RFID hacking

Thread: RFID hacking

  1. unclex's Avatar

    unclex said:

    Tech RFID hacking

    Well it is that time again.

    Over the last two years or so RFID has become more popular and yes there are various thing you can do with RFID.

    We need to all start searching for fun things to look at in relation to RFID hacking....

    I would like to start it off - and I am going to make this a sticky for a while.

    h**p://rfidiot.org/
    Have Fun.





    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:
     
  2. WTD's Avatar

    WTD said:

    Default Re: RFID hacking

    thanks, was thinking about the implication of carrying rfid enabled devices (like mobilephones here and virtual cash cards) and the scope for abuse!!
     
  3. unclex's Avatar

    unclex said:

    Default Re: RFID hacking

    Well we need to look at it all as it affects us all if you know what I mean
    Have Fun.





    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:
     
  4. marcode's Avatar

    marcode said:

    Default Re: RFID hacking

    a m8 of mine is doing an dissertation on rfid.. do you have any other useful links for me to pass on unclex?
     
  5. Undertaker's Avatar

    Undertaker said:

    Default Re: RFID hacking

    It's the next big thing that gonna be open to so much abuse, interesting times ahead, if i find any interesting link or journal ( i do remember reading one) I shall pass them on
     
  6. unclex's Avatar

    unclex said:

    Default Re: RFID hacking

    The one above is the best one I can find that relates to the UK
    Have Fun.





    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:
     
  7. slartibartfast's Avatar

    slartibartfast said:

    Default Re: RFID hacking

    There's a book in the downloads section on RFID security if it's any help. Link still works surprisingly.

    [Only registered and activated users can see links. ]
     
  8. unclex's Avatar

    unclex said:

    Default Re: RFID hacking

    Thanks for the link
    Have Fun.





    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:
     
  9. unclex's Avatar

    unclex said:

    Default Re: RFID hacking

    Any more good sites on this or places for cheap readers


    We also need to look at a tool called RFDUMP
    Last edited by unclex; 13th March 2007 at 12:21 AM.
    Have Fun.





    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:
     
  10. Over Carl's Avatar

    Over Carl said:

    Default Re: RFID hacking

    Check the [Only registered and activated users can see links. ] site out, it says what readers are compatible.

    I was looking into cloning Phillips Mifare tags, but they have some kind of security code. Anyone know if they can be brute forced?
     
  11. unclex's Avatar

    unclex said:

    Default Re: RFID hacking

    Well it is funny how there is now talk about installing RFID to Credit Cards.

    This is from last year - but there are still proposals to move forward with RFID Credit Cards

    RFID has been riddled with so many problems, it's amazing that anyone even has a shred of confidence in this technology at all. Our latest security problem du jour is that credit card companies are apparently issuing plastic that relays your digits wirelessly; as you might have guessed, security researchers are checking into this, and in a demonstration for The New York Times, easily hacked a University of Massachusetts computer science professor's newfangled RFID credit card. In short order (and with his permission), a researcher working with RSA Labs was able to steal the professor's name and credit card number that was being transmitted in cleartext -- thereby poking massive holes in Visa, MasterCard and American Express' claims that these card include "the highest level of encryption allowed by the U.S. government." Predictably, the credit card companies have already dismissed claims that the populus will be greatly affected by this hack. Brian Triplett, senior vice president for emerging-product development for Visa, told the Gray Lady: "This is an interesting technical exercise, but as a real threat to a consumer - that threat really doesn't exist." Well, Brian, care to put your plastic where your mouth is?

    h**p://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/

    Are the Credit Card Companies MAD

    It is only a matter of time before some breaks this type of system.
    Last edited by unclex; 13th March 2007 at 01:10 AM.
    Have Fun.





    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:
     
  12. unclex's Avatar

    unclex said:

    Default Re: RFID hacking

    Check this out

    [Only registered and activated users can see links. ]
    Have Fun.





    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:
     
  13. Over Carl's Avatar

    Over Carl said:

    Default Re: RFID hacking

    Just a thought. New cars with keyless start - like those new mercs work on rfid chips. So if I was to get rf-dump on a suitable handheld with appropraiate h/w, I could walk up to the owner of a £100k merc and capture his tag's details. Go back to car, and it should start it. Won't be able to do much, as modern immobs work on a rolling code system, so next time the car needs to be started, it won't accept the same code. (However, I suppose if you were to programme a clone of the original tag, the car should write the next expected value to your home made tag).

    Only problem I can see if the value of the code in the tag is a function of the serial no of the tag. I'm not even gonna consider nicking new mercs cos they've all got trackers probably, but I just have a curious mind (and the value being a function of the serial was something I thought about being an obstacle to another little idea I had). Was wondering if anyone had any knowledge of whether these tags would be encypted in such a way, as when I looked into Mifare cards, the only secuirty mentioned was some sort of p/w to access bits of the card - I reckon probably could be brute forced - can't get a conclusive answer there either. Anyone else got any ideas.

    Even ideas not yet in concrete, just wanna hear what others are thinking.
     
  14. unclex's Avatar

    unclex said:

    Default Re: RFID hacking

    x edit
    Last edited by unclex; 21st June 2007 at 12:19 AM.
    Have Fun.





    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:
     
  15. unclex's Avatar

    unclex said:

    Default Re: RFID hacking

    h**p://www.theregister.co.uk/2006/08/04/cloning_epassports/
    Have Fun.





    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:
     
  16. unclex's Avatar

    unclex said:

    Default Re: RFID hacking

    Well I now have a CCcard with this installed and used the wave option the other day without a pin

    I can see skimming happening in the high street.

    Walk down the road and some BaS$%£"£D nicks your details.

    It is bound to happen.
    Have Fun.





    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:
     
  17. DJ Overdose's Avatar

    DJ Overdose said:

    Default Re: RFID hacking

    Yeah I have one on my barclays card, and was thinking that if you were to bump into someone, or if someone taps your arse with a "paper" there go your details.

    Probably put readers under bar stools etc, toilets and all sorts. Doubt it would take much to amplify the receiver signal to increase range.

    If you think about it, I know that contactless payments are only valid for up to £20 or something, but if someone goes around bumping into people in the city, taking £20 off them all the time, it won't take long to earn a shit load of cash in a day...

    Considdering Oyster cards were hacked as well, I think that someone needs to come up with a better idea for electronic payments. Didn't they say as well that they were after putting this tech in mobile phones...


    DJ OD
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]
     
  18. Zippeyrude's Avatar

    Zippeyrude said:

    Default Re: RFID hacking

    NFC (near field communications) in mobiles

    [Only registered and activated users can see links. ]
     
  19. WotTheFook's Avatar

    WotTheFook said:

    Default Re: RFID hacking

    I don't know if it helps you at all, but there is software out there called Bartender that can generate RFIDs. It might give some insight as to how it works.