rfid attacks and proxmark hands-on · +4fd9 nfc is a subset of rfid – 13.56mhz – iso/iec 14443...
TRANSCRIPT
![Page 1: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID](https://reader036.vdocuments.mx/reader036/viewer/2022062605/5fd24882651df76ca6717108/html5/thumbnails/1.jpg)
+4fd9
RFID attacksand
proxmark hands-on
@KirilsSolovjovs
![Page 2: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID](https://reader036.vdocuments.mx/reader036/viewer/2022062605/5fd24882651df76ca6717108/html5/thumbnails/2.jpg)
+4fd9
● Programming → sysad → networking
● IT security for the past 10+ y● Owner and Lead
Researcher at Possible Security
● Hacking and breaking things– http://kirils.org/
– http://possiblesecurity.com/news/
About me
![Page 3: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID](https://reader036.vdocuments.mx/reader036/viewer/2022062605/5fd24882651df76ca6717108/html5/thumbnails/3.jpg)
+4fd9
● RFID basics● RFID standarts● Hacking tools● Proxmark
+ Lots of demos
Contents
![Page 4: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID](https://reader036.vdocuments.mx/reader036/viewer/2022062605/5fd24882651df76ca6717108/html5/thumbnails/4.jpg)
+4fd9
● NFC is a subset of RFID– 13.56MHz– ISO/IEC 14443– NFC device can be both a reader and a tag
Let’s get this out of the way:RFID vs NFC?
![Page 5: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID](https://reader036.vdocuments.mx/reader036/viewer/2022062605/5fd24882651df76ca6717108/html5/thumbnails/5.jpg)
+4fd9
● Microchip● Antenna● No power source
RFID tag
![Page 6: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID](https://reader036.vdocuments.mx/reader036/viewer/2022062605/5fd24882651df76ca6717108/html5/thumbnails/6.jpg)
+4fd9
● Radio Frequency Identification
RFID
![Page 7: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID](https://reader036.vdocuments.mx/reader036/viewer/2022062605/5fd24882651df76ca6717108/html5/thumbnails/7.jpg)
+4fd9
● LF● 125 kHz● 134.2 kHz● ...
Typical RFID frequencies● HF● 13.56 MHz● ...
![Page 8: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID](https://reader036.vdocuments.mx/reader036/viewer/2022062605/5fd24882651df76ca6717108/html5/thumbnails/8.jpg)
+4fd9
● ISO/IEC 14443A– Mifare
● ISO/IEC 14443B● ISO/IEC 15693
RFID standards● em4xxx● HID Global
– iClass
– Hitag2
– Indala
● TI
![Page 9: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID](https://reader036.vdocuments.mx/reader036/viewer/2022062605/5fd24882651df76ca6717108/html5/thumbnails/9.jpg)
+4fd9
● RFID readers● RFID duplication “gun”● Frequency scanner● BLEkey● hackRF… ?● Proxmark III !
Tools
![Page 10: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID](https://reader036.vdocuments.mx/reader036/viewer/2022062605/5fd24882651df76ca6717108/html5/thumbnails/10.jpg)
+4fd9
Proxmark III
![Page 11: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID](https://reader036.vdocuments.mx/reader036/viewer/2022062605/5fd24882651df76ca6717108/html5/thumbnails/11.jpg)
+4fd9
Proxmark III RDV 2 / 4
![Page 12: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID](https://reader036.vdocuments.mx/reader036/viewer/2022062605/5fd24882651df76ca6717108/html5/thumbnails/12.jpg)
+4fd9
● Problematic for UID-based protocols
● BLEKey– Bluetooth connected UID
sniffer / storage
Wiegand interface
![Page 13: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID](https://reader036.vdocuments.mx/reader036/viewer/2022062605/5fd24882651df76ca6717108/html5/thumbnails/13.jpg)
+4fd9
● Duplicating contents of one card into another
● Often involves breaking some cryptography or defeating some other protection
Card cloning
![Page 14: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID](https://reader036.vdocuments.mx/reader036/viewer/2022062605/5fd24882651df76ca6717108/html5/thumbnails/14.jpg)
+4fd9
Mifare Ultralight
![Page 15: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID](https://reader036.vdocuments.mx/reader036/viewer/2022062605/5fd24882651df76ca6717108/html5/thumbnails/15.jpg)
+4fd9
Mifare Classic
![Page 16: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID](https://reader036.vdocuments.mx/reader036/viewer/2022062605/5fd24882651df76ca6717108/html5/thumbnails/16.jpg)
+4fd9
![Page 17: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID](https://reader036.vdocuments.mx/reader036/viewer/2022062605/5fd24882651df76ca6717108/html5/thumbnails/17.jpg)
+4fd9
● https://github.com/Proxmark/proxmark3/wiki/Kali-Linux
Proxmark III setup
![Page 18: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID](https://reader036.vdocuments.mx/reader036/viewer/2022062605/5fd24882651df76ca6717108/html5/thumbnails/18.jpg)
+4fd9
● reading cards...● attacks…
– + mfkey
Proxmark III magic
![Page 19: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID](https://reader036.vdocuments.mx/reader036/viewer/2022062605/5fd24882651df76ca6717108/html5/thumbnails/19.jpg)
+4fd9
Proxmark III snooping