SlideShare a Scribd company logo

Meetup -- RFID

K
Kevin2600

Meetup -- RFID for http://www.meetup.com/IOToronto

Technology
1 of 15
Download to read offline
Hack for Fun with RFID Kevin2600
Agenda ● RFID overview && Security ● RFID Research devices (PM3; ACR112..) ● Real world scenarios analyze (LF,HF,NFC) ● Conclusion && Tips of how to protect our privacy
RFID is everywhere
RFID Overview ● Tag types: Various sizes and shapes e.g. Keyring; Credit-Card ● Tag types: Active (Battery) and Passive (No internal Power Source)
RFID Security ● HID Proxcard2 found mostly on Access control system. Come with no authentication, encryption, or any other real security mechanism. Just plain-text. ● The most popular RFID Card types (Mifare Ultralight; Mifare Classic; DESFire). Use ISO 14443A & operating on 13.56mhz. In the year 2007, Researchers found weakness of Mifare classic protocol. And managed to crack the Crypto1. ● NFC Credit cards support EMV-style contact-less payment. EMV stands for EuroPay, Master-card, Visa, which is a global standard for bank smart cards. ● The core of the EMV protocol is based on the transmission of Application Protocol Data Units (APDUs). Most of the APDUs sent between the two devices, are transmitted in plain-text. Cryptographic security is only employed in the authorization phases of a transaction.
RFID toolkit: Swiss knife Proxmark3 The Proxmark III is the most powerful open source device available for performing RFID research. Can be use for reading; Sniff and emulate High and low frequency tags, almost behind every RFID research projects.
Live demo (PM3 Sniffing)
RFID toolkit: ACR112 ● Touchatag Reader (PN532 Chipset) ● RFIDiot: python library for reading/writing/ RFID cards ● LIBNFC libnfc is a library for communicating with ISO14443 RFID tags. libnfc works with NXP PN53x series chipsets
Live demo (Crack Mifare1)
RAW DATA Analysis
Video demo (College ID) (http://youtu.be/E-nk4Jrm-gA)
Video demo (Payment) (http://youtu.be/5WvdebLIKL0)
Live demo (CIBC Credit card)
Conclusion ● HID Proxcard2 card – Not secure at all !!! ● NFC Credit cards – Be Paranoid when using them !!! ● MIFARE Classic – Use for public payment is a very bad idea !!!
Hack for Fun with RFID ● www.libnfc.org ● www.proxmark.org ● chaos-lab.blogspot.ca ● Kevin2600@gmail.com ● Any Ideas; Projects; Job offers are welcome :)

Recommended

Hacking TESLA Model3 - NFC Relay Revisited
Hacking TESLA Model3 - NFC Relay Revisited Hacking TESLA Model3 - NFC Relay Revisited
Hacking TESLA Model3 - NFC Relay Revisited Kevin2600
 
Grand theft-auto-digital-key-hacking
Grand theft-auto-digital-key-hackingGrand theft-auto-digital-key-hacking
Grand theft-auto-digital-key-hackingKevin2600
 
Extracting the Painful (Blue)Tooth - Presentation
Extracting the Painful (Blue)Tooth - PresentationExtracting the Painful (Blue)Tooth - Presentation
Extracting the Painful (Blue)Tooth - PresentationOpposing Force S.r.l.
 
NFC: Naked Fried Chicken (PHDays VI)
NFC: Naked Fried Chicken (PHDays VI)NFC: Naked Fried Chicken (PHDays VI)
NFC: Naked Fried Chicken (PHDays VI)Opposing Force S.r.l.
 
Mifare cards
Mifare cardsMifare cards
Mifare cardsGlen Cifuentes Toro
 
ACR122L VisualVantage Serial NFC Reader with LCD
ACR122L VisualVantage Serial NFC Reader with LCDACR122L VisualVantage Serial NFC Reader with LCD
ACR122L VisualVantage Serial NFC Reader with LCDAdvanced Card Systems Ltd.
 
ACR128 product presentation by Advanced Card Systems Ltd.
ACR128 product presentation by Advanced Card Systems Ltd.ACR128 product presentation by Advanced Card Systems Ltd.
ACR128 product presentation by Advanced Card Systems Ltd.Advanced Card Systems Ltd.
 
RFID Protocols and Privacy Models for RFID
RFID Protocols and Privacy Models for RFIDRFID Protocols and Privacy Models for RFID
RFID Protocols and Privacy Models for RFIDFaisal Razzak
 

Recommended

Hacking TESLA Model3 - NFC Relay Revisited
Hacking TESLA Model3 - NFC Relay Revisited Hacking TESLA Model3 - NFC Relay Revisited
Hacking TESLA Model3 - NFC Relay Revisited Kevin2600
 
Grand theft-auto-digital-key-hacking
Grand theft-auto-digital-key-hackingGrand theft-auto-digital-key-hacking
Grand theft-auto-digital-key-hackingKevin2600
 
Extracting the Painful (Blue)Tooth - Presentation
Extracting the Painful (Blue)Tooth - PresentationExtracting the Painful (Blue)Tooth - Presentation
Extracting the Painful (Blue)Tooth - PresentationOpposing Force S.r.l.
 
NFC: Naked Fried Chicken (PHDays VI)
NFC: Naked Fried Chicken (PHDays VI)NFC: Naked Fried Chicken (PHDays VI)
NFC: Naked Fried Chicken (PHDays VI)Opposing Force S.r.l.
 
Mifare cards
Mifare cardsMifare cards
Mifare cardsGlen Cifuentes Toro
 
ACR122L VisualVantage Serial NFC Reader with LCD
ACR122L VisualVantage Serial NFC Reader with LCDACR122L VisualVantage Serial NFC Reader with LCD
ACR122L VisualVantage Serial NFC Reader with LCDAdvanced Card Systems Ltd.
 
ACR128 product presentation by Advanced Card Systems Ltd.
ACR128 product presentation by Advanced Card Systems Ltd.ACR128 product presentation by Advanced Card Systems Ltd.
ACR128 product presentation by Advanced Card Systems Ltd.Advanced Card Systems Ltd.
 
RFID Protocols and Privacy Models for RFID
RFID Protocols and Privacy Models for RFIDRFID Protocols and Privacy Models for RFID
RFID Protocols and Privacy Models for RFIDFaisal Razzak
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Securityamiable_indian
 
Nullcon 2011 RFID - NÂO ENVIADO AO EVENTO
Nullcon 2011 RFID - NÂO ENVIADO AO EVENTONullcon 2011 RFID - NÂO ENVIADO AO EVENTO
Nullcon 2011 RFID - NÂO ENVIADO AO EVENTOMauro Risonho de Paula Assumpcao
 
Winmate trusted mobile security solution
Winmate trusted mobile security solutionWinmate trusted mobile security solution
Winmate trusted mobile security solutionAllan (Yun-Chin) Lin
 
Electronic Access Control Security
Electronic Access Control SecurityElectronic Access Control Security
Electronic Access Control SecurityOpposing Force S.r.l.
 
Which new scenarios are enabled by Windows 10 for NFC, Bluetooth LE & Beacons?
Which new scenarios are enabled by Windows 10 for NFC, Bluetooth LE & Beacons?Which new scenarios are enabled by Windows 10 for NFC, Bluetooth LE & Beacons?
Which new scenarios are enabled by Windows 10 for NFC, Bluetooth LE & Beacons?Andreas Jakl
 
Arduino Interface with MySQL for Storing RFID Access Details
Arduino Interface with MySQL for Storing RFID Access DetailsArduino Interface with MySQL for Storing RFID Access Details
Arduino Interface with MySQL for Storing RFID Access DetailsSanjay Kumar
 
Electronic Access Control Security / Безопасность электронных систем контроля...
Electronic Access Control Security / Безопасность электронных систем контроля...Electronic Access Control Security / Безопасность электронных систем контроля...
Electronic Access Control Security / Безопасность электронных систем контроля...Positive Hack Days
 
ZKTeco iClock580 Bangladesh
ZKTeco iClock580 BangladeshZKTeco iClock580 Bangladesh
ZKTeco iClock580 BangladeshTrimatrik Multimedia
 
Novel construction of Secure RFID Authentication Protocol
Novel construction of Secure RFID Authentication ProtocolNovel construction of Secure RFID Authentication Protocol
Novel construction of Secure RFID Authentication ProtocolCSCJournals
 
Mifare classic-slides
Mifare classic-slidesMifare classic-slides
Mifare classic-slidesOWASP (Open Web Application Security Project)
 
Contactless (Proximity) Smartcards
Contactless (Proximity) SmartcardsContactless (Proximity) Smartcards
Contactless (Proximity) SmartcardsAnshuman Sinha
 
Rfid Roadii For Wal Mart Provider C
Rfid Roadii For Wal Mart Provider CRfid Roadii For Wal Mart Provider C
Rfid Roadii For Wal Mart Provider CJacky Fu
 
Smart Phone in 2013
Smart Phone in 2013Smart Phone in 2013
Smart Phone in 2013JJ Wu
 
Attendance system using MYSQL with Raspberry pi and RFID-RC522
Attendance system using MYSQL with Raspberry pi and RFID-RC522Attendance system using MYSQL with Raspberry pi and RFID-RC522
Attendance system using MYSQL with Raspberry pi and RFID-RC522Sanjay Kumar
 
Access Control System in Bangladesh-OptimationBD
Access Control System in Bangladesh-OptimationBDAccess Control System in Bangladesh-OptimationBD
Access Control System in Bangladesh-OptimationBDCCTV Camera Bangladesh
 
Access Control Device-CCTV Camera in Bangladesh
Access Control Device-CCTV Camera in BangladeshAccess Control Device-CCTV Camera in Bangladesh
Access Control Device-CCTV Camera in BangladeshOptimationBD
 
Access Control Device in Bangladesh-CCTV Bangladesh
Access Control Device in Bangladesh-CCTV BangladeshAccess Control Device in Bangladesh-CCTV Bangladesh
Access Control Device in Bangladesh-CCTV Bangladeshsmnoornabisohag
 
NFC Security Guard Systems
NFC Security Guard SystemsNFC Security Guard Systems
NFC Security Guard SystemsMobile Monday Malta
 
Car Security System #CSALS
Car Security System #CSALSCar Security System #CSALS
Car Security System #CSALSAlex Vishwa
 
NFC Basic Concepts
NFC Basic ConceptsNFC Basic Concepts
NFC Basic ConceptsAde Okuboyejo
 
SmartTool introduction
SmartTool introductionSmartTool introduction
SmartTool introductionDario Pennisi
 
MagPi43
MagPi43MagPi43
MagPi43Wesley Archer - Enterprise Mobility Specialist
 

More Related Content

What's hot

Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Securityamiable_indian
 
Winmate trusted mobile security solution
Winmate trusted mobile security solutionWinmate trusted mobile security solution
Winmate trusted mobile security solutionAllan (Yun-Chin) Lin
 
Which new scenarios are enabled by Windows 10 for NFC, Bluetooth LE & Beacons?
Which new scenarios are enabled by Windows 10 for NFC, Bluetooth LE & Beacons?Which new scenarios are enabled by Windows 10 for NFC, Bluetooth LE & Beacons?
Which new scenarios are enabled by Windows 10 for NFC, Bluetooth LE & Beacons?Andreas Jakl
 
Arduino Interface with MySQL for Storing RFID Access Details
Arduino Interface with MySQL for Storing RFID Access DetailsArduino Interface with MySQL for Storing RFID Access Details
Arduino Interface with MySQL for Storing RFID Access DetailsSanjay Kumar
 
Electronic Access Control Security / Безопасность электронных систем контроля...
Electronic Access Control Security / Безопасность электронных систем контроля...Electronic Access Control Security / Безопасность электронных систем контроля...
Electronic Access Control Security / Безопасность электронных систем контроля...Positive Hack Days
 
Novel construction of Secure RFID Authentication Protocol
Novel construction of Secure RFID Authentication ProtocolNovel construction of Secure RFID Authentication Protocol
Novel construction of Secure RFID Authentication ProtocolCSCJournals
 
Contactless (Proximity) Smartcards
Contactless (Proximity) SmartcardsContactless (Proximity) Smartcards
Contactless (Proximity) SmartcardsAnshuman Sinha
 
Rfid Roadii For Wal Mart Provider C
Rfid Roadii For Wal Mart Provider CRfid Roadii For Wal Mart Provider C
Rfid Roadii For Wal Mart Provider CJacky Fu
 
Smart Phone in 2013
Smart Phone in 2013Smart Phone in 2013
Smart Phone in 2013JJ Wu
 
Attendance system using MYSQL with Raspberry pi and RFID-RC522
Attendance system using MYSQL with Raspberry pi and RFID-RC522Attendance system using MYSQL with Raspberry pi and RFID-RC522
Attendance system using MYSQL with Raspberry pi and RFID-RC522Sanjay Kumar
 
Access Control System in Bangladesh-OptimationBD
Access Control System in Bangladesh-OptimationBDAccess Control System in Bangladesh-OptimationBD
Access Control System in Bangladesh-OptimationBDCCTV Camera Bangladesh
 
Access Control Device-CCTV Camera in Bangladesh
Access Control Device-CCTV Camera in BangladeshAccess Control Device-CCTV Camera in Bangladesh
Access Control Device-CCTV Camera in BangladeshOptimationBD
 
Access Control Device in Bangladesh-CCTV Bangladesh
Access Control Device in Bangladesh-CCTV BangladeshAccess Control Device in Bangladesh-CCTV Bangladesh
Access Control Device in Bangladesh-CCTV Bangladeshsmnoornabisohag
 
Car Security System #CSALS
Car Security System #CSALSCar Security System #CSALS
Car Security System #CSALSAlex Vishwa
 

What's hot (20)

Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Nullcon 2011 RFID - NÂO ENVIADO AO EVENTO
Nullcon 2011 RFID - NÂO ENVIADO AO EVENTONullcon 2011 RFID - NÂO ENVIADO AO EVENTO
Nullcon 2011 RFID - NÂO ENVIADO AO EVENTO
 
Winmate trusted mobile security solution
Winmate trusted mobile security solutionWinmate trusted mobile security solution
Winmate trusted mobile security solution
 
Electronic Access Control Security
Electronic Access Control SecurityElectronic Access Control Security
Electronic Access Control Security
 
Which new scenarios are enabled by Windows 10 for NFC, Bluetooth LE & Beacons?
Which new scenarios are enabled by Windows 10 for NFC, Bluetooth LE & Beacons?Which new scenarios are enabled by Windows 10 for NFC, Bluetooth LE & Beacons?
Which new scenarios are enabled by Windows 10 for NFC, Bluetooth LE & Beacons?
 
Arduino Interface with MySQL for Storing RFID Access Details
Arduino Interface with MySQL for Storing RFID Access DetailsArduino Interface with MySQL for Storing RFID Access Details
Arduino Interface with MySQL for Storing RFID Access Details
 
Electronic Access Control Security / Безопасность электронных систем контроля...
Electronic Access Control Security / Безопасность электронных систем контроля...Electronic Access Control Security / Безопасность электронных систем контроля...
Electronic Access Control Security / Безопасность электронных систем контроля...
 
ZKTeco iClock580 Bangladesh
ZKTeco iClock580 BangladeshZKTeco iClock580 Bangladesh
ZKTeco iClock580 Bangladesh
 
Novel construction of Secure RFID Authentication Protocol
Novel construction of Secure RFID Authentication ProtocolNovel construction of Secure RFID Authentication Protocol
Novel construction of Secure RFID Authentication Protocol
 
Mifare classic-slides
Mifare classic-slidesMifare classic-slides
Mifare classic-slides
 
Contactless (Proximity) Smartcards
Contactless (Proximity) SmartcardsContactless (Proximity) Smartcards
Contactless (Proximity) Smartcards
 
Rfid Roadii For Wal Mart Provider C
Rfid Roadii For Wal Mart Provider CRfid Roadii For Wal Mart Provider C
Rfid Roadii For Wal Mart Provider C
 
Smart Phone in 2013
Smart Phone in 2013Smart Phone in 2013
Smart Phone in 2013
 
Attendance system using MYSQL with Raspberry pi and RFID-RC522
Attendance system using MYSQL with Raspberry pi and RFID-RC522Attendance system using MYSQL with Raspberry pi and RFID-RC522
Attendance system using MYSQL with Raspberry pi and RFID-RC522
 
Access Control System in Bangladesh-OptimationBD
Access Control System in Bangladesh-OptimationBDAccess Control System in Bangladesh-OptimationBD
Access Control System in Bangladesh-OptimationBD
 
Access Control Device-CCTV Camera in Bangladesh
Access Control Device-CCTV Camera in BangladeshAccess Control Device-CCTV Camera in Bangladesh
Access Control Device-CCTV Camera in Bangladesh
 
Access Control Device in Bangladesh-CCTV Bangladesh
Access Control Device in Bangladesh-CCTV BangladeshAccess Control Device in Bangladesh-CCTV Bangladesh
Access Control Device in Bangladesh-CCTV Bangladesh
 
NFC Security Guard Systems
NFC Security Guard SystemsNFC Security Guard Systems
NFC Security Guard Systems
 
Car Security System #CSALS
Car Security System #CSALSCar Security System #CSALS
Car Security System #CSALS
 
NFC Basic Concepts
NFC Basic ConceptsNFC Basic Concepts
NFC Basic Concepts
 

Viewers also liked

SmartTool introduction
SmartTool introductionSmartTool introduction
SmartTool introductionDario Pennisi
 
Abdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etcAbdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etcDefconRussia
 
Arduino Home Automation Hacks
Arduino Home Automation HacksArduino Home Automation Hacks
Arduino Home Automation HacksNicholas O'Leary
 
Home Automation by ESP8266
Home Automation by ESP8266Home Automation by ESP8266
Home Automation by ESP8266Gleb Vinnikov
 
A Report on Bidirectional Visitor Counter using IR sensors and Arduino Uno R3
A Report on Bidirectional Visitor Counter using IR sensors and Arduino Uno R3A Report on Bidirectional Visitor Counter using IR sensors and Arduino Uno R3
A Report on Bidirectional Visitor Counter using IR sensors and Arduino Uno R3Abhishekvb
 
NodeMCU ESP8266 workshop 1
NodeMCU ESP8266 workshop 1NodeMCU ESP8266 workshop 1
NodeMCU ESP8266 workshop 1Andy Gelme
 
Low Cost HD Surveillance Camera using Raspberry PI
Low Cost HD Surveillance Camera using Raspberry PILow Cost HD Surveillance Camera using Raspberry PI
Low Cost HD Surveillance Camera using Raspberry PIVarun A M
 
Arduino Based Home Automation (2003) (1003018)
Arduino Based Home Automation (2003) (1003018)Arduino Based Home Automation (2003) (1003018)
Arduino Based Home Automation (2003) (1003018)Rappy Saha
 

Viewers also liked (12)

SmartTool introduction
SmartTool introductionSmartTool introduction
SmartTool introduction
 
MagPi43
MagPi43MagPi43
MagPi43
 
MagPi50
MagPi50MagPi50
MagPi50
 
MagPi51
MagPi51MagPi51
MagPi51
 
Abdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etcAbdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etc
 
Arduino Home Automation Hacks
Arduino Home Automation HacksArduino Home Automation Hacks
Arduino Home Automation Hacks
 
Bidirect visitor counter
Bidirect visitor counterBidirect visitor counter
Bidirect visitor counter
 
Home Automation by ESP8266
Home Automation by ESP8266Home Automation by ESP8266
Home Automation by ESP8266
 
A Report on Bidirectional Visitor Counter using IR sensors and Arduino Uno R3
A Report on Bidirectional Visitor Counter using IR sensors and Arduino Uno R3A Report on Bidirectional Visitor Counter using IR sensors and Arduino Uno R3
A Report on Bidirectional Visitor Counter using IR sensors and Arduino Uno R3
 
NodeMCU ESP8266 workshop 1
NodeMCU ESP8266 workshop 1NodeMCU ESP8266 workshop 1
NodeMCU ESP8266 workshop 1
 
Low Cost HD Surveillance Camera using Raspberry PI
Low Cost HD Surveillance Camera using Raspberry PILow Cost HD Surveillance Camera using Raspberry PI
Low Cost HD Surveillance Camera using Raspberry PI
 
Arduino Based Home Automation (2003) (1003018)
Arduino Based Home Automation (2003) (1003018)Arduino Based Home Automation (2003) (1003018)
Arduino Based Home Automation (2003) (1003018)
 

Similar to Meetup -- RFID

A 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCA 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCSlawomir Jasek
 
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)PROIDEA
 
A 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCA 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCSecuRing
 
NFC & RFID on Android
NFC & RFID on AndroidNFC & RFID on Android
NFC & RFID on Androidtodbotdotcom
 
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF... InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...Bishop Fox
 
RFID Hacking: Live Free or RFID Hard
RFID Hacking: Live Free or RFID HardRFID Hacking: Live Free or RFID Hard
RFID Hacking: Live Free or RFID HardBishop Fox
 
RFID Security Module
RFID Security ModuleRFID Security Module
RFID Security Modulecgvwzq
 
Rfid security workshop v0.9 -nahuel_grisolia
Rfid security workshop v0.9 -nahuel_grisoliaRfid security workshop v0.9 -nahuel_grisolia
Rfid security workshop v0.9 -nahuel_grisoliaPositive Hack Days
 
Nahuel Grisolia. RFID Workshop.
Nahuel Grisolia. RFID Workshop.Nahuel Grisolia. RFID Workshop.
Nahuel Grisolia. RFID Workshop.Positive Hack Days
 
My best effort
My best effortMy best effort
My best effortsujataray
 
Rfid based attendance sytem
Rfid based attendance sytemRfid based attendance sytem
Rfid based attendance sytemPiyush Saini
 
Bluetooth rfid readers
Bluetooth rfid readersBluetooth rfid readers
Bluetooth rfid readersnephsystem
 
RFID security and privacy
RFID security and privacyRFID security and privacy
RFID security and privacyShahryar Ali
 
Radio Frequency Identification
Radio Frequency Identification Radio Frequency Identification
Radio Frequency Identification Suman Dey
 

Similar to Meetup -- RFID (20)

A 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCA 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFC
 
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
 
A 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCA 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFC
 
RFID/NFC for the Masses
RFID/NFC for the MassesRFID/NFC for the Masses
RFID/NFC for the Masses
 
NFC & RFID on Android
NFC & RFID on AndroidNFC & RFID on Android
NFC & RFID on Android
 
Rfid
Rfid Rfid
Rfid
 
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF... InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
 
RFID Hacking: Live Free or RFID Hard
RFID Hacking: Live Free or RFID HardRFID Hacking: Live Free or RFID Hard
RFID Hacking: Live Free or RFID Hard
 
RFID Security Module
RFID Security ModuleRFID Security Module
RFID Security Module
 
Rfid security workshop v0.9 -nahuel_grisolia
Rfid security workshop v0.9 -nahuel_grisoliaRfid security workshop v0.9 -nahuel_grisolia
Rfid security workshop v0.9 -nahuel_grisolia
 
Nahuel Grisolia. RFID Workshop.
Nahuel Grisolia. RFID Workshop.Nahuel Grisolia. RFID Workshop.
Nahuel Grisolia. RFID Workshop.
 
Nfc
NfcNfc
Nfc
 
09
0909
09
 
RFID Technology
RFID TechnologyRFID Technology
RFID Technology
 
Presentation.rfid
Presentation.rfidPresentation.rfid
Presentation.rfid
 
My best effort
My best effortMy best effort
My best effort
 
Rfid based attendance sytem
Rfid based attendance sytemRfid based attendance sytem
Rfid based attendance sytem
 
Bluetooth rfid readers
Bluetooth rfid readersBluetooth rfid readers
Bluetooth rfid readers
 
RFID security and privacy
RFID security and privacyRFID security and privacy
RFID security and privacy
 
Radio Frequency Identification
Radio Frequency Identification Radio Frequency Identification
Radio Frequency Identification
 

Recently uploaded

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

Meetup -- RFID

  • 1. Hack for Fun with RFID Kevin2600
  • 2. Agenda ● RFID overview && Security ● RFID Research devices (PM3; ACR112..) ● Real world scenarios analyze (LF,HF,NFC) ● Conclusion && Tips of how to protect our privacy
  • 4. RFID Overview ● Tag types: Various sizes and shapes e.g. Keyring; Credit-Card ● Tag types: Active (Battery) and Passive (No internal Power Source)
  • 5. RFID Security ● HID Proxcard2 found mostly on Access control system. Come with no authentication, encryption, or any other real security mechanism. Just plain-text. ● The most popular RFID Card types (Mifare Ultralight; Mifare Classic; DESFire). Use ISO 14443A & operating on 13.56mhz. In the year 2007, Researchers found weakness of Mifare classic protocol. And managed to crack the Crypto1. ● NFC Credit cards support EMV-style contact-less payment. EMV stands for EuroPay, Master-card, Visa, which is a global standard for bank smart cards. ● The core of the EMV protocol is based on the transmission of Application Protocol Data Units (APDUs). Most of the APDUs sent between the two devices, are transmitted in plain-text. Cryptographic security is only employed in the authorization phases of a transaction.
  • 6. RFID toolkit: Swiss knife Proxmark3 The Proxmark III is the most powerful open source device available for performing RFID research. Can be use for reading; Sniff and emulate High and low frequency tags, almost behind every RFID research projects.
  • 7. Live demo (PM3 Sniffing)
  • 8. RFID toolkit: ACR112 ● Touchatag Reader (PN532 Chipset) ● RFIDiot: python library for reading/writing/ RFID cards ● LIBNFC libnfc is a library for communicating with ISO14443 RFID tags. libnfc works with NXP PN53x series chipsets
  • 9. Live demo (Crack Mifare1)
  • 11. Video demo (College ID) (http://youtu.be/E-nk4Jrm-gA)
  • 12. Video demo (Payment) (http://youtu.be/5WvdebLIKL0)
  • 13. Live demo (CIBC Credit card)
  • 14. Conclusion ● HID Proxcard2 card – Not secure at all !!! ● NFC Credit cards – Be Paranoid when using them !!! ● MIFARE Classic – Use for public payment is a very bad idea !!!
  • 15. Hack for Fun with RFID ● www.libnfc.org ● www.proxmark.org ● chaos-lab.blogspot.ca ● Kevin2600@gmail.com ● Any Ideas; Projects; Job offers are welcome :)