Upload
others
View
12
Download
0
Embed Size (px)
Citation preview
+4fd9
RFID attacksand
proxmark hands-on
@KirilsSolovjovs
+4fd9
● Programming → sysad → networking
● IT security for the past 10+ y● Owner and Lead
Researcher at Possible Security
● Hacking and breaking things– http://kirils.org/
– http://possiblesecurity.com/news/
About me
+4fd9
● RFID basics● RFID standarts● Hacking tools● Proxmark
+ Lots of demos
Contents
+4fd9
● NFC is a subset of RFID– 13.56MHz– ISO/IEC 14443– NFC device can be both a reader and a tag
Let’s get this out of the way:RFID vs NFC?
+4fd9
● Microchip● Antenna● No power source
RFID tag
+4fd9
● Radio Frequency Identification
RFID
+4fd9
● LF● 125 kHz● 134.2 kHz● ...
Typical RFID frequencies● HF● 13.56 MHz● ...
+4fd9
● ISO/IEC 14443A– Mifare
● ISO/IEC 14443B● ISO/IEC 15693
RFID standards● em4xxx● HID Global
– iClass
– Hitag2
– Indala
● TI
+4fd9
● RFID readers● RFID duplication “gun”● Frequency scanner● BLEkey● hackRF… ?● Proxmark III !
Tools
+4fd9
Proxmark III
+4fd9
Proxmark III RDV 2 / 4
+4fd9
● Problematic for UID-based protocols
● BLEKey– Bluetooth connected UID
sniffer / storage
Wiegand interface
+4fd9
● Duplicating contents of one card into another
● Often involves breaking some cryptography or defeating some other protection
Card cloning
+4fd9
Mifare Ultralight
+4fd9
Mifare Classic
+4fd9
+4fd9
● https://github.com/Proxmark/proxmark3/wiki/Kali-Linux
Proxmark III setup
+4fd9
● reading cards...● attacks…
– + mfkey
Proxmark III magic
+4fd9
Proxmark III snooping