Weitere ähnliche Inhalte Ähnlich wie NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю (20) Mehr von Positive Hack Days (20) Kürzlich hochgeladen (20) NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю2. Who ||
Matteo Beccaro
Founder || Chief Technology Officer at Opposing Force, the first
Italian company specialized in offensive physical security
Twitter: @_bughardy_
© Opposing Force. All right reserved.
3. Agenda ||
NFC: What are we talking about?
Transport system structure
Our tool
Pentesting methodology
Attack Surface
Analyzing the elements
Vulnerabilities
Case studies
© Opposing Force. All right reserved.
4. Agenda ||
NFC: What are we talking about?
Transport system structure
Our tool
Pentesting methodology
Attack Surface
Analyzing the elements
Vulnerabilities
Case studies
© Opposing Force. All right reserved.
5. NFC: What are we talking about?||
© Opposing Force. All right reserved.
What is NFC?
• NFC stands for Near Field Communication
• Frequency at 13.56 MHz
• 3-5 cm of range
• Widely used in:
– Access Control systems
– Ticketing
– Mobile phones
6. NFC: What are we talking about?||
© Opposing Force. All right reserved.
NFC most notorious families:
• MIFARE
– MIFARE Classic
– MIFARE Ultralight
– MIFARE DesFire
• HID iClass
• Calypso
• FeliCa
7. NFC: What are we talking about?||
© Opposing Force. All right reserved.
MIFARE Classic
• Memory storage device ( 1K or 4K )
• Strong access control mechanisms
– A key is required to access data sector
– Use of Crypto1 Crapto1 algorithm
– Broken…
– .. But widely used ( RFID Door token, transport ticket, etc )
8. NFC: What are we talking about?||
© Opposing Force. All right reserved.
MIFARE Ultralight
• Memory storage device ( 64 bytes )
• Basic security mechanism
– OTP ( One-Time-Programmable ) sector
– Lock bytes sector
– Mostly used for disposable tickets
– It has some more secure children:
9. NFC: What are we talking about?||
© Opposing Force. All right reserved.
MIFARE DesFire
• Advanced security mechanisms ( 3DES, AES, etc )
• File system structure
• 2KB, 4KB or 8KB memory size
• Several variant:
– DESFIRE, DESFIRE EV1 and DESFIRE EV2
10. NFC: What are we talking about?||
© Opposing Force. All right reserved.
HID iClass
• Same encryption and authentication keys are shared across
all HID iCLASS Standard Security installations.
• Keys are already been extracted
• Two variants:
– iClass Standard ( common )
– iClass High Secure ( less common )
Both broken
11. Agenda ||
NFC: What are we talking about?
Transport system structure
Our tool
Pentesting methodology
Attack Surface
Analyzing the elements
Vulnerabilities
Case studies
© Opposing Force. All right reserved.
12. Transport system structure||
© Opposing Force. All right reserved.
Defining a transportation system:
We need to create a common methodology
We need to have tools
We need to be able to use schemas to help our works
16. Transport system structure||
© Opposing Force. All right reserved.
Token:
Usually a NFC card
• MIFARE ULTRALIGHT
• MIFARE CLASSIC
• CALYPSO
Can store:
• multiple rides or subscriptions
• timestamp of last stamping
• details of where it has been used
• other data
17. Transport system structure||
© Opposing Force. All right reserved.
Token:
MIFARE CLASSIC
• Just broken
MIFARE ULTRALIGHT
• Lock attack
• Time attack
• Reply attack
Calypso
• All documentation is under NDA
18. Transport system structure||
© Opposing Force. All right reserved.
Reader|Controller:
Can operate offline or online
Can be wire or wireless connected to the controller
Usually supports multiple standards
Its purpose is to check if a ticket is valid and stamp it
It can stores secrets and keys
19. Transport system structure||
© Opposing Force. All right reserved.
Backend
Sometimes known as “Cloud”
It can perform several operations:
Statistics
OTA updates
Fraud detection
Fraud prevention
20. Agenda ||
NFC: What are we talking about?
Transport system structure
Our tool(s)
Pentesting methodology
Attack Surface
Analyzing the elements
Vulnerabilities
Case studies
© Opposing Force. All right reserved.
21. Our tool(s)||
© Opposing Force. All right reserved.
What tools we can use:
HydraNFC
Proxmark3
ChameleonMini
NFCulT
22. Our tool(s)||
© Opposing Force. All right reserved.
HydraNFC ( ~ 90 € )
• Use Texas Instrument TRF7970A NFC chipset ( 13.56MHz only
)
• MIFARE 1k and 14443A UID emulation
• ISO 14443A sniffing ( also autonomous mode )
• 2 different raw modes
• Still in development ( @hydrabus )
• More info at http://hydrabus.com/hydranfc-1-0-
specifications/
23. Our tool(s)||
© Opposing Force. All right reserved.
Proxmark3 ( ~ 200 € )
• HF e LF capabilities
• Big community
• Supports almost all known RFID tags
• Supports sniffing
• Supports emulation
• More info at http://proxmark.org/forum/index.php
24. Our tool(s)||
© Opposing Force. All right reserved.
ChameleonMini ( ~ 100 € )
• HF ( 13.56MHz ) only
• Almost same capabilities of HydraNFC
• Different chipset
• Firmware available only for the old revision at the moment
• More info at http://kasper-oswald.de/gb/chameleonmini/
25. Our tool(s)||
© Opposing Force. All right reserved.
NFCulT ( ~ 0 € )
• Mobile application for NFC-enabled Android smartphones
• Its aim is to provide quick help during assessment of ticketing
systems
• Implements Lock, Time and Reply attacks
• It has a custom edit mode to edit bit by bit the ticket data
• Supports MIFARE ULTRALIGHT and planned support for
CLASSIC
26. Our tool(s)||
© Opposing Force. All right reserved.
NFCulT
• Lock Attack
• Set the OTP page in Read-Only mode
• Operation irreversible
• If the reader does not check if it can write
the OTP sector: free rides
27. Our tool(s)||
© Opposing Force. All right reserved.
NFCulT
• Time Attack
• If you find and decode the timestamp
you can stamp the ticket by yourself.
• Again, free rides
28. Our tool(s)||
© Opposing Force. All right reserved.
NFCulT
• Reply Attack
• Use of UID magic ticket ( ~ 15 € )
• Can bypass all offline anti fraud prevention
mechanisms
• Guess what? Free rides
29. Our tool(s)||
© Opposing Force. All right reserved.
NFCulT
• Custom edit
• Useful for understanding the architecture
of the data saved on the ticket ( e.g. for
finding the correct timestamp )
• You can quickly transform from hex to bin
and viceversa
• You can edit bit by bit the data and write
back on the ticket
30. Agenda ||
NFC: What are we talking about?
Transport system structure
Our tool(s)
Pentesting methodology
Attack Surface
Analyzing the elements
Vulnerabilities
Case studies
© Opposing Force. All right reserved.
32. Pentesting methodology||
© Opposing Force. All right reserved.
Stamping machine
Attack Surface Attacks to Perform Impact
NFC Interface Analyze the stamping
mechanisms
Free tickets
Hardware board Analyze the exposed interface (
JTAG, UART, etc )
Firmware / secrets dumping
GSM/GPRS/Eth Interface Is MITM possible?
Intercepting the data
Intercepting secrets / sensitive
data
33. Pentesting methodology||
© Opposing Force. All right reserved.
Vending machine
Attack Surface Attacks to Perform Impact
NFC Interface Analyze the recharging
mechanisms
Free tickets, for everyone
Hardware board Analyze the exposed interface (
JTAG, UART, etc )
Firmware / secrets dumping
GSM/GPRS/Eth Interface Is MITM possible?
Intercepting the data
Intercepting secrets / sensitive
data
( e.g. credit card details, etc )
Computer Application Analyzing network services
exposed
Complete control of the machine
34. Pentesting methodology||
© Opposing Force. All right reserved.
The backend
Attack Surface Attacks to Perform Impact
Web application(s) Web app pentesting Various
Network services Network pentesting Various
Physical location Try to get physical access to the
servers
Pwned
35. Agenda ||
NFC: What are we talking about?
Transport system structure
Our tool(s)
Pentesting methodology
Attack Surface
Analyzing the elements
Vulnerabilities
Case studies
© Opposing Force. All right reserved.
36. Case studies ||
© Opposing Force. All right reserved.
A MIFARE ULTRALIGHT ticketing system
37. Case studies ||
© Opposing Force. All right reserved.
A MIFARE ULTRALIGHT ticketing system
38. Case studies ||
© Opposing Force. All right reserved.
A MIFARE ULTRALIGHT ticketing system
Lock bit for the OTP sector
is not checked by the
stamping machine
Absence of a UID blacklist
in the backend
Timestamp are not
encrypted nor signed
41. Case studies ||
© Opposing Force. All right reserved.
A MIFARE hotel door lock
Card’s UID
Room number:
int(0x17ea, 16) =
6122
42. ThanksOpposing Force - challenging your security - @_opposingforce
https://www.opposingforce.it | engage@opposingforce.it
© Opposing Force. All right reserved.
43. Q&A Time!Opposing Force - challenging your security - @_opposingforce
© Opposing Force. All right reserved.
https://www.opposingforce.it | engage@opposingforce.it