Hack for Fun with RFID
Kevin2600
Agenda
● RFID overview && Security
● RFID Research devices (PM3; ACR112..)
● Real world scenarios analyze (LF,HF,NFC)
● Conclusion && Tips of how to protect our privacy
RFID is everywhere
RFID Overview
● Tag types: Various sizes and shapes e.g. Keyring; Credit-Card● Tag types: Active (Battery) and Passive (No internal Power Source)
RFID Security
● HID Proxcard2 found mostly on Access control system. Come with no authentication, encryption, or any other real security mechanism. Just plain-text.
● The most popular RFID Card types (Mifare Ultralight; Mifare Classic; DESFire). Use ISO 14443A & operating on 13.56mhz. In the year 2007, Researchers found weakness of Mifare classic protocol. And managed to crack the Crypto1.
● NFC Credit cards support EMV-style contact-less payment. EMV stands for EuroPay, Master-card, Visa, which is a global standard for bank smart cards.
● The core of the EMV protocol is based on the transmission of Application Protocol Data Units (APDUs). Most of the APDUs sent between the two devices, are transmitted in plain-text. Cryptographic security is only employed in the authorization phases of a transaction.
RFID toolkit: Swiss knife Proxmark3
The Proxmark III is the most powerful open source device available for performing RFID research.
Can be use for reading; Sniff and emulate High and low frequency tags, almost behind every RFID research projects.
Live demo (PM3 Sniffing)
RFID toolkit: ACR112
● Touchatag Reader (PN532 Chipset)● RFIDiot: python library for reading/writing/ RFID cards ● LIBNFC libnfc is a library for communicating with ISO14443
RFID tags. libnfc works with NXP PN53x series chipsets
Live demo (Crack Mifare1)
RAW DATA Analysis
Video demo (College ID)
(http://youtu.be/E-nk4Jrm-gA)
Video demo (Payment)
(http://youtu.be/5WvdebLIKL0)
Live demo (CIBC Credit card)
Conclusion
● HID Proxcard2 card – Not secure at all !!!
● NFC Credit cards – Be Paranoid when using them !!!
● MIFARE Classic – Use for public payment is a very bad idea !!!
Hack for Fun with RFID
● www.libnfc.org
● www.proxmark.org
● chaos-lab.blogspot.ca
● Any Ideas; Projects; Job offers are welcome :)