🖥️
Hacking Guide
  • Hacking guide
  • Introduction
    • Starting off
  • Devices
    • Fontys RFID access door
    • Locker RFID
    • Electronic entrance gate
    • Garmin Forerunner 645
    • RFID Charging card electric car
    • Foscam IP-camera
  • Technology
    • New technology
    • Researched technologies
      • Smart watch
      • RFID
    • Project suggestions
      • Untitled
Powered by GitBook
On this page
  • Attack scenario's
  • Real life scenario's
  • Steps
  • DEMO

Was this helpful?

  1. Devices

Locker RFID

This post is about a device that uses different types of RFID tags for opening and closing a personal locker.

PreviousFontys RFID access doorNextElectronic entrance gate

Last updated 5 years ago

Was this helpful?

Attack scenario's

  • Bruteforce RFID UID

  • Card cloning

  • Card read and simulation

  • Card write sector 0 (dos)

Real life scenario's

Card skimming by placing a reader next or on top of the existing reader. To execute a card cloning or card simulation attack.

A Bruteforce attack by trying multiple UID'S on a specific locker. This is not ideal because you will have to press a button each time before you can unlock it, this is not very realistic.

A Dos attack by rewriting sector 0 on users RFID cards. Only possible with writeable cards.

Steps

Steps for a card cloning/simulation attack.

  1. Use card 1 to lock the locker.

  2. Scan card 1 with a rfid reader to get the UID.

  3. Write UID of card 1 to card 2.

  4. Use card 2 to open the locker or simulate the UID of card 1 to open the locker by using the proxmark3.

Proxmark easy Steps

Steps for a card cloning/Simulate attack using a proxmark.

  1. Use card 1 to lock the locker.

  2. Scan card 1 with proxmark using the command hf search to get the UID and type of card.

  3. Check default keys of Mifare classic card using the command hf mf chk *1 ? (Go to step 9 for Simulate UID).

  4. Create dump file with the command hf mf dump

  5. Use card 2 to open locker.

  6. Use the proxmark to open locker

DEMO

Tools used

  • Proxmark is handy for reading/writing data and to simulate RFID tags

  • RFID card 1 M1 S50 13,56 MHZ

  • RFID card 2 UID 13,56 MHZ (clone card)

Dumping keys for each sector to dumpkeys.bin using command hf mf nested 1 0 A ffffffffffff d

Get card 2 change UID with the command hf mf csetuid 795f17ad

Simulate card 1 using the command hf 14a sim t 1 u 795f17ad

Software and firmware used from the

More information about RFID on the dedicated "Technology" page.
proxmark3 GitHub