Close enough? Prox Cards 101 - DerbyCon2012

Tags:

Preview:

Click to see full reader

DESCRIPTION

Talk by Stephen Heath (@dilisnya) from the DerbyCon2012 Wireless Village. I make no claims on copyright on the images contained within.

Citation preview

Prox Cards 101

Stephen Heath (@dilisnya) DerbyCon 2012

About me…

Stephen Heath Director of Security Services Intrinium Networks / IT Security Twitter: @dilisnya

• The Basics of Access Control

• Legacy

• 125 kHz Proximity

• Demo Proxmark3

• 13.56 MHz (iClass, MiFARE)

• Attacks elsewhere…

30,000 foot view…

Courtesy of Google maps

Whoa!

Wiegand Cards

Data One

Data Zero

0-255 0-65535

125kHz Proximity Cards

125kHz Proximity Cards

Swiping Proximity Cards…

James Bond © MGM

Location, location, location…

Hiding the antenna…

Choosing a target…

42%

33%

11%

10%

4%

82%

11%

7%

The moral?

Sniff a dude’s ass…

13.56 MHz Smart Cards

Challenge

Response

Encrypted data

Wire attacks

• Gecko • Zac Franken • DefCon 15 (2007)

• Arduino-based Wiegand attacks • Brad Antoniewicz • ShmooCon 2012

• MIFARE Classic 1K

• Crypto-1 broken

• HID iClass “Standard Security Mode”

• Shared crypto key

Still card flaws…

Easy stuff…

Easier stuff …

• Brad Antoniewicz of Foundstone

• “Attacking Proximity Access Card Systems” (ShmooCon 2012)

• ProxBrute

• http://nosedookie.blogspot.com

• OpenPCD.org

• HID iClass Demystified

• Zac Franken

• Physical Access Control Systems: Are you protected by two screws and a plastic cover?

• N00bz and the rest of the wireless village team!

Acknowledgements…

http://nosedookie.blogspot.com/

Stephen Heath (@dilisnya)

Recommended

ProX Catalogue 2014 (part 1)
Documents
Prox humerus fx for leathers
Health & Medicine
Prox–DU & Prox–SU - Gemalto Supportsupport.gemalto.com/fileadmin/user_upload/drivers/Prox-DU_and_Pro… · Prox–DU & Prox–SU DOC119811A Public Use Page 1/129 Prox–DU & Prox–SU
Documents
PWC - ProX Racing Parts
Documents
MOPED - ProX Racing Parts
Documents
When is Enough Enough?• Customer & employee bank account info (ACH), credit cards, &other identity information is stolen (SSNs, address) • Proprietary exploration & financial data
Documents
Wiegand Keypad/ Prox Reader - KEYLESS
Documents
I prox pivot en
Technology
ProX Header Spec Sheet
Documents
DTX-PROX Data List
Documents
Fr Prox Humero Ppt Share)
Documents
Wireless subsystem repeater U-Prox HEu-prox.com.au/files/Docs/Panels/U-Prox HE.en-us.pdf · U-Prox HE repeater operates automatically. After the download from the U-Prox IC L
Documents
ProX Cables Catalog 2015
Documents
SENTINEL-Prox MFaccesscomputech.com/assets/pdf/SENTINEL-PROX-MF.pdf · SENTINEL-Prox MF The latest in the field of Contactless Read only and Contacless Smart Card, MIFARE® based
Documents
ProX Complete Catalog 2015
Documents
PROX - Catalogo Wear 2010 Japon
Documents
Brake Discs - ProX
Documents
PWC - ProX
Documents
Prox–DU & Prox–SU - Gemalto Support - Homesupport.gemalto.com/fileadmin/user_upload/drivers/Prox...Extended APDU supported by the contactless CCID interface HID report descriptor
Documents
ProX Cases Catalog 2015
Documents