RFID

Radio-frequency identification (RFID) utilizes electromagnetic fields to automatically identify and track tags attached to objects.

Introduction

Radio Frequency Identification (RFID) is the wireless non-contact use of radio frequency waves to transfer data. Tagging items with RFID tags allows users to automatically and uniquely identify and track inventory and assets. RFID takes auto-ID technology to the next level by allowing tags to be read without line of sight and, depending on the type of RFID, having a read range between a few centimeters to over 20+ meters.

Because of the unique ID, RFID can easily be misused. This is also reflected in many attack scenarios. We have listed these scenarios below. We then started testing the scenarios on different products where this technology is used.

Possible attacks

• Bruteforce RFID UID(Unique Identifier)

• Card cloning

• Card Simulation

• Permanently disabling tags

• Relay attack

• Reader sniff/snoop attack

• Buffer overflows

• Malicious code injection

Starting steps

1. Try to identify what type of RFID tags are being used.

2. See what type of attacks are possible for that specific RFID tag.

3. Does The reader support multiple type of tags?

4. Check if the reader only validates by using UID (Unique Identifier)

   • If so it might be possible to only simulate UID to gain access.

Tags possible for cloning to

• UID

  • Gen1A UID write attack

• CUID

  • Gen2 UID write attack

  • Some ads say "write once", hinting that the card is not fused block0 from factory. I.e. supports one block0 change.

• FUID

  • Write Once card, it doesn't say if this is a genuine unfused card for factory or if it's a custom one.

  • Used to counter the "anti-elevator" systems. Some posts on forums talk about “broken tags” after being used on elevators.

• UFUID

  • Suggest one-time card, to counter the "anti-elevator" systems.

Tool

PROXMARK

Proxmark is an RFID tool for interacting with different RFID tags.

Different Proxmark devices

• Proxmark

• Proxmark 3 RDV 2

• Proxmark 3 RDV4

• Proxmark 3 EVO

• Proxmark 3 Easy

Software

​Proxmark3 is an open source project. Proxmark3 is the software you will need to interact with the proxmark. There is a lot of information available on how to install the software and flash your proxmark in order to update the firmware to a different version. The information on how to use the proxmark with different devices is on their wiki.

Commands

Basic card info commands:

• HF search - High frequency card information

• LF search - Low frequency card information

UID simulation commands:

• hf mf sim u <UID> - Simulating mifare classic card

• hf 14a sim t <type of card> u <UID> - Simulating different ISO14443A RFID card

Written guides using RFID

Fontys RFID access doorLocker RFIDRFID Charging card electric car