Uploaded bycgvwzq
841 views

RFID Security Module

This document provides an overview of RFID security modules and discusses various RFID tag and reader technologies. It summarizes key RFID standards like ISO/IEC 14443 and describes common tag types, including HID Prox, MIFARE Ultralight, MIFARE Classic, and DESFire EV1. It also discusses relay attacks and ways they can be mitigated using distance bounding protocols.

Embed presentation

Downloaded 15 times
RFID SECURITY MODULE 20th december 2017 pepe vila @cgvwzq pepe.vila@imdea.org vwzq.net
2 • Introduction • Readers: PM3,ACR122U,SmartPhones • Tags: Specs + Examples • HID,MIFARE Ultralight,Classic,Desfire EV1 • Relay Attacks
3 What is RFID? Radio-frequency identification (RFID) “method of uniquely identifying items using radio waves” (Origin: distinguish enemy aircraft during WWII) Passive vs. Active Tags • LowFrequency (LF): 125-134kHz • HighFrequency (HF): 13.56mHz • UltraHighFrequency (UHF): 856-960mHz
4 Tons of Technologies Keyless Cars Authentication Credit Cards/Payments Vending Machines Ticketing systems Biodevices Tracking/Logistics identification
5 How It Works? [Taken from 13.56 MHz RFID Proximity Antennas (http://www.nxp.com/documents/application_note/AN78010.pdf)] Proximity
 Inductive
 Coupling
 Card Proximity
 Coupling
 Device
6 How It Works? (MODULATION FOR ISO-14443-2) We will abstract from all these details,but if you are interested here is a recent and nice introduction to RF and SDR: https://www.elttam.com.au/blog/intro-sdr-and-rf-analysis/
7 vs Near Field Communication is a RFID technology “NFC standards cover communications protocols and data exchange formats and are based on existing radio-frequency identification (RFID) standards including ISO/IEC 14443 and FeliCa." Builds upon HF RFID (13.56mHz) Usually restricted to ~10cm range (closeness = inherent security?) Some NFC devices can operate in P2P mode or be emulated
8 Readers PROXMARK 3 ACR122u Android SmartPhones
9 Proxmark 3 Fully OpenSource: https://github.com/Proxmark/proxmark3 Support for LF and HF FPGA + ARM for modulation/demodulation and coding/decoding Active Community: http://www.proxmark.org/forum/index.php Costs 200-300eur
10 ACR122U NFC Tools: http://nfc-tools.org/index.php?title=ACR122 Basic NFC USB READER Only HF (13.56mHz) Support for a few specs (iso 14443 a/b,MIFARE,FeliCa…) Cost ~20eur OpenSource libraries (like LibNFC[https://github.com/nfc-tools/libnfc] ) Compatible with Android
No Cost if you already have one… NXP PN5xx vs.BCM2079x Chips Play Store Recommended Apps: NFC Tag Info https://play.google.com/store/apps/details?id=at.mroland.android.apps.nfctaginfo&hl=en UltraManager Lite https://play.google.com/store/apps/details?id=io.github.darkjoker.ultramanagerlite&hl=en MIFARE DESFire EV1 NFC Tool https://play.google.com/store/apps/details?id=com.skjolberg.mifare.desfiretool&hl=en Credit Card Reader NFC (EMV) https://play.google.com/store/apps/details?id=com.github.devnied.emvnfccard&hl=en Real ID https://play.google.com/store/apps/details?id=nl.innovalor.nfciddocshowcase&hl=en 11 Android SmartPhones
12 “Arrimar Cebolleta”Attack https://www.trustwave.com/Resources/SpiderLabs-Blog/ Proxmark-3,-now-with-more-Android/ https://eternal-todo.com/es/blog/give-me-credit-card-nfc- way
13 Faraday Cage Wallets Level 1 Level 9999
14 The NFC zoo Mirror: http://vwzq.net/download/nfczoo.pdf
15 ISO/IEC-14443 A/B Specification (most common in Europe and USA) • ISO/IEC 14443-1:2016 Part 1: Physical characteristics • ISO/IEC 14443-2:2016 Part 2: Radio frequency power and signal interface • ISO/IEC 14443-3:2016 Part 3: Initialization and anticollision • ISO/IEC 14443-4:2016 Part 4: Transmission protocol ISO specs are not free,by default…
16 a few more… • ISO/IEC 15693 (vicinity cards) • FeliCa (by Sony was proposed for ISO-14443 Type C) • LOTS OF PROPRIETARY PROTOCOLS (like NXPs) NFCIP (or ECMA 352 & 340)
17 OSINT(Open Source Intelligence) First step of an investigation is data gathering: - DataSheets (http://www.datasheetcatalog.com/) - Specifications - Patents (https://www.google.com/patents) - News (photos) - … Google Dorks (e.g.: filetype:pdf) can help a lot! You would be surprised of how much info there is exposed on manufacturers web pages (DataSheets, internal docs,screenshots of internal tools,software…)
18 Let's see some tags •HID Prox •MIFARE Ultralight •MIFARE Classic •MIFARE Desfire EV1
19 predominant in identification and access control Lower read range and communication speed Low-cost and low-security with simple UIDs or KEYs Some Examples: • EM4x • ATA55xx/T55xx • HID Prox • HiTag2 (used by cars: https://www.usenix.org/system/files/conference/usenixsecurity12/ sec12-final95.pdf) Interesting: t5577 have multiple parameters allowing to emulate/ simulate other tags RFID hacking with the Proxmark 3: https://blog.kchung.co/rfid-hacking-with-the-proxmark-3/ LF Tags
20 Tag Example: HID Prox HID Prox TAG ID: 020f58dd777 HID cards store 44 bits (11 hex digits) (start always with“02”for Customer Code) Sales Order Number (next to Card Number) 00000010 00 00111101011000110 1110101110111011 1 Customer Padding Facility Card Number P
 02 31430                60347 Data formats: http://www.proxmark.org/files/proxclone.com/ iCLASS%20Wiegand%20Data%20Formats_26-37.pdf (Online Calculator: https://www.brivo.com/support/card-calculator) Only secret Support for many data formats. The only question is which one… This seems to be Quadrakey (by Honeywell),which is equivalent to Wiegand 34-bit (N10002):
21 Exercise: Read MIFARE Ultralight Specification Tag Example: Ultralight HF Low-Cost No crypto Built in top of ISO-14443-3A 512 bits of memory (16 pages x 4 bytes): • 80 bits manufacturer + 16 bits config • 32 OTP bits + 384 bits for r/w data
22 Online vs.Offline systems: - on: Higher control and security - off: More expensive installation,not always possible No data stored-> no need to reverse engineer Possible to clone UID by using special tags (~10 eur) also possible to emulate (and brute force)… Tag Example: Ultralight
23 2001: MIFARE Ultralight introduced https://www.nxp.com/docs/en/data-sheet/MF0ICU1.pdf 2008: MIFARE Ultralight C (support for Triple DES Authentication) https://www.nxp.com/docs/en/data-sheet/MF0ICU2.pdf 2012: MIFARE Ultralight EV1 (backwards compatible with extra security) https://www.nxp.com/docs/en/data-sheet/MF0ULX1.pdf Tag Example: Ultralight
24 Classic Introduced in 1994 (NXP previously known as Philips) Communication layer based on ISO 14443 Proprietary crypto (security by obscurity always ends badly…) CRYPTO1 by NXP Semiconductors More than 3.5 billion cards produced 1k version: 1024 bytes split into 16 sectors 4k version: 4096 bytes split into 40 sectors Keys: 6 bytes Access control: 3 bits Data block: 16 bytes Tag Example: Classic
25 Dec 2007-Nohl et al.partial RE in CCC (https://www.youtube.com/watch?v=QJyxUvMGLr0) (from: https://events.ccc.de/congress/2007/Fahrplan/events/2378.en.html) Classic Crypto 1: Stream Cipher weakness on pseudorandom generator,the 32-bit nonces used for authentication have only 16 bits of entropy More: http://www.cs.ru.nl/~flaviog/ publications/Attack.MIFARE.pdf Tag Example: Classic
26 March 2008-Research group from Radbond University completely Reverse Engineered the Crypto-1 cipher Paper: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.437.2501&rep=rep1&type=pdf Slides: http://www.sos.cs.ru.nl/applications/rfid/2008-esorics-slides.pdf Card only attack! (critical) NXP tried to stop the disclosure…Court decides to allow publication Oct 2008-Crypto-1 implementation is open sourced MIFARE Plus announced as a drop-in replacement based on 128-bit AES new"hardened"cards have been released in and around 2011 (MIFARE Classic EV1),not susceptible to previous known card-only attacks 2015: Card Only attacks against hardened MIFARE Classic: http://cs.ru.nl/~rverdult/Ciphertext- only_Cryptanalysis_on_Hardened_Mifare_Classic_Cards-CCS_2015.pdf Classic Tag Example: Classic
27 Public Attack Implementations: • Nested Attack: mfoc Src: https://github.com/nfc-tools/mfoc Slides: https://nethemba.com/resources/mifare-classic-slides.pdf • Dark-side Attack: mfcuk Src: https://github.com/nfc-tools/mfcuk Paper: https://eprint.iacr.org/2009/137.pdf Classic Tag Example: Classic
28 DESFire Introduced in 2002 • 3DES with 4KB of storage • AES (2,4 or 8KB; see MIFARE DESFire EV1) Protocol compliant with ISO-14443-4 Supports“native commands”AND ISO-7816 APDUs (Smart Card Application Protocol Data Unit) Tag Example: DESFire
29 DESFire Wide Set of Commands: SELECT, READ/WRITE BINARY, GET DATA, GET CHALLENGE, GENERATE APP CRYPTOGRAM… Used to interact with Smart Card Applications and the FileSystem Select Application (or Directory File) by its AID (3 bytes) List File IDs and Key Settings 3 access levels: PICC or Card level,application level and file level Keys also used for establishing a session key and encrypt communication More details: https://brage.bibsys.no/xmlui/bitstream/handle/11250/262988/742061_FULLTEXT01.pdf (section 3) Tag Example: DESFire
30 2011-MIFARE DESFire (MF3ICD40) vulnerable to Correlation Power Analysis side-channel attack Breaking mifare DESFire MF3ICD40: power analysis and templates in the real world http://www.emsec.rub.de/media/crypto/veroeffentlichungen/2011/10/10/ desfire_2011_extended_1.pdf “The full key recovery attack takes ~250,000 traces,which require about 7 hours to collect.” NXP's response: https://www.mifare.net/update-on-mifare-desfire-mf3icd40/ DESFire Discontinued in favour of DESFire EV1 (introduced in 2008 Common Criteria EAL 4+) Tag Example: DESFire
31 DESFire No known attacks against DESFire EV1,only a recent study: 201 7-“Bias in the MIFARE DESFire EV1 TRNG”by D Hurley-Smith Relay Attack = violates the“closeness”assumption (Masther thesis on DESFire Ev1 relay: https://brage.bibsys.no/xmlui/bitstream/handle/ 11250/262988/742061_FULLTEXT01.pdf) MIFARE DESFire EV2 introduced in 2016 with a proximity check John Conway (1976) relay of a correspondence chess game Tag Example: DESFire
32 Relay Attacks NFC relay attacks with Android mobile devices http://vwzq.net/relaynfc/ Mitigation- Distance Bounding Protocols (establish bounds based on timing delays) (https://www.youtube.com/watch?v=qMQc_snB_yE)
33 Interesting Links NFC Glossary: https://www.nfc-research.at/index.php@id=40.html RFID Handbook: Fundamentals and Applications in Contactless Smart Cards,Radio Frequency Identification and Near-Field Communication Proxmark 3 forum: http://www.proxmark.org/forum/index.php RFIDIDIOt (Python lib): http://rfidiot.org/ Chasing Cars: Keyless Entry System Attacks https://conference.hitb.org/hitbsecconf2017ams/sessions/chasing-cars- keyless-entry-system-attacks/ A few more not so RFID… OpenSesame: http://samy.pl/opensesame/ Injecting RDS-TMC Traffic Information Signals: https://github.com/abarisani/abarisani.github.io/tree/master/ research/rds (video: https://www.youtube.com/watch?v=xgGgRKi1CGo)

More Related Content

PPT
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
byCODE BLUE
 
PPS
Workshop on Wireless Security
byamiable_indian
 
PDF
Wireless security
byAurobindo Nayak
 
PDF
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF R...
byBishop Fox
 
PDF
Mifare classic-slides
byOWASP (Open Web Application Security Project)
 
PDF
OpenCard hack (projekt chameleon)
byTech4 Helper
 
PPT
Android NFC Workshop MobDevCon 2013
byJames Elsey
 
PPT
Nullcon 2011 RFID - NÂO ENVIADO AO EVENTO
byMauro Risonho de Paula Assumpcao
 
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
byCODE BLUE
 
Workshop on Wireless Security
byamiable_indian
 
Wireless security
byAurobindo Nayak
 
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF R...
byBishop Fox
 
Mifare classic-slides
byOWASP (Open Web Application Security Project)
 
OpenCard hack (projekt chameleon)
byTech4 Helper
 
Android NFC Workshop MobDevCon 2013
byJames Elsey
 
Nullcon 2011 RFID - NÂO ENVIADO AO EVENTO
byMauro Risonho de Paula Assumpcao
 

What's hot

PDF
SCADA deep inside: protocols and security mechanisms
byAleksandr Timorin
 
PDF
RFID Hacking: Live Free or RFID Hard
byBishop Fox
 
PDF
Forti gate 90d
byhape01
 
PPTX
Making and breaking security in embedded devices
byYashin Mehaboobe
 
PPTX
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
byPositive Hack Days
 
PDF
Sergio González - WiFiSlax 4.0 [RootedCON 2010]
byRootedCON
 
PPTX
Advanced SOHO Router Exploitation XCON
byLyon Yang
 
PDF
A 2018 practical guide to hacking RFID/NFC
bySlawomir Jasek
 
PDF
Security Level 3 (SL3) Capabilities
byNXP MIFARE Team
 
PDF
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
byveerababu penugonda(Mr-IoT)
 
PPTX
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
byChase Schultz
 
PPT
07security
bydouglaslyon
 
PDF
SL1SL3 MixMode Feature
byNXP MIFARE Team
 
PDF
IoT security zigbee -- Null Meet bangalore
byveerababu penugonda(Mr-IoT)
 
PDF
Feasibility of Security in Micro-Controllers
byardiri
 
PPTX
Firmware analysis 101
byveerababu penugonda(Mr-IoT)
 
PDF
Fred server
byYansi Keim
 
PDF
Transaction MAC Feature
byNXP MIFARE Team
 
SCADA deep inside: protocols and security mechanisms
byAleksandr Timorin
 
RFID Hacking: Live Free or RFID Hard
byBishop Fox
 
Forti gate 90d
byhape01
 
Making and breaking security in embedded devices
byYashin Mehaboobe
 
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
byPositive Hack Days
 
Sergio González - WiFiSlax 4.0 [RootedCON 2010]
byRootedCON
 
Advanced SOHO Router Exploitation XCON
byLyon Yang
 
A 2018 practical guide to hacking RFID/NFC
bySlawomir Jasek
 
Security Level 3 (SL3) Capabilities
byNXP MIFARE Team
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
byveerababu penugonda(Mr-IoT)
 
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
byChase Schultz
 
07security
bydouglaslyon
 
SL1SL3 MixMode Feature
byNXP MIFARE Team
 
IoT security zigbee -- Null Meet bangalore
byveerababu penugonda(Mr-IoT)
 
Feasibility of Security in Micro-Controllers
byardiri
 
Firmware analysis 101
byveerababu penugonda(Mr-IoT)
 
Fred server
byYansi Keim
 
Transaction MAC Feature
byNXP MIFARE Team
 

Similar to RFID Security Module

PDF
A 2018 practical guide to hacking RFID/NFC
bySecuRing
 
PDF
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
byPROIDEA
 
PDF
Electronic Access Control Security / Безопасность электронных систем контроля...
byPositive Hack Days
 
PPT
Nullcon 2011 RFID - NÂO ENVIADO AO EVENTO
byMauro Risonho de Paula Assumpcao
 
PDF
Electronic Access Control Security
byOpposing Force S.r.l.
 
PPT
09
byThemadagen
 
PDF
Meetup -- RFID
byKevin2600
 
PPT
Nfc
byducquoc_vn
 
PDF
Hacking Smartcards & RFID
byDevnology
 
PPT
Introduction to nfc
byRay Cheng
 
PDF
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
byClubHack
 
PDF
amrapali builders@@sub way hacking.pdf
byamrapalibuildersreviews
 
PDF
NFC: Naked Fried Chicken (PHDays VI)
byOpposing Force S.r.l.
 
KEY
NFC & RFID on Android
bytodbotdotcom
 
PDF
IRJET- Security in Ad-Hoc Network using Encrypted Data Transmission and S...
byIRJET Journal
 
PDF
NXP MIFARE Webinar: Innovation Road Map: Present Improved- Future Inside
byNXP MIFARE Team
 
PPTX
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
byPositive Hack Days
 
PPT
DC4420 2014 - NFC - The Non-Radio Bits
byTom Keetch
 
PDF
Need NFC RFID-Tomorrow Is Today in This Constant State of Innovation
byHamed M. Sanogo
 
PDF
New use cases thanks to adding crypto to RFID tags
byIhar Bayarenka
 
A 2018 practical guide to hacking RFID/NFC
bySecuRing
 
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
byPROIDEA
 
Electronic Access Control Security / Безопасность электронных систем контроля...
byPositive Hack Days
 
Nullcon 2011 RFID - NÂO ENVIADO AO EVENTO
byMauro Risonho de Paula Assumpcao
 
Electronic Access Control Security
byOpposing Force S.r.l.
 
09
byThemadagen
 
Meetup -- RFID
byKevin2600
 
Nfc
byducquoc_vn
 
Hacking Smartcards & RFID
byDevnology
 
Introduction to nfc
byRay Cheng
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
byClubHack
 
amrapali builders@@sub way hacking.pdf
byamrapalibuildersreviews
 
NFC: Naked Fried Chicken (PHDays VI)
byOpposing Force S.r.l.
 
NFC & RFID on Android
bytodbotdotcom
 
IRJET- Security in Ad-Hoc Network using Encrypted Data Transmission and S...
byIRJET Journal
 
NXP MIFARE Webinar: Innovation Road Map: Present Improved- Future Inside
byNXP MIFARE Team
 
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
byPositive Hack Days
 
DC4420 2014 - NFC - The Non-Radio Bits
byTom Keetch
 
Need NFC RFID-Tomorrow Is Today in This Constant State of Innovation
byHamed M. Sanogo
 
New use cases thanks to adding crypto to RFID tags
byIhar Bayarenka
 

Recently uploaded

PDF
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
PPTX
Connecting to MCP Servers in OutSystems Platform
byOzanCali
 
PDF
Animated Safety Induction: A Smarter Way to Onboard for Workplace Safety
byTECH EHS Solution
 
PDF
JFokus 2026 - Please pass the salt- Serve up passwords with a side of entropy...
byOrtus Solutions, Corp
 
PDF
Ready, Set, REST! Introducing MySQL's Built-In REST Service
byMiguel Araújo
 
PPTX
Pitch Deck for MEVIA OS - No Apps, Infinite, Decentralized Operating System
byDr. Edwin Hernandez
 
PPTX
Salesforce Spring '26 Release presentation - Melbourne Salesforce User Group
byAnne N
 
PDF
openstack_operations_slides_version1.3_pp.pdf
byssuser47d511
 
PDF
MySQL Routing Guidelines: Designing Smarter Query Routing Together
byMiguel Araújo
 
PDF
HuemanAI Platform Overview.pptx (1) (2).pdf
byAnkur Handoo
 
PDF
Versnel innovatie met GitHub Enterprise - Rick Smit GitHub
byDelta-N
 
PDF
Langchain4J – An Introduction for Impatient Developers
byJuarez Junior
 
PDF
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
PDF
Lost Android Phone Recovery_ Steps That Work Fast.pdf
byIsabella Reed
 
PDF
Build Modern Applications with Amazon Aurora DSQL- AWS User Group Bonn 2026
byVadym Kazulkin
 
PDF
eresource Xcel ERP for Maunfacturing - Best Manufacturing ERP for SME
byeresource Infotech Pvt.Ltd
 
PDF
Metrics, Logs, Traces, and Mayhem_ Introducing an observability adventure gam...
byImma Valls Bernaus
 
PDF
Odoo ERP Implementation Setup: Step-by-Step Process
byShiv Technolabs Pvt. Ltd.
 
PPTX
Best Digital Marketing Company in Lucknow
bydigitallearning9277
 
PPTX
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
Connecting to MCP Servers in OutSystems Platform
byOzanCali
 
Animated Safety Induction: A Smarter Way to Onboard for Workplace Safety
byTECH EHS Solution
 
JFokus 2026 - Please pass the salt- Serve up passwords with a side of entropy...
byOrtus Solutions, Corp
 
Ready, Set, REST! Introducing MySQL's Built-In REST Service
byMiguel Araújo
 
Pitch Deck for MEVIA OS - No Apps, Infinite, Decentralized Operating System
byDr. Edwin Hernandez
 
Salesforce Spring '26 Release presentation - Melbourne Salesforce User Group
byAnne N
 
openstack_operations_slides_version1.3_pp.pdf
byssuser47d511
 
MySQL Routing Guidelines: Designing Smarter Query Routing Together
byMiguel Araújo
 
HuemanAI Platform Overview.pptx (1) (2).pdf
byAnkur Handoo
 
Versnel innovatie met GitHub Enterprise - Rick Smit GitHub
byDelta-N
 
Langchain4J – An Introduction for Impatient Developers
byJuarez Junior
 
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
Lost Android Phone Recovery_ Steps That Work Fast.pdf
byIsabella Reed
 
Build Modern Applications with Amazon Aurora DSQL- AWS User Group Bonn 2026
byVadym Kazulkin
 
eresource Xcel ERP for Maunfacturing - Best Manufacturing ERP for SME
byeresource Infotech Pvt.Ltd
 
Metrics, Logs, Traces, and Mayhem_ Introducing an observability adventure gam...
byImma Valls Bernaus
 
Odoo ERP Implementation Setup: Step-by-Step Process
byShiv Technolabs Pvt. Ltd.
 
Best Digital Marketing Company in Lucknow
bydigitallearning9277
 
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 

RFID Security Module

  • 1.
    RFID SECURITY MODULE 20thdecember 2017 pepe vila @cgvwzq pepe.vila@imdea.org vwzq.net
  • 2.
    2 • Introduction • Readers:PM3,ACR122U,SmartPhones • Tags: Specs + Examples • HID,MIFARE Ultralight,Classic,Desfire EV1 • Relay Attacks
  • 3.
    3 What is RFID? Radio-frequencyidentification (RFID) “method of uniquely identifying items using radio waves” (Origin: distinguish enemy aircraft during WWII) Passive vs. Active Tags • LowFrequency (LF): 125-134kHz • HighFrequency (HF): 13.56mHz • UltraHighFrequency (UHF): 856-960mHz
  • 4.
    4 Tons of Technologies KeylessCars Authentication Credit Cards/Payments Vending Machines Ticketing systems Biodevices Tracking/Logistics identification
  • 5.
    5 How It Works? [Takenfrom 13.56 MHz RFID Proximity Antennas (http://www.nxp.com/documents/application_note/AN78010.pdf)] Proximity
 Inductive
 Coupling
 Card Proximity
 Coupling
 Device
  • 6.
    6 How It Works? (MODULATIONFOR ISO-14443-2) We will abstract from all these details,but if you are interested here is a recent and nice introduction to RF and SDR: https://www.elttam.com.au/blog/intro-sdr-and-rf-analysis/
  • 7.
    7 vs Near Field Communicationis a RFID technology “NFC standards cover communications protocols and data exchange formats and are based on existing radio-frequency identification (RFID) standards including ISO/IEC 14443 and FeliCa." Builds upon HF RFID (13.56mHz) Usually restricted to ~10cm range (closeness = inherent security?) Some NFC devices can operate in P2P mode or be emulated
  • 8.
    8 Readers PROXMARK 3 ACR122uAndroid SmartPhones
  • 9.
    9 Proxmark 3 Fully OpenSource:https://github.com/Proxmark/proxmark3 Support for LF and HF FPGA + ARM for modulation/demodulation and coding/decoding Active Community: http://www.proxmark.org/forum/index.php Costs 200-300eur
  • 10.
    10 ACR122U NFC Tools: http://nfc-tools.org/index.php?title=ACR122 BasicNFC USB READER Only HF (13.56mHz) Support for a few specs (iso 14443 a/b,MIFARE,FeliCa…) Cost ~20eur OpenSource libraries (like LibNFC[https://github.com/nfc-tools/libnfc] ) Compatible with Android
  • 11.
    No Cost ifyou already have one… NXP PN5xx vs.BCM2079x Chips Play Store Recommended Apps: NFC Tag Info https://play.google.com/store/apps/details?id=at.mroland.android.apps.nfctaginfo&hl=en UltraManager Lite https://play.google.com/store/apps/details?id=io.github.darkjoker.ultramanagerlite&hl=en MIFARE DESFire EV1 NFC Tool https://play.google.com/store/apps/details?id=com.skjolberg.mifare.desfiretool&hl=en Credit Card Reader NFC (EMV) https://play.google.com/store/apps/details?id=com.github.devnied.emvnfccard&hl=en Real ID https://play.google.com/store/apps/details?id=nl.innovalor.nfciddocshowcase&hl=en 11 Android SmartPhones
  • 12.
  • 13.
  • 14.
    14 The NFC zoo Mirror:http://vwzq.net/download/nfczoo.pdf
  • 15.
    15 ISO/IEC-14443 A/B Specification (mostcommon in Europe and USA) • ISO/IEC 14443-1:2016 Part 1: Physical characteristics • ISO/IEC 14443-2:2016 Part 2: Radio frequency power and signal interface • ISO/IEC 14443-3:2016 Part 3: Initialization and anticollision • ISO/IEC 14443-4:2016 Part 4: Transmission protocol ISO specs are not free,by default…
  • 16.
    16 a few more… •ISO/IEC 15693 (vicinity cards) • FeliCa (by Sony was proposed for ISO-14443 Type C) • LOTS OF PROPRIETARY PROTOCOLS (like NXPs) NFCIP (or ECMA 352 & 340)
  • 17.
    17 OSINT(Open Source Intelligence) Firststep of an investigation is data gathering: - DataSheets (http://www.datasheetcatalog.com/) - Specifications - Patents (https://www.google.com/patents) - News (photos) - … Google Dorks (e.g.: filetype:pdf) can help a lot! You would be surprised of how much info there is exposed on manufacturers web pages (DataSheets, internal docs,screenshots of internal tools,software…)
  • 18.
    18 Let's see sometags •HID Prox •MIFARE Ultralight •MIFARE Classic •MIFARE Desfire EV1
  • 19.
    19 predominant in identificationand access control Lower read range and communication speed Low-cost and low-security with simple UIDs or KEYs Some Examples: • EM4x • ATA55xx/T55xx • HID Prox • HiTag2 (used by cars: https://www.usenix.org/system/files/conference/usenixsecurity12/ sec12-final95.pdf) Interesting: t5577 have multiple parameters allowing to emulate/ simulate other tags RFID hacking with the Proxmark 3: https://blog.kchung.co/rfid-hacking-with-the-proxmark-3/ LF Tags
  • 20.
    20 Tag Example: HIDProx HID Prox TAG ID: 020f58dd777 HID cards store 44 bits (11 hex digits) (start always with“02”for Customer Code) Sales Order Number (next to Card Number) 00000010 00 00111101011000110 1110101110111011 1 Customer Padding Facility Card Number P
 02 31430                60347 Data formats: http://www.proxmark.org/files/proxclone.com/ iCLASS%20Wiegand%20Data%20Formats_26-37.pdf (Online Calculator: https://www.brivo.com/support/card-calculator) Only secret Support for many data formats. The only question is which one… This seems to be Quadrakey (by Honeywell),which is equivalent to Wiegand 34-bit (N10002):
  • 21.
    21 Exercise: Read MIFAREUltralight Specification Tag Example: Ultralight HF Low-Cost No crypto Built in top of ISO-14443-3A 512 bits of memory (16 pages x 4 bytes): • 80 bits manufacturer + 16 bits config • 32 OTP bits + 384 bits for r/w data
  • 22.
    22 Online vs.Offline systems: -on: Higher control and security - off: More expensive installation,not always possible No data stored-> no need to reverse engineer Possible to clone UID by using special tags (~10 eur) also possible to emulate (and brute force)… Tag Example: Ultralight
  • 23.
    23 2001: MIFARE Ultralightintroduced https://www.nxp.com/docs/en/data-sheet/MF0ICU1.pdf 2008: MIFARE Ultralight C (support for Triple DES Authentication) https://www.nxp.com/docs/en/data-sheet/MF0ICU2.pdf 2012: MIFARE Ultralight EV1 (backwards compatible with extra security) https://www.nxp.com/docs/en/data-sheet/MF0ULX1.pdf Tag Example: Ultralight
  • 24.
    24 Classic Introduced in 1994(NXP previously known as Philips) Communication layer based on ISO 14443 Proprietary crypto (security by obscurity always ends badly…) CRYPTO1 by NXP Semiconductors More than 3.5 billion cards produced 1k version: 1024 bytes split into 16 sectors 4k version: 4096 bytes split into 40 sectors Keys: 6 bytes Access control: 3 bits Data block: 16 bytes Tag Example: Classic
  • 25.
    25 Dec 2007-Nohl etal.partial RE in CCC (https://www.youtube.com/watch?v=QJyxUvMGLr0) (from: https://events.ccc.de/congress/2007/Fahrplan/events/2378.en.html) Classic Crypto 1: Stream Cipher weakness on pseudorandom generator,the 32-bit nonces used for authentication have only 16 bits of entropy More: http://www.cs.ru.nl/~flaviog/ publications/Attack.MIFARE.pdf Tag Example: Classic
  • 26.
    26 March 2008-Research groupfrom Radbond University completely Reverse Engineered the Crypto-1 cipher Paper: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.437.2501&rep=rep1&type=pdf Slides: http://www.sos.cs.ru.nl/applications/rfid/2008-esorics-slides.pdf Card only attack! (critical) NXP tried to stop the disclosure…Court decides to allow publication Oct 2008-Crypto-1 implementation is open sourced MIFARE Plus announced as a drop-in replacement based on 128-bit AES new"hardened"cards have been released in and around 2011 (MIFARE Classic EV1),not susceptible to previous known card-only attacks 2015: Card Only attacks against hardened MIFARE Classic: http://cs.ru.nl/~rverdult/Ciphertext- only_Cryptanalysis_on_Hardened_Mifare_Classic_Cards-CCS_2015.pdf Classic Tag Example: Classic
  • 27.
    27 Public Attack Implementations: •Nested Attack: mfoc Src: https://github.com/nfc-tools/mfoc Slides: https://nethemba.com/resources/mifare-classic-slides.pdf • Dark-side Attack: mfcuk Src: https://github.com/nfc-tools/mfcuk Paper: https://eprint.iacr.org/2009/137.pdf Classic Tag Example: Classic
  • 28.
    28 DESFire Introduced in 2002 •3DES with 4KB of storage • AES (2,4 or 8KB; see MIFARE DESFire EV1) Protocol compliant with ISO-14443-4 Supports“native commands”AND ISO-7816 APDUs (Smart Card Application Protocol Data Unit) Tag Example: DESFire
  • 29.
    29 DESFire Wide Set ofCommands: SELECT, READ/WRITE BINARY, GET DATA, GET CHALLENGE, GENERATE APP CRYPTOGRAM… Used to interact with Smart Card Applications and the FileSystem Select Application (or Directory File) by its AID (3 bytes) List File IDs and Key Settings 3 access levels: PICC or Card level,application level and file level Keys also used for establishing a session key and encrypt communication More details: https://brage.bibsys.no/xmlui/bitstream/handle/11250/262988/742061_FULLTEXT01.pdf (section 3) Tag Example: DESFire
  • 30.
    30 2011-MIFARE DESFire (MF3ICD40)vulnerable to Correlation Power Analysis side-channel attack Breaking mifare DESFire MF3ICD40: power analysis and templates in the real world http://www.emsec.rub.de/media/crypto/veroeffentlichungen/2011/10/10/ desfire_2011_extended_1.pdf “The full key recovery attack takes ~250,000 traces,which require about 7 hours to collect.” NXP's response: https://www.mifare.net/update-on-mifare-desfire-mf3icd40/ DESFire Discontinued in favour of DESFire EV1 (introduced in 2008 Common Criteria EAL 4+) Tag Example: DESFire
  • 31.
    31 DESFire No known attacksagainst DESFire EV1,only a recent study: 201 7-“Bias in the MIFARE DESFire EV1 TRNG”by D Hurley-Smith Relay Attack = violates the“closeness”assumption (Masther thesis on DESFire Ev1 relay: https://brage.bibsys.no/xmlui/bitstream/handle/ 11250/262988/742061_FULLTEXT01.pdf) MIFARE DESFire EV2 introduced in 2016 with a proximity check John Conway (1976) relay of a correspondence chess game Tag Example: DESFire
  • 32.
    32 Relay Attacks NFC relayattacks with Android mobile devices http://vwzq.net/relaynfc/ Mitigation- Distance Bounding Protocols (establish bounds based on timing delays) (https://www.youtube.com/watch?v=qMQc_snB_yE)
  • 33.
    33 Interesting Links NFC Glossary:https://www.nfc-research.at/index.php@id=40.html RFID Handbook: Fundamentals and Applications in Contactless Smart Cards,Radio Frequency Identification and Near-Field Communication Proxmark 3 forum: http://www.proxmark.org/forum/index.php RFIDIDIOt (Python lib): http://rfidiot.org/ Chasing Cars: Keyless Entry System Attacks https://conference.hitb.org/hitbsecconf2017ams/sessions/chasing-cars- keyless-entry-system-attacks/ A few more not so RFID… OpenSesame: http://samy.pl/opensesame/ Injecting RDS-TMC Traffic Information Signals: https://github.com/abarisani/abarisani.github.io/tree/master/ research/rds (video: https://www.youtube.com/watch?v=xgGgRKi1CGo)