rfidiots rfid hacking without a soldering iron or a
play

RFIDIOts!!! RFID Hacking without a Soldering Iron (... or a Patent - PowerPoint PPT Presentation

Oct 21, 2022 •445 likes •849 views

RFIDIOts!!! RFID Hacking without a Soldering Iron (... or a Patent Attorney :) Adam Laurie adam@algroup.co.uk http://www.apache-ssl.org http://trifinite.org http://rfidiot.org BlackHat Europe 2007 Amsterdam, The Netherlands What is RFID?

  1. RFIDIOts!!! RFID Hacking without a Soldering Iron (... or a Patent Attorney :) Adam Laurie adam@algroup.co.uk http://www.apache-ssl.org http://trifinite.org http://rfidiot.org BlackHat Europe 2007 Amsterdam, The Netherlands

  2. What is RFID? ● Contacless Auto-ID technology – Radio Frequency or Magnetically Coupled chip ● Chip is passive ● Energy from reader activates the chip

  3. What is it for? ● Simple ID only – Door Entry Systems ● e.g. HID ● Smartcards – Payment Cards ● e.g. Oyster – Biometrics ● e.g. Passports

  4. RFID – Moo am I? ● Animal ID ● Hotel Keys ● Car Immobilisers ● Ski Passes ● Goods Labels ● Luggage Handling ● Vending ● Human Implants

  5. Selling the idea of Human Implants

  6. Human Implants ● Military – Access Control ● Mental Patients – Tracking ● Beach Bars – Digital Wallets

  7. Unique ID!!! ● Cannot be cloned ● Cannot be cloned ● Cannot be cloned ● Cannot be cloned ● Cannot be cloned ● Cannot be cloned ● Cannot be cloned

  8. Unique ID? ● DIY Cloning Units – http://cq.cx/vchdiy.pl Spot the original?

  9. Unique ID? ● DIY Cloning Units – http://cq.cx/vchdiy.pl ● Industry Defence: Spot the original?

  10. Unique ID? ● DIY Cloning Units – http://cq.cx/vchdiy.pl ● Industry Defence: Spot the original? “Clones do not have the same form factor and are therefore not true clones”

  11. Unique ID? ● Readers cannot 'see' so form factor irrelevant

  12. Unique ID? ● Readers cannot 'see' so form factor = irrelevant

  13. Cloning Devices

  14. Cloning Devices

  15. Cloning Devices

  16. Cloning Devices

  17. Cloning Devices

  18. Cloning Devices

  19. Cloning Devices

  20. Cloning Devices

  21. The Challenge ● Create a 'true' clone – Same ID – Same Form Factor

  22. Understanding the ID ● Industry standard example – Animal Tagging – ISO-11784/5 FDX-B ● Application flag (Animal/Non-Animal) ● 3 Digit Country or Manufacturer code ● National ID

  23. Sending the ID ● Reader and TAG will communicate with – Specific frequency ● 125/134.2 kHz ● (13.56 MHz) – Specific data bitrate ● RF/2 - RF/128 – Specific encoding (modulation) scheme ● FSK, Manchester, BiPhase, PSK, NRZ – Specific bit patterns ● Header / Data / CRC

  24. Decoding the ID ● 8 Byte raw ID from 'dumb' reader Byte 7 Byte 6 Byte 5 Byte 4 Byte 3 Byte 2 Byte 1 Byte 0 National ID Country Application Code – Reverse MSB/LSB – Reverse each Nibble – Right shift (x2) – Convert to Decimal

  25. Decoding the ID ● 8 Byte raw ID 70 91 53 12 EA 6F 00 01 – Reverse MSB/LSB 10 00 F6 AE 21 35 19 07 – Reverse each Nibble 80 00 F6 57 48 CA 89 0E

  26. Decoding the ID ● 8 Byte raw ID 80 00 F6 57 48 CA 89 0E Application ID Country National ID 8000 F65 748CA890E – Country F65 rightshifted: 3D9 == '985' decimal ● icar.org: 'Destron Fearing / Digital Angel Corporation' – National ID 748CA890E == '31286003982'

  27. Encoding the ID ● Reverse the decoding process 64 Bit ID ● Add Header / CRC to raw binary ID B B B B B B B B Header ID ID ID ID ID ID ID ID CRC – Fixed bits embedded in ID prevent header being duplicated in datastream ● Now we have 128 bits of raw bit-level ID – How do we deliver it?

  28. Multi-Format Transponders ● Why make 10 transponder types when you can make 1? – Lower manufacturing costs – Lower stocking/distribution costs – Convenience

  29. Multi-Format Transponders ● Independently configurable parameters – Q5 ● Configuration for Bit Rate, Modulation etc. ● 224 Bits user programmable memory ● Dump <n> data blocks on wakeup ● Multiple 'personalities' – Hitag2 ● Configuration for 'Public Modes' ● 256 Bit user programmable memory ● Dump <n> data blocks on wakeup as per Mode setting

  30. Sending the ID ● Take a redundant Door Entry tag – Re-Set configuration as appropriate ● Bit Rate ● Modulation ● Inversion ● Number of blocks to dump on 'wakeup' – Program data blocks with raw ID

  31. Demonstration ● Clone Trovan 'Unique' TAG – Access Control System ● Clone ISO 11784 'Animal' TAG (FDX-B) – Cow Implant – VeriChip paperweight

  32. RFID implanted chip threats ● Track individuals ● Target individuals ● Impersonate individuals – Gain access to restricted areas – Provide alibi for accomplice! ● 'Smart' Bombs – Device only goes off if target of sufficient rank is in range.

  33. Encryption is your friend ● RFID Enabled 'Biometric' passports ● 48 Items of Data – Fingerprint – Facial Image – Birth Certificate – Home Address – Phone Numbers – Profession

  34. Keys to your kingdom ● Pseudo random UID – Cannot determine presence of specific passport without logging in ● Strong Authentication – Basic Access Control ● 3DES ● Content Encryption – Extended Access Control

  35. Deriving the Keys ● MRZ – Machine Readable Zone ● Key – Document Number – Date of Birth – Expiry Date

  36. ePassport Demonstration

  37. ePassport threats ● Key data may be obtained through other channels ● Passport profiling – Determine country of origin without logging in – Implementation errors: ● Australian passport ID does not start with '08' on select ● Australian passport does not require Basic Auth on 'File Select', only on 'File Read'. ● Target specific passport holders – Bomb that detonates for Australians only...

  38. RFIDIOt ● Open Source Python library ● Hardware independent – ACG – Frosch – OpenPCD coming soon ● Low cost reader/writers now available http://rfidiot.org

  39. ACG reaction to RFIDIOt “Unfortunately your companies activities seem to be counter to ACG's interests so we will not be able to support you any further.” Email - 3 rd January, 2007

  40. Questions? http://rfidiot.org adam@algroup.co.uk

Recommend

RFIDIOts!!! Hacking RFID Without A Soldering Iron (or a Patent Attorney) Adam Laurie

RFIDIOts!!! Hacking RFID Without A Soldering Iron (or a Patent Attorney) Adam Laurie

RFIDIOts!!! Hacking RFID Without A Soldering Iron (or a Patent Attorney) Adam Laurie adam@algroup.co.uk http://rfidiot.org 20 th Annual FIRST Conference Vancouver, BC June 2008 Who Am I? Co-Publisher APACHE-SSL DEFCON 'goon'

739 views • 53 slides
RFIDIOts!!! Hacking RFID Without A Soldering Iron (or a Patent Attorney) Adam Laurie

RFIDIOts!!! Hacking RFID Without A Soldering Iron (or a Patent Attorney) Adam Laurie

RFIDIOts!!! Hacking RFID Without A Soldering Iron (or a Patent Attorney) Adam Laurie adam@algroup.co.uk http://trifinite.org http://rfidiot.org BlackHat Briefings Las Vegas, 2007 Who Am I? The Bunker non-exec Co-Publisher APACHE-SSL

503 views • 48 slides
RFIDIOts!!! Hacking RFID Without A Soldering Iron (or a Patent Attorney) Adam Laurie

RFIDIOts!!! Hacking RFID Without A Soldering Iron (or a Patent Attorney) Adam Laurie

RFIDIOts!!! Hacking RFID Without A Soldering Iron (or a Patent Attorney) Adam Laurie adam@algroup.co.uk http://trifinite.org http://rfidiot.org FIRST TC, 2008 Prague, Czec Republic Who Am I? The Bunker non-exec Co-Publisher

607 views • 50 slides
RFIDIOts!!! Hacking RFID Without A Soldering Iron (or a Patent Attorney) Adam Laurie

RFIDIOts!!! Hacking RFID Without A Soldering Iron (or a Patent Attorney) Adam Laurie

RFIDIOts!!! Hacking RFID Without A Soldering Iron (or a Patent Attorney) Adam Laurie adam@algroup.co.uk http://trifinite.org http://rfidiot.org Black Hat DC Briefings, 2008 Washington DC, USA Who Am I? The Bunker non-exec

502 views • 49 slides
RFID Hacking Live Free or RFID Hard 01 Aug 2013 Black Hat USA 2013 Las Vegas, NV Presen

RFID Hacking Live Free or RFID Hard 01 Aug 2013 Black Hat USA 2013 Las Vegas, NV Presen

RFID Hacking Live Free or RFID Hard 01 Aug 2013 Black Hat USA 2013 Las Vegas, NV Presen sented ed b by: Francis Brown Bishop Fox www.bishopfox.com Agenda O V E R V I E W Qu Quic ick k Over erview ew RFID badge

883 views • 50 slides
RFID Hacking Live Free or RFID Hard 24 Mar 2015 InfoSec World 2015 Orlando, FL Presen

RFID Hacking Live Free or RFID Hard 24 Mar 2015 InfoSec World 2015 Orlando, FL Presen

RFID Hacking Live Free or RFID Hard 24 Mar 2015 InfoSec World 2015 Orlando, FL Presen sented ed b by: Francis Brown &amp; Rob Ragan Bishop Fox www.bishopfox.com Agenda O V E R V I E W Qu Quic ick k Over erview ew

853 views • 57 slides
Soldering Everything you always wanted to know about soldering but were afraid to ask. By:

Soldering Everything you always wanted to know about soldering but were afraid to ask. By:

Soldering Everything you always wanted to know about soldering but were afraid to ask. By: David M. Thibodeau Topics Copper Solder Fluxes Irons How to solder 1 Definition A joining process wherein coalescence is

294 views • 10 slides
NL(C)V Series SMD Inductor for Power/Signal Line FEATURES Highly reliable and adaptable to

NL(C)V Series SMD Inductor for Power/Signal Line FEATURES Highly reliable and adaptable to

NL(C)V Series SMD Inductor for Power/Signal Line FEATURES Highly reliable and adaptable to reflow soldering, soldering iron or wave soldering. Strong structure and highly accurate dimensions. Highly resistant to mechanical and

361 views • 6 slides
Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight

Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight

March 2, 2014 Monte Jade's RFID Seminar Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight RFID 4. Current Airport RFID Deployments 5. Atlanta International Airport Activity with IATA RFID

912 views • 35 slides
FLEXIBLE ROBOT SOLDERING Locations Locations Ireland Czech Slovakia Hungary Ukraine

FLEXIBLE ROBOT SOLDERING Locations Locations Ireland Czech Slovakia Hungary Ukraine

FLEXIBLE ROBOT SOLDERING Locations Locations Ireland Czech Slovakia Hungary Ukraine Romania Mexico INTELLIGENT SOLUTIONS COMPANY IN-LINE ROBOT SOLDERING Although various soldering techniques have been invented and applied in

447 views • 11 slides
ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical? Legality VS Ethics State Sanctioned hacking BLACK HAT - Stereotypical Hacker -Stealing data for personal gain -Obviously not ethical -Using

1.17k views • 10 slides
IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing

IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing

IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing Tag Oslo, 28 November 2007 IntelliSense RFID Workshop IntelliSense RFID RESEARCH PROJECT FOR TECHNOLOGY DEVELOPMENT WITHIN THE FIELDS OF RFID

788 views • 13 slides
The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio

The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio

The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio Frequency Identification Modern RFID Applications VeriChips Subdermal RFID VeriChips Subdermal RFID VeriChips Subdermal RFID VeriChips

628 views • 29 slides
Hacking the Internet of Things Andrei Costin andrei@firmware.re @costinandrei What I do?

Hacking the Internet of Things Andrei Costin andrei@firmware.re @costinandrei What I do?

Hacking the Internet of Things Andrei Costin andrei@firmware.re @costinandrei What I do? Embedded Security Research 2009 RFID MiFare Classic (MFCUK) Click to edit Master text styles https://github.com/nfc-tools/mfcuk Second

1.12k views • 71 slides
RFID attacks and proxmark hands-on @ KirilsSolovjovs +4fd9 About me Programming sysad

RFID attacks and proxmark hands-on @ KirilsSolovjovs +4fd9 About me Programming sysad

RFID attacks and proxmark hands-on @ KirilsSolovjovs +4fd9 About me Programming sysad networking IT security for the past 10+ y Owner and Lead Researcher at Possible Security Hacking and breaking things

946 views • 19 slides
TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &amp;

TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &amp;

TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &amp; Blaine McDonnell Using RFID for Model Railroad Operations What is RFID? How does RFID Work? RFID Frequencies and Type of Tags

853 views • 25 slides
DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA

DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA

DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA Structure RFID Technology Applications in SPS-ALPHA architecture Part Identification Location Referencing 2 Why Space Solar No

241 views • 22 slides
Selecting Fluxes for Lead-Free Wave Soldering Chrys Shea Sanju Arora Steve Brown Cookson

Selecting Fluxes for Lead-Free Wave Soldering Chrys Shea Sanju Arora Steve Brown Cookson

Selecting Fluxes for Lead-Free Wave Soldering Chrys Shea Sanju Arora Steve Brown Cookson Electronics Lead-Free Transition Experience Assemblers have been doing lead-free wave soldering for several years Majority of soldering has

919 views • 46 slides
THE SOUTH AFRICAN IRON ANd STEEl vAlUE CHAIN KUMBA IRON ORE March 2011 BACKGROUNd TO KUMBA

THE SOUTH AFRICAN IRON ANd STEEl vAlUE CHAIN KUMBA IRON ORE March 2011 BACKGROUNd TO KUMBA

THE SOUTH AFRICAN IRON ANd STEEl vAlUE CHAIN KUMBA IRON ORE March 2011 BACKGROUNd TO KUMBA IRON ORE Kumba Iron Ore Ltd is the fifth largest supplier of seaborne iron ore in the world. Operating through its 74%-held subsidiary Sishen Iron Ore

463 views • 22 slides
RFID from Farm to Fork Piero Filippin p.filippin@wlv.ac.uk RFID from Farm to Fork Funded by

RFID from Farm to Fork Piero Filippin p.filippin@wlv.ac.uk RFID from Farm to Fork Funded by

RFID - From Farm to Fork Strengthening SME competitive advantage through RFID implementation RFID from Farm to Fork Piero Filippin p.filippin@wlv.ac.uk RFID from Farm to Fork Funded by the EU as part of the Competitiveness and Innovation

356 views • 9 slides
What is iron for ? Fe 2+ Ferrous iron 2 What is iron for ? Fe 2+ Ferrous iron Heme 2 What is

What is iron for ? Fe 2+ Ferrous iron 2 What is iron for ? Fe 2+ Ferrous iron Heme 2 What is

2 What is iron for ? Fe 2+ Ferrous iron 2 What is iron for ? Fe 2+ Ferrous iron Heme 2 What is iron for ? Fe 2+ Ferrous iron Heme Oxygen carrier 2 What is iron for ? Fe 2+ Ferrous iron Heme Oxygen carrier Cellular energy production

1.31k views • 92 slides
POT SERIES POT SERIES SOLDERING USING SOLDER POTS Solder is placed into the solder bath and

POT SERIES POT SERIES SOLDERING USING SOLDER POTS Solder is placed into the solder bath and

POT SERIES POT SERIES SOLDERING USING SOLDER POTS Solder is placed into the solder bath and melted. Simply dipping the required component into the melted solder in the bath provides an efficient soldering process. Select your solder pot

453 views • 7 slides
Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking

Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking

Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking AI-Corp Hacking RL 1. Information gathering 2. Scanning 3. Exploitation &amp; privilege escalation 4. Maintaining access &amp; covering tracks

960 views • 62 slides
RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia

RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia

RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia for IPTS IFIP/FIDIS Summerschool Karlstad - 2007 Overview RFID Technologies RFID Markets RFID Privacy issues Conclusions 2

734 views • 19 slides

More recommend