Rfid Hacking Device

Posted on

RFID projects have been pretty prominent recently, ranging from projects here in Instructables, to our local Silicon Chip magazine in Australia publishing a RFID door lock project in their November issue. Even I recently purchased a RFID door lock on eBay for $15 to lock my garage (so my front neighbor could get tools if he wanted to).
We have known that the cheaper RFID technologies were pretty insecure for a number of years. Researchers have demonstrated cloners of all varieties, but simple RFID tags are still being used for access control. Even my current employer uses them.
A while ago, I was looking at Hack A Day, and I saw an amazing project that somebody had made. It was an RFID card with a keypad on it. For the next couple of days, I couldn't get the image of the card out of my mind; the project reminded me of how much I wanted to build a RFID spoofer myself. The original author didn't release source code for their project, but they left enough clues that I could follow.
So, in typical fashion, I built my own reader hardware so I could have a look at the data from a card, and created my own version of the Universal RFID key.
The key I made works beautifully both on my garage door, as well as a number of other RFID readers I have tried!
I have decided to publish this, as more people should be aware of the design flaws that are inherent in older RFID implementations, and to allow others to make their own universal key.
Will this key let you into anybodies RFID protected office? Yes it will, assuming a couple of things are true
1) The have to be using 125kHz RFID tags that use the same encoding standard as I have designed this project for, and,
2) You have to have access to the number printed on the back of the tag - with that number, you can simply key it into the Universal RFID key, and it will emulate that tag.
So there you go - I hope you enjoy making this project. - And remember, with great power comes great responsibility!

  • The coil in Westhues' hand is the antenna for the wallet-sized device he calls a cloner, which is currently shoved up his sleeve. The cloner can elicit, record, and mimic signals from smartcard RFID chips. Westhues takes out the device and, using a USB cable, connects it to his laptop and downloads the data from Van Bokkelen's card for processing.
  • That is the conclusion of Francis Brown, managing partner at security firm Bishop Fox, who detailed his research on RFID hacking on July 31 at the Black Hat security conference here.
  • Place a new or used RFID card or tag in front of the device and press the right button to clone RFID card or tag with the captured data, LED will light up for a successful write. Now cloned RFID card can be used just like the original. Instructions included. This is a standalone unit, no computer required.
  • The truth about RFID credit card fraud Despite demonstrations to show it's possible, documented cases of RFID credit card fraud are unknown. And as security professionals know, there is a huge.
Rfid hacking device for mac

At the Shmoocon hacker conference, Paget aimed to indisputably prove what hackers have long known and the payment card industry has repeatedly downplayed and denied: That RFID-enabled credit card data can be easily, cheaply, and undetectably stolen and used for fraudulent transactions. With a Vivotech RFID credit card reader she bought on eBay for $50, Paget wirelessly read a volunteer's credit card onstage and obtained the card's number and expiration date, along with the one-time CVV number used by contactless cards to authenticate payments. A second later, she used a $300 card-magnetizing tool to encode that data onto a blank card. And then, with a Square attachment for the iPhone that allows anyone to swipe a card and receive payments, she paid herself $15 of the volunteer's money with the counterfeit card she'd just created. (She also handed the volunteer a twenty dollar bill, essentially selling the bill on stage for $15 to avoid any charges of illegal fraud.)

Paget magnetizing a counterfeit card with a volunteer's wirelessly-stolen credit card data on stage at Shmoocon. (Click to enlarge.)

Winlogon.exe. If anyone still doubted that the trick had worked, Paget accidentally flashed the volunteer's credit card number on a screen in front of an audience of hundreds of hackers and security researchers. 'You were planning on cancelling that card, weren't you?' she added somewhat sheepishly.

Contactless cards are far more common than they might seem: According to the Smart Card Association, about 100 million of the RFID-enabled cards are in circulation. Visa calls its technology payWave, MasterCard dubs it PayPass, Discover brands it Zip, and American Express calls it ExpressPay. According to a show of hands among Shmoocon's audience, dozens of the several hundred conference attendees in the room had contactless cards, and about a quarter of those weren't aware of it until Paget asked them pull out their cards and check for contactless symbols.

Paget, a well-known security researcher for the consultancy Recursion Ventures who was known as Christopher Paget until a gender change last May, used a simple method for her hack: impersonating a legitimate contactless point-of-sale terminal with her own RFID card reader. (That's the striped panel pictured above.) In one practical version of the scam, Paget says, a fraudster could simply bump up against his victim with that reader in a coat pocket and invisibly scan the RFID signal through material like a leather wallet or cloth pants. In a demonstration just before her talk, Paget read a card in my wallet through my back pocket without touching me, successfully obtaining the card's information.

The scheme, Paget points out, doesn't involve any hidden bug in the system, but rather the more fundamental problem that any commercially-available RFID reader can read the data from a contactless card as easily as a store's point-of-sale device does. 'Whatever encryption or other security there might be, it doesn't matter,' she says. 'The reader just spits out the number as if I’m the point-of-sales terminal, which is totally stupid. This is an embarrassingly simple hack, but it works.'

RFID Reader Snoops Cards From 3 Feet Away. Build, and lord knows troubleshoot my own device from scratch over the course of several weeks. I expect the RFID people were pleased. A radio-frequency identification system uses tags, or labels attached to the objects to be identified. Two-way radio transmitter-receivers called interrogators or readers send a signal to the tag and read its response. RFID tags can be either passive, active or battery-assisted passive. Radio frequency identification (RFID) is a small electronic device consisting of a chip on which data can be encoded, and an antenna used to transmit that data. It is typically used for short-distance communication of information.

The attack Paget demonstrated is far from new. The security industry has known since 2006 that contactless credit cards can be read wirelessly without the owner's knowledge. But in current versions of the cards, the user's name, PIN and the three-digit CVV on the back of the card aren't included in the wirelessly-read information, which the industry has argued means the attack isn't practical.

Randy Vanderhoof, executive director of the industry group the Smart Card Alliance, points out that despite previous research on the contactless attack, no real-world instances of the fraud have ever been reported. 'We’ve got six years of history, a hundred million users of these cards, and we haven’t seen any documented cases of this kind of fraudulent transaction. The reason we think that’s the case is that it’s very difficult to monetize this as a criminal,' says Vanderhoof. 'The premise that this is a new threat is absolutely false and isn’t supported by [Paget's] demonstration.'

In fact, contactless cards do offer one security feature traditional cards don't: Along with the card's 16-digit number and expiration date, the cards are set to offer up a one-time CVV code with every scan. Those codes can only be used for one transaction, and have to used in the order they're generated. If a payment processor detects multiple transactions with the same code or even codes being used to make transactions in the wrong order, it will disable the card. So a contactless card scammer can only use each stolen number once, and if the victim of a the scam uses the card again before the thief has time to make a fraudulent payment, all transactions on the card will be blocked.

'The truth is that consumers should be embracing this technology because it’s making them safer,' says Vanderhoof. 'Efforts to try to discredit the use of chip technology in cards is only making the users of the existing technology more vulnerable.'

Rfid Hacking Phone

But Paget says that rotating one-time CVV only means a fraudster would need to target multiple victims rather than defraud a single victim repeatedly. The scammer could stand in a crowded train station, for instance, reading the card numbers of many passers-by and sending them to an accomplice who carried out the rest of the scheme in real-time. 'Instead of one person seeing many fraudulent transactions on their card, fifty people see one transaction on their statement, and maybe they don’t even notice it,' she says. 'The card industry says this isn't possible, but the information they're giving you isn’t complete. I needed me to get up on stage and prove it so they would accept that the problems are real.'

And now how to solve those problems? Perhaps the simplest solution, Paget advises, is to kill your card's RFID chip by frying it in the microwave. But that's a more delicate task than it might seem. 'Three seconds in the microwave will kill the chip,' she says. 'Five seconds will set it on fire.'

Rfid Hacking Device For Windows 10

Paget's Guardbunny, a credit-card-sized RFID jamming device (Click to enlarge.)

Hacking Rfid Devices Using Nfc Smartphones

Paget's firm has been working on a more sophisticated fix: a credit-card-shaped protection device known as GuardBunny that sits in a wallet alongside payment cards and blocks any would-be RFID fraudster. Paget says the device, which remains a prototype and still has no roadmap for commercial sale, blocks RFID signals far more effectively than any currently-available RFID-shielding wallet. Commercially-available RFID blockers simply shield cards or passports with a layer of aluminum or steel. Guardbunny, by contrast, reflects back the reader's RFID signal with its own chip, effectively jamming the radio signal. That technique means even high-powered RFID readers would likely fail to pick up any credit card signals nearby. 'It doesn't matter how much power you put into it, it just bounces it back at you,' Paget says.

Better still, when Guardbunny detects an RFID reader's signal, it emits a high-pitched whining sound and its bunny icon's eyes glow (as pictured) to warn of possible contactless pickpockets.

Paget admits that certain high-level attacks could get around even the Guardbunny's protections. 'You can defeat this. But it involves building your own reader,' she says. 'That's a lot more to demand of the bad guys than spending $50 on eBay.'

Hacking Device Download

Rfid Devices For Sale

Follow me on Twitter, and check out my new book, This Machine Kills Secrets: How WikiLeakers, Cypherpunks and Hacktivists Aim To Free The World’s Information.