This document summarizes Eddie Lee's presentation on NFC hacking at DEFCON 20. It introduces the NFCProxy tool, which allows analyzing NFC protocols by proxying transactions between an NFC reader and card. The tool works by relaying APDUs between the two devices over WiFi. It can save, export, and replay transactions. The presentation demonstrates using NFCProxy in proxy mode to observe live transactions and in replay mode to simulate card behaviors. Future work may include generic frameworks for different NFC technologies and fuzzing NFC protocols.
The Google Nexus S offers support for Near Field Communication (NFC), an extension to an RFID smart card protocol popularly used for secure access, metro passes (Oyster/Clipper), and electronic money (FeliCa/Octopus). NFC in smartphones promises adding these features to the phone you carry by allowing the it to emulate both RFID tag and reader.
NFC additionally adds new capabilities like exchanging configuration data such as WiFi settings, trading vCard contact information, reading URLs, triggering SMS text messages or initiating calls, and secure bi-directional communication between NFC devices.
This session will cover what NFC and RFID is and is not, what Android on the Nexus S is currently capable of, and some examples of how to add NFC to your apps.
http://where2conf.com/where2011/public/schedule/detail/18443
The Google Nexus S offers support for Near Field Communication (NFC), an extension to an RFID smart card protocol popularly used for secure access, metro passes (Oyster/Clipper), and electronic money (FeliCa/Octopus). NFC in smartphones promises adding these features to the phone you carry by allowing the it to emulate both RFID tag and reader.
NFC additionally adds new capabilities like exchanging configuration data such as WiFi settings, trading vCard contact information, reading URLs, triggering SMS text messages or initiating calls, and secure bi-directional communication between NFC devices.
This session will cover what NFC and RFID is and is not, what Android on the Nexus S is currently capable of, and some examples of how to add NFC to your apps.
http://where2conf.com/where2011/public/schedule/detail/18443
NFC stands for Near Field Communication.
NFC is an extension of Radio Frequency IDentifier popularly known as RFID.
NFC is a short range high frequency wireless communication technology.
NFC was founded in the year 2004 by NOKIA, SONY and PHILIPS.
Contactless TAGs for Near Field Communication (NFC). Its here and this is a primer for understanding mobile contactless tags how they can be used for mobile loyalty and couponing with point of sale integration!
A 2018 practical guide to hacking RFID/NFCSlawomir Jasek
Ever wanted to hack these proximity/contactless cards you use every day, but did not know where to start? This is the talk to attend! I will walk you through the fascinating world of RFID/NFC failures, snake oils and installation gaps - that despite facing well deserved hacks long time ago, still remain unpatched in so many buildings. Besides legacy (but still widespread), more modern (but also broken), and supposedly non-breakable (yet to be tested) systems, I will also share the risks and possible attacks on the new emerging technology - replacing plastic cards with your NFC smartphone in access control systems. How to recognize the card type? What kinds of cards can be cloned? Can you clone a card having just a picture of it? How to build your own card cracking and cloning equipment for less than $10, and when it is worth to invest in a more powerful hardware? How to use a smartphone to crack keys, or emulate a plastic access control card? How to intercept data transmitted from wall reader to backend door controller? How to reverse hotel system and understand the data encoded on cards? Expect highly practical information regarding these and many other topics. Multiple live demos and NFC hacking hardware sets to give away included. After the talk you are also welcome to practice the new skills yourself on our test access control installations onsite.
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)PROIDEA
Ever wanted to hack these proximity/contactless cards you use every day, but did not know where to start? This is the talk to attend! I will walk you through the fascinating world of RFID/NFC failures, snake oils and installation gaps - that despite facing well deserved hacks long time ago, still remain unpatched in so many buildings. Besides legacy (but still widespread), more modern (but also broken), and supposedly non-breakable (yet to be tested) systems, I will also share the risks and possible attacks on the new emerging technology - replacing plastic cards with your NFC smartphone in access control systems. How to recognize the card type? What kinds of cards can be cloned? Can you clone a card having just a picture of it? How to build your own card cracking and cloning equipment for less than $10, and when it is worth to invest in a more powerful hardware? How to use a smartphone to crack keys, or emulate a plastic access control card? How to intercept data transmitted from wall reader to backend door controller? How to reverse hotel system and understand the data encoded on cards? Expect highly practical information regarding these and many other topics. Multiple live demos and NFC hacking hardware sets to give away included. After the talk you are also welcome to practice the new skills yourself on our test access control installations onsite.
A 2018 practical guide to hacking RFID/NFCSecuRing
Ever wanted to hack these proximity/contactless cards you use every day, but did not know where to start? This is the talk to attend! I will walk you through the fascinating world of RFID/NFC failures, snake oils and installation gaps - that despite facing well deserved hacks long time ago, still remain unpatched in so many buildings. Besides legacy (but still widespread), more modern (but also broken), and supposedly non-breakable (yet to be tested) systems, I will also share the risks and possible attacks on the new emerging technology - replacing plastic cards with your NFC smartphone in access control systems. How to recognize the card type? What kinds of cards can be cloned? Can you clone a card having just a picture of it? How to build your own card cracking and cloning equipment for less than $10, and when it is worth to invest in a more powerful hardware? How to use a smartphone to crack keys, or emulate a plastic access control card? How to intercept data transmitted from wall reader to backend door controller? How to reverse hotel system and understand the data encoded on cards? Expect highly practical information regarding these and many other topics. Multiple live demos and NFC hacking hardware sets to give away included. After the talk you are also welcome to practice the new skills yourself on our test access control installations onsite.
A knowledge sharing deck put together for VJ's/Isobar that serves as an introduction to RFID and NFC wireless technologies, what they are, how they work and strengths and weaknesses. Hope you enjoy.
NFC stands for Near Field Communication.
NFC is an extension of Radio Frequency IDentifier popularly known as RFID.
NFC is a short range high frequency wireless communication technology.
NFC was founded in the year 2004 by NOKIA, SONY and PHILIPS.
Contactless TAGs for Near Field Communication (NFC). Its here and this is a primer for understanding mobile contactless tags how they can be used for mobile loyalty and couponing with point of sale integration!
A 2018 practical guide to hacking RFID/NFCSlawomir Jasek
Ever wanted to hack these proximity/contactless cards you use every day, but did not know where to start? This is the talk to attend! I will walk you through the fascinating world of RFID/NFC failures, snake oils and installation gaps - that despite facing well deserved hacks long time ago, still remain unpatched in so many buildings. Besides legacy (but still widespread), more modern (but also broken), and supposedly non-breakable (yet to be tested) systems, I will also share the risks and possible attacks on the new emerging technology - replacing plastic cards with your NFC smartphone in access control systems. How to recognize the card type? What kinds of cards can be cloned? Can you clone a card having just a picture of it? How to build your own card cracking and cloning equipment for less than $10, and when it is worth to invest in a more powerful hardware? How to use a smartphone to crack keys, or emulate a plastic access control card? How to intercept data transmitted from wall reader to backend door controller? How to reverse hotel system and understand the data encoded on cards? Expect highly practical information regarding these and many other topics. Multiple live demos and NFC hacking hardware sets to give away included. After the talk you are also welcome to practice the new skills yourself on our test access control installations onsite.
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)PROIDEA
Ever wanted to hack these proximity/contactless cards you use every day, but did not know where to start? This is the talk to attend! I will walk you through the fascinating world of RFID/NFC failures, snake oils and installation gaps - that despite facing well deserved hacks long time ago, still remain unpatched in so many buildings. Besides legacy (but still widespread), more modern (but also broken), and supposedly non-breakable (yet to be tested) systems, I will also share the risks and possible attacks on the new emerging technology - replacing plastic cards with your NFC smartphone in access control systems. How to recognize the card type? What kinds of cards can be cloned? Can you clone a card having just a picture of it? How to build your own card cracking and cloning equipment for less than $10, and when it is worth to invest in a more powerful hardware? How to use a smartphone to crack keys, or emulate a plastic access control card? How to intercept data transmitted from wall reader to backend door controller? How to reverse hotel system and understand the data encoded on cards? Expect highly practical information regarding these and many other topics. Multiple live demos and NFC hacking hardware sets to give away included. After the talk you are also welcome to practice the new skills yourself on our test access control installations onsite.
A 2018 practical guide to hacking RFID/NFCSecuRing
Ever wanted to hack these proximity/contactless cards you use every day, but did not know where to start? This is the talk to attend! I will walk you through the fascinating world of RFID/NFC failures, snake oils and installation gaps - that despite facing well deserved hacks long time ago, still remain unpatched in so many buildings. Besides legacy (but still widespread), more modern (but also broken), and supposedly non-breakable (yet to be tested) systems, I will also share the risks and possible attacks on the new emerging technology - replacing plastic cards with your NFC smartphone in access control systems. How to recognize the card type? What kinds of cards can be cloned? Can you clone a card having just a picture of it? How to build your own card cracking and cloning equipment for less than $10, and when it is worth to invest in a more powerful hardware? How to use a smartphone to crack keys, or emulate a plastic access control card? How to intercept data transmitted from wall reader to backend door controller? How to reverse hotel system and understand the data encoded on cards? Expect highly practical information regarding these and many other topics. Multiple live demos and NFC hacking hardware sets to give away included. After the talk you are also welcome to practice the new skills yourself on our test access control installations onsite.
A knowledge sharing deck put together for VJ's/Isobar that serves as an introduction to RFID and NFC wireless technologies, what they are, how they work and strengths and weaknesses. Hope you enjoy.
Leverage RFID with NFC for Better ROI - by Steve McRaeMerchant360, Inc.
Presentation given by Steve McRae, CEO of Merchant360 on April 3, 2012 at RFID Journal LIVE! Conference. Review how people can leverage their knowledge and system of RFID for Near Field Communication technology to produce a better Return on Investment for both RFID and NFC implementations.
Similar to DefCon 2012 - Near-Field Communication / RFID Hacking - Lee (20)
DefCon 2012 - Firmware Vulnerability Hunting with FRAKMichael Smith
"Embedded Device Firmware Vulnerability Hunting Using FRAK, the Firmware Reverse Analysis Konsole -- FRAK is a framework for unpacking, analyzing, modifying and repacking the firmware images of proprietary embedded devices. The FRAK framework provides a programmatic environment for the analysis of arbitrary embedded device firmware as well as an interactive environment for the disassembly, manipulation and re-assembly of such binary images.
We demonstrate the automated analysis of Cisco IOS, Cisco IP phone and HP LaserJet printer firmware images. We show how FRAK can integrate with existing vulnerability analysis tools to automate bug hunting for embedded devices. We also demonstrate how FRAK can be used to inject experimental host-based defenses into proprietary devices like Cisco routers and HP printers. "
DefCon 2012 - Power Smart Meter HackingMichael Smith
"When you look at a Smart Meter, it practically winks at you. Their Optical Port calls to you. It calls to criminals as well. But how do criminals interact with it? We will show you how they look into the eye of the meter. More specifically, this presentation will show how criminals gather information from meters to do their dirty work. From quick memory acquisition techniques to more complex hardware bus sniffing, the techniques outlined in this presentation will show how authentication credentials are acquired. Finally, a method for interacting with a meter's IR port will be introduced to show that vendor specific software is not necessary to poke a meter in the eye."
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
2. ! Security Researcher for Blackwing Intelligence (formerly Praetorian
Global)
About Me
! We’re always looking for cool security projects
! Member of Digital Revelation
! 2-time CTF Champs – Defcon 9 & 10
! Not an NFC or RFID expert!
3. ! Radio Frequency Identification - RFID
! Broad range of frequencies: low kHz to super high GHz
Introduction // RFID Primer
! Near Field Communication - NFC
! 13.56 MHz
! Payment cards
! Library systems
! e-Passports
! Smart cards
! Standard range: ~3 - 10 cm
! RFID Tag
! Transceiver
! Antenna
! Chip (processor) or memory
4. ! RFID (tag) in credit cards
! Visa – PayWave
Introduction // RFID Primer
! MasterCard – PayPass
! American Express – ExpressPay
! Discover – Zip
! Proximity Coupling Devices (PCD) / Point of Sale (POS) terminal /
Reader
! EMV (Europay, Mastercard, and VISA) standard for communication
between chipped credit cards and POS terminals
! Four “books” long
! Based on ISO 14443 and ISO 7816
! Communicate with Application Protocol Data Units (APDUs)
5. ! Why create NFCProxy?
! I’m lazy
Introduction // Motivation
! Don’t like to read specs
! Didn’t want to learn protocol (from reading specs)
! Future releases should work with other standards (diff protocols)
! Make it easier to analyze protocols
! Make it easier for other people to get involved
! Contribute to reasons why this standard should be fixed
6. ! Adam Laurie (Major Malfunction)
! RFIDIOt
Previous work
! http://rfidiot.org
! Pablos Holman
! Skimming RFID credit cards with ebay reader
! http://www.youtube.com/watch?v=vmajlKJlT3U
! 3ric Johanson
! Pwnpass
! http://www.rfidunplugged.com/pwnpass/
! Kristen Paget
! Cloning RFID credit cards to mag strip
! http://www.shmoocon.org/2012/presentations/Paget_shmoocon2012-credit-
cards.pdf
! Tag reading apps
8. ! What is NFCProxy?
! An open source Android app
Tool Overview
! A tool that makes it easier to start messing with NFC/RFID
! Protocol analyzer
! Hardware required
! Two NFC capable Android phones for full feature set
! Nexus S (~$60 - $90 ebay)
! LG Optimus Elite (~$130 new. Contract free)
! No custom ROMs yet
! Galaxy Nexus, Galaxy S3, etc. (http://www.nfcworld.com/nfc-phones-list/)
! Software required
! One phone
! Android 2.3+ (Gingerbread)
! Tested 2.3.7 and ICS
! At least one phone needs:
! Cyanogen 9 nightly build from: Jan 20 - Feb 24 2012
! Or Custom build of Cyanogen
12. ! Proxy transactions
! Save transactions
Tool Features
! Export transactions
! Tag replay (on Cyanogen side)
! PCD replay
! Don’t need to know the correct APDUs for a real transactions
! Use the tool to learn about the protocol (APDUs)
16. ! Relay Mode
! Opens port and waits for connection from proxy
How It Works // Modes
! Place Relay on card/tag
! Proxy Mode
! Swipe across reader
! Forwards APDUs from reader to card
! Transactions displayed on screen
! Long Clicking allows you to Save, Export, Replay, or Delete
17. ! Replay Reader (Skimming mode*)
! Put phone near credit card
How It works // Replay Mode
! Nothing special going on here
! Know the right APDUs
! Replay Card (Spending mode)
! Swipe phone across reader
! Phone needs to be able to detect reader – Card Emulation mode
! Requires CyanogenMod tweaks
! Virtual wallet
18. ! A word about android NFC antennas
! Galaxy Nexus: CRAP!
Antennas
! Nexus S: Good
! Optimus Elite: Good
! NFC communication is often incomplete
! Need to reengage/re-swipe the phone with a card/reader
! Check the “Status” tab in NFCProxy
19. ! EMV Book 3
! http://www.emvco.com/download_agreement.aspx?id=654
APDU-Speak
! See RFIDIOt (ChAP.py) and pwnpass for APDUs used for skimming
! Proxy not needed for skimming and spending
! Just for protocol analysis