Close enough? Prox Cards 101 - DerbyCon2012

1,107 views

Published on

Talk by Stephen Heath (@dilisnya) from the DerbyCon2012 Wireless Village. I make no claims on copyright on the images contained within.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,107
On SlideShare
0
From Embeds
0
Number of Embeds
13
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Close enough? Prox Cards 101 - DerbyCon2012

  1. 1. Prox Cards 101Stephen Heath (@dilisnya)DerbyCon 2012
  2. 2. About me…Stephen Heath Director of Security Services Intrinium Networks / IT Security Twitter: @dilisnya
  3. 3. 30,000 foot view…• The Basics of Access Control• Legacy• 125 kHz Proximity • Demo Proxmark3• 13.56 MHz (iClass, MiFARE)• Attacks elsewhere… Courtesy of Google maps
  4. 4. Whoa!
  5. 5. Wiegand Cards Data Zero Data One
  6. 6. 0-255 0-65535
  7. 7. 125kHz Proximity Cards
  8. 8. 125kHz Proximity Cards
  9. 9. Swiping Proximity Cards… James Bond © MGM
  10. 10. Location, location, location…
  11. 11. Hiding the antenna…
  12. 12. Choosing a target…
  13. 13. 4% 10%11% 42% 33%
  14. 14. 7%11% 82%
  15. 15. The moral? Sniff a dude’s ass…
  16. 16. 13.56 MHz Smart Cards Challenge Response Encrypted data
  17. 17. Wire attacks• Gecko • Zac Franken • DefCon 15 (2007) • Arduino-based Wiegand attacks • Brad Antoniewicz • ShmooCon 2012
  18. 18. Still card flaws…• MIFARE Classic 1K • Crypto-1 broken• HID iClass “Standard Security Mode” • Shared crypto key
  19. 19. Easy stuff…
  20. 20. Easier stuff …
  21. 21. Acknowledgements…• Brad Antoniewicz of Foundstone • “Attacking Proximity Access Card Systems” (ShmooCon 2012) • ProxBrute • http://nosedookie.blogspot.com• OpenPCD.org • HID iClass Demystified• Zac Franken • Physical Access Control Systems: Are you protected by two screws and a plastic cover?• N00bz and the rest of the wireless village team!
  22. 22. Stephen Heath (@dilisnya)

×