🖥️
Hacking Guide
  • Hacking guide
  • Introduction
    • Starting off
  • Devices
    • Fontys RFID access door
    • Locker RFID
    • Electronic entrance gate
    • Garmin Forerunner 645
    • RFID Charging card electric car
    • Foscam IP-camera
  • Technology
    • New technology
    • Researched technologies
      • Smart watch
      • RFID
    • Project suggestions
      • Untitled
Powered by GitBook
On this page
  • Introduction
  • Possible attacks
  • Starting steps
  • Tags possible for cloning to
  • Tool
  • PROXMARK
  • Written guides using RFID

Was this helpful?

  1. Technology
  2. Researched technologies

RFID

Radio-frequency identification (RFID) utilizes electromagnetic fields to automatically identify and track tags attached to objects.

Introduction

Radio Frequency Identification (RFID) is the wireless non-contact use of radio frequency waves to transfer data. Tagging items with RFID tags allows users to automatically and uniquely identify and track inventory and assets. RFID takes auto-ID technology to the next level by allowing tags to be read without line of sight and, depending on the type of RFID, having a read range between a few centimeters to over 20+ meters.

Because of the unique ID, RFID can easily be misused. This is also reflected in many attack scenarios. We have listed these scenarios below. We then started testing the scenarios on different products where this technology is used.

Possible attacks

  • Bruteforce RFID UID(Unique Identifier)

  • Card cloning

  • Card Simulation

  • Permanently disabling tags

  • Relay attack

  • Reader sniff/snoop attack

  • Buffer overflows

  • Malicious code injection

Starting steps

  1. Try to identify what type of RFID tags are being used.

  2. See what type of attacks are possible for that specific RFID tag.

  3. Does The reader support multiple type of tags?

  4. Check if the reader only validates by using UID (Unique Identifier)

    • If so it might be possible to only simulate UID to gain access.

Tags possible for cloning to

  • UID

    • Gen1A UID write attack

  • CUID

    • Gen2 UID write attack

    • Some ads say "write once", hinting that the card is not fused block0 from factory. I.e. supports one block0 change.

  • FUID

    • Write Once card, it doesn't say if this is a genuine unfused card for factory or if it's a custom one.

    • Used to counter the "anti-elevator" systems. Some posts on forums talk about “broken tags” after being used on elevators.

  • UFUID

    • Suggest one-time card, to counter the "anti-elevator" systems.

Tool

PROXMARK

Proxmark is an RFID tool for interacting with different RFID tags.

Different Proxmark devices

Software

Commands

Basic card info commands:

  • HF search - High frequency card information

  • LF search - Low frequency card information

UID simulation commands:

  • hf mf sim u <UID> - Simulating mifare classic card

  • hf 14a sim t <type of card> u <UID> - Simulating different ISO14443A RFID card

Written guides using RFID

PreviousSmart watchNextProject suggestions

Last updated 5 years ago

Was this helpful?

​ is an open source project. Proxmark3 is the software you will need to interact with the proxmark. There is a lot of information available on how to install the software and flash your proxmark in order to update the firmware to a different version. The information on how to use the proxmark with different devices is on their.

Proxmark
Proxmark 3 RDV 2
Proxmark 3 RDV4
Proxmark 3 EVO
Proxmark 3 Easy
Proxmark3
wiki
Fontys RFID access door
Locker RFID
RFID Charging card electric car