How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?
Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?
Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?

Pages

Thursday, July 26, 2012

Hack the RFID

The competitive program of Positive Hack Days 2012 was rich not only in battles of hackers, who tried to hack everything without exception via the Internet, but in "applied" competitions as well. One of such contests was Hack the RFID, in the course of which the participants' knowledge and skills in Radio Frequency Identification (RFID) systems were checked.

There were quite few people who wanted to partake in the contest, but those, who still took the risk, did not regret it for sure.

They were to open stationary boxes (at least one of two) under locks controlled by RFID readers. The corresponding RFID tags were attached at a distance from the readers so that it was impossible to unlock the boxes directly with these tags.

To access the box's content, the participants were to copy an RFID tag and open the corresponding lock. The distance between the contestant and the tag at the moment of cloning was of the decisive importance as well.

Both low-frequency (125 kHz) and high-frequency (13.56 MHz) RFID tags were used in the course of the competition.

The participants were not allowed:


  • to perform any actions aimed at disabling the locks controlled by RFID readers;
  • to attempt destroying the boxes;
  •  prevent other competitors from solving the task.

The participants used their own software and hardware.

To work with the low-frequency tags, the participants used very popular USB reader ACR-122U, duplicator KeyMaster PRO 4 RF [RU], and T5557-based rewritable tags.


High-frequency identification was based on comparison of the zero sector of the card Mifare Classic 1K, containing a unique factory-programmed RFID tag unavailable for writing by an end user. Not so long ago vendors from China developed and released specific tags, identical to Mifare, but allowing rewriting UID cards. Such a tag was used by one of the participants allowing him to open the lock with the high-frequency reader.


Finally, both boxes were opened. Nikoly Chernykh and Victor Alyushin were the winners. Our congratulations!

P.S. For sure Hack the RFID will be further developed at Positive Hack Days next year.

Posted by Positive Research at 3:39 PM
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)