Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Near Field Communication (NFC) saat ini adalah teknologi yang umumnya di gunakan untuk media pembayaran serta akses kontrol untuk keamanan ruangan dan gedung. Tidak terbatas untuk hal itu saja, teknologi NFC juga kerap di implementasikan untuk perangkat IoT. Beberapa perangkat menggunakan NFC tag untuk menyimpan informasi guna sinkronisasi dengan perangkat smartphone. Penggunaan teknologi NFC awalnya dianggap aman karna mengharuskan alat baca dengan tag berada dalam poisisi yang sangat dekat. Sehingga dianggap sulit untuk melakukan penyadapan informasinya. Seiring waktu banyak penilitian mengungkapkan bahwa komunikasi ISO 1443-3 ini bisa di intip dan di terjemahkan ke dalam bentuk perintah serta respon aslinya. Proxmark3 adalah salah satu alat yang dikembangkan untuk keperluan tersebut. Namun ada kondisi dimana perangkat proxmark tidak dapat di fungsikan maksimal lantaran berkurangnya sensititifitas pembaca dan tag ketika ada objek berada diantara keduanya. Di paper ini saya ingin menyajikan hasil penelitian saya tentang penggunaan Dynamic Instrumentation Frida untuk memantau penggunaan modul java nfc dalam platform Android dan menggunakannya untuk melakukan lockpicking pada gembok pintar berbasis NFC.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Similar to Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf (20)
More from idsecconf
More from idsecconf (20)
Recently uploaded
Recently uploaded (20)
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
- 1. I D s e c c o n f 2 0 2 2 Hacking NFC Reverse Power Supply Padlock NFC Hacking @smrx86
- 2. I D s e c c o n f 2 0 2 2 WHoami WHoami • Independent security researcher. • My day job is doing trick to impress client. • Speaker @Idsecconf 2013, 2014, 2015, 2019, 2020.2022
- 3. I D s e c c o n f 2 0 2 2 Agenda Defining nfc & nfc hacking Agenda The targets Method Exploitation
- 4. I D s e c c o n f 2 0 2 2 Defining NFC Defining NFC ~ W i k i p e d i a : N F C “is a set of communication protocols that enables communication between two electronic devices over a distance of 4 cm (11⁄2 in) or less. NFC offers a low-speed connection through a simple setup that can be used to bootstrap more-capable wireless connections.” “NFC is rooted in radio-frequency identification technology (known as RFID) which allows compatible hardware to both supply power to and communicate with an otherwise unpowered and passive electronic tag using radio waves. This is used for identification, authentication and tracking.”
- 6. I D s e c c o n f 2 0 2 2 The padlock its quite covered by plastic case. Power source is harvested by NFC chips when its align closed to NFC reader ex: NFC phone. 01 02 04 06 o p e n t h e e n c l o s u r e The Targets The Targets
- 7. I D s e c c o n f 2 0 2 2 The Targets 04 02 04 06 o p e n t h e e n c l o s u r e The Targets Product name: Nonelectrically Intellegent padlock SIze: 40mm*18mm*45*mm Material: ABS+PC Shackel Material: SUS 304 Support Model: The phone which support with NFC function Power Supply mode: mobile phone NFC reverse power supply Operation temperature: -25`C ~ 70`C relative Humidity: 0%~95% (Non-condensation) Protection Grade: IP22
- 10. I D s e c c o n f 2 0 2 2 Android NFC stack Android NFC stack 02 02 04 06
- 11. I D s e c c o n f 2 0 2 2 GET close to APDU GET close to APDU 03 02 04 06
- 12. I D s e c c o n f 2 0 2 2 GET close to APDU GET close to APDU sample APDU communication betwen NFC reader and NFC tag (padlock) during authentication. 03 02 04 06
- 13. I D s e c c o n f 2 0 2 2 doing Reverse Engineering to APK files S t a t i c A n a l y s i s 50% Intercepts HTTPS connection to API server and APDU communications. D y n a m i c A n a l y s i s 50% Method & Analysis
- 14. I D s e c c o n f 2 0 2 2 Dynamic analysis Logcat to see if our hypotesist unlock function is write debug log. 04 02 04 06
- 15. I D s e c c o n f 2 0 2 2 Static analysis doing Reverse Engineering to APK files using JADX. 02 02 04 06
- 16. I D s e c c o n f 2 0 2 2 Dynamic analysis Sniff APDU with proxmark3 $ hf 14a sniff $ hf list 14a 03 02 04 06 *cons - proxmark3 betwen padlock & phone sometimes make unlock/lock mechanism didn’t correctly work. - so many apdu command junk in proxmark3 sniffing log.
- 17. I D s e c c o n f 2 0 2 2 Dynamic analysis Sniff APDU with frida 03 02 04 06 - Inspired by NFCGATE - hook directly to JNI method > android.nfc.tech.NfcA .tranceive https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/nfc/tech/NfcA.java
- 18. I D s e c c o n f 2 0 2 2 Dynamic analysis Sniff APDU with frida 03 02 04 06 - low cost (only rooted android nfc phone) - no junk in APDU command logging
- 19. I D s e c c o n f 2 0 2 2 Dynamic analysis Sniff APDU with frida 03 02 04 06 - low cost (only rooted android nfc phone) - no junk in APDU command logging