF● 13.56 MHz● ...

+4fd9

● ISO/IEC 14443A– Mifare

● ISO/IEC 14443B● ISO/IEC 15693

RFID standards● em4xxx● HID Global

– iClass

– Hitag2

– Indala

● TI

+4fd9

● RFID readers● RFID duplication “gun”● Frequency scanner● BLEkey● hackRF… ?● Proxmark III !

Tools

+4fd9

Proxmark III

+4fd9

Proxmark III RDV 2 / 4

+4fd9

● Problematic for UID-based protocols

● BLEKey– Bluetooth connected UID

sniffer / storage

Wiegand interface

+4fd9

● Duplicating contents of one card into another

● Often involves breaking some cryptography or defeating some other protection

Card cloning

+4fd9

Mifare Ultralight

+4fd9

Mifare Classic

+4fd9

+4fd9

● https://github.com/Proxmark/proxmark3/wiki/Kali-Linux

Proxmark III setup

+4fd9

● reading cards...● attacks…

– + mfkey

Proxmark III magic

+4fd9

Proxmark III snooping