SlideShare ist ein Scribd-Unternehmen logo

DefCon 2012 - Near-Field Communication / RFID Hacking - Lee

Michael Smith
Michael Smith
Technologie
1 von 24
Downloaden Sie, um offline zu lesen
DEFCON 20 NFC Hacking: The Easy Way Eddie Lee eddie{at}blackwinghq.com
!   Security Researcher for Blackwing Intelligence (formerly Praetorian Global) About Me !   We’re always looking for cool security projects !   Member of Digital Revelation !   2-time CTF Champs – Defcon 9 & 10 !   Not an NFC or RFID expert!
!   Radio Frequency Identification - RFID !   Broad range of frequencies: low kHz to super high GHz Introduction // RFID Primer !   Near Field Communication - NFC !   13.56 MHz !   Payment cards !   Library systems !   e-Passports !   Smart cards !   Standard range: ~3 - 10 cm !   RFID Tag !   Transceiver !   Antenna !   Chip (processor) or memory
!   RFID (tag) in credit cards !   Visa – PayWave Introduction // RFID Primer !   MasterCard – PayPass !   American Express – ExpressPay !   Discover – Zip !   Proximity Coupling Devices (PCD) / Point of Sale (POS) terminal / Reader !   EMV (Europay, Mastercard, and VISA) standard for communication between chipped credit cards and POS terminals !   Four “books” long !   Based on ISO 14443 and ISO 7816 !   Communicate with Application Protocol Data Units (APDUs)
!   Why create NFCProxy? !   I’m lazy Introduction // Motivation !   Don’t like to read specs !   Didn’t want to learn protocol (from reading specs) !   Future releases should work with other standards (diff protocols) !   Make it easier to analyze protocols !   Make it easier for other people to get involved !   Contribute to reasons why this standard should be fixed
!   Adam Laurie (Major Malfunction) ! RFIDIOt Previous work ! http://rfidiot.org ! Pablos Holman !   Skimming RFID credit cards with ebay reader ! http://www.youtube.com/watch?v=vmajlKJlT3U !   3ric Johanson ! Pwnpass ! http://www.rfidunplugged.com/pwnpass/ !   Kristen Paget !   Cloning RFID credit cards to mag strip ! http://www.shmoocon.org/2012/presentations/Paget_shmoocon2012-credit- cards.pdf !   Tag reading apps
!   Contactless Credit card reader (e.g. VivoPay, Verifone) !   ~$150 (retail) Typical Hardware !   ~$10 - $30 (ebay) !   Card reader ! OmniKey (~$50-90 ebay), ACG, etc. ! Proxmark ($230-$400) !   Mag stripe encoder ($200-$300)
!   What is NFCProxy? !   An open source Android app Tool Overview !   A tool that makes it easier to start messing with NFC/RFID !   Protocol analyzer !   Hardware required !   Two NFC capable Android phones for full feature set !   Nexus S (~$60 - $90 ebay) !   LG Optimus Elite (~$130 new. Contract free) !   No custom ROMs yet !   Galaxy Nexus, Galaxy S3, etc. (http://www.nfcworld.com/nfc-phones-list/) !   Software required !   One phone !   Android 2.3+ (Gingerbread) !   Tested 2.3.7 and ICS !   At least one phone needs: !   Cyanogen 9 nightly build from: Jan 20 - Feb 24 2012 !   Or Custom build of Cyanogen
! android_frameworks_base (Java API) ! https://github.com/CyanogenMod/android_frameworks_base/commit/ Cyanogen Card Emulation c80c15bed5b5edffb61eb543e31f0b90eddcdadf ! android_external_libnfc-nxp (native library) ! https://github.com/CyanogenMod/android_external_libnfc-nxp/ commit/34f13082c2e78d1770e98b4ed61f446beeb03d88 ! android_packages_apps_Nfc (Nfc.apk – NFC Service) ! https://github.com/CyanogenMod/android_packages_apps_Nfc/ commit/d41edfd794d4d0fedd91d561114308f0d5f83878 !   NFC Reader code disabled because it interferes with Google Wallet ! https://github.com/CyanogenMod/android_packages_apps_Nfc/ commit/75ad85b06935cfe2cc556ea1fe5ccb9b54467695
NFC Hardware Architecture Host   Antenna   Secure   NFC  Chip   Element  
!   Proxy transactions !   Save transactions Tool Features !   Export transactions !   Tag replay (on Cyanogen side) !   PCD replay !   Don’t need to know the correct APDUs for a real transactions !   Use the tool to learn about the protocol (APDUs)
Standard Transaction APDU   RFID   APDU  
How It Works // Proxy Mode WiFi   NFC   APDU   NFC   APDU  
Proxy Mode! How It Works // Terminology WiFi   NFC   Relay Mode! NFC  
!   Relay Mode !   Opens port and waits for connection from proxy How It Works // Modes !   Place Relay on card/tag !   Proxy Mode !   Swipe across reader !   Forwards APDUs from reader to card !   Transactions displayed on screen !   Long Clicking allows you to Save, Export, Replay, or Delete
!   Replay Reader (Skimming mode*) !   Put phone near credit card How It works // Replay Mode !   Nothing special going on here !   Know the right APDUs !   Replay Card (Spending mode) !   Swipe phone across reader !   Phone needs to be able to detect reader – Card Emulation mode !   Requires CyanogenMod tweaks !   Virtual wallet
!   A word about android NFC antennas !   Galaxy Nexus: CRAP! Antennas !   Nexus S: Good ! Optimus Elite: Good !   NFC communication is often incomplete !   Need to reengage/re-swipe the phone with a card/reader !   Check the “Status” tab in NFCProxy
!   EMV Book 3 ! http://www.emvco.com/download_agreement.aspx?id=654 APDU-Speak !   See RFIDIOt (ChAP.py) and pwnpass for APDUs used for skimming !   Proxy not needed for skimming and spending !   Just for protocol analysis
Sample Output
!   Let’s see it in action! Demo!
!   What’s next? !   Generic framework that works with multiple technologies Future Work !   Requires better reader detection !   Pluggable modules !   MITM !   Protocol Fuzzing
!   Now available for download and contribution! Source Code !   http://sourceforge.net/projects/nfcproxy/
!   Questions? Q & A !   Contact: eddie{at}blackwinghq.com

Empfohlen

NFC attacks
NFC attacksNFC attacks
NFC attacksPeter Swedin
 
RFID/NFC for the Masses
RFID/NFC for the MassesRFID/NFC for the Masses
RFID/NFC for the MassesPositive Hack Days
 
Rfid and the Mobile phone quiz
Rfid and the Mobile phone quizRfid and the Mobile phone quiz
Rfid and the Mobile phone quizTheodor Tolstoy
 
NFC & RFID on Android
NFC & RFID on AndroidNFC & RFID on Android
NFC & RFID on Androidtodbotdotcom
 
Hacking Smartcards & RFID
Hacking Smartcards & RFIDHacking Smartcards & RFID
Hacking Smartcards & RFIDDevnology
 
MIFARE IC Soultion From NXP
MIFARE IC Soultion From NXPMIFARE IC Soultion From NXP
MIFARE IC Soultion From NXPDevanshu Shrivastava
 
Automating Your Life: A look at NFC
Automating Your Life: A look at NFC Automating Your Life: A look at NFC
Automating Your Life: A look at NFC Mitchell Muenster
 
6 - Barcodes and RFID
6 - Barcodes and RFID6 - Barcodes and RFID
6 - Barcodes and RFIDWilliam Helling
 

Empfohlen

NFC attacks
NFC attacksNFC attacks
NFC attacksPeter Swedin
 
RFID/NFC for the Masses
RFID/NFC for the MassesRFID/NFC for the Masses
RFID/NFC for the MassesPositive Hack Days
 
Rfid and the Mobile phone quiz
Rfid and the Mobile phone quizRfid and the Mobile phone quiz
Rfid and the Mobile phone quizTheodor Tolstoy
 
NFC & RFID on Android
NFC & RFID on AndroidNFC & RFID on Android
NFC & RFID on Androidtodbotdotcom
 
Hacking Smartcards & RFID
Hacking Smartcards & RFIDHacking Smartcards & RFID
Hacking Smartcards & RFIDDevnology
 
MIFARE IC Soultion From NXP
MIFARE IC Soultion From NXPMIFARE IC Soultion From NXP
MIFARE IC Soultion From NXPDevanshu Shrivastava
 
Automating Your Life: A look at NFC
Automating Your Life: A look at NFC Automating Your Life: A look at NFC
Automating Your Life: A look at NFC Mitchell Muenster
 
6 - Barcodes and RFID
6 - Barcodes and RFID6 - Barcodes and RFID
6 - Barcodes and RFIDWilliam Helling
 
Identify vehicle visibility 20121117_r01_wn
Identify vehicle visibility 20121117_r01_wnIdentify vehicle visibility 20121117_r01_wn
Identify vehicle visibility 20121117_r01_wnWirote Ng
 
Near field communication(nfc)
Near field communication(nfc)Near field communication(nfc)
Near field communication(nfc)Bhaumik Gagwani
 
Securing the Network, por Ricardo Ross
Securing the Network, por Ricardo RossSecuring the Network, por Ricardo Ross
Securing the Network, por Ricardo RossForo Global Crossing
 
RFID Protocols and Privacy Models for RFID
RFID Protocols and Privacy Models for RFIDRFID Protocols and Privacy Models for RFID
RFID Protocols and Privacy Models for RFIDFaisal Razzak
 
Near Field Communication by Mohammed Mudassir
Near Field Communication by Mohammed MudassirNear Field Communication by Mohammed Mudassir
Near Field Communication by Mohammed MudassirMohammed Mudassir
 
Use of rfid in operations management
Use of rfid in operations managementUse of rfid in operations management
Use of rfid in operations managementmusicalmood
 
E-Catalogue Of HUAYUAN RFID Products
E-Catalogue Of HUAYUAN RFID ProductsE-Catalogue Of HUAYUAN RFID Products
E-Catalogue Of HUAYUAN RFID ProductsHUAYUAN ELECTRONIC
 
IDEX Smartfinger Product Data Sheet
IDEX Smartfinger Product Data SheetIDEX Smartfinger Product Data Sheet
IDEX Smartfinger Product Data SheetIDEX ASA
 
Talk-ID Engels (1)
Talk-ID Engels (1)Talk-ID Engels (1)
Talk-ID Engels (1)Richard van der Vegt
 
Contactless NFC Tags For Mobile Loyalty
Contactless NFC Tags For Mobile LoyaltyContactless NFC Tags For Mobile Loyalty
Contactless NFC Tags For Mobile LoyaltyMerchant360, Inc.
 
Nfc power point
Nfc power pointNfc power point
Nfc power pointRajeev Verma
 
QR code
QR codeQR code
QR codeNoah Kim
 
Smart Phone in 2013
Smart Phone in 2013Smart Phone in 2013
Smart Phone in 2013JJ Wu
 
117_SIRJ_HMS
117_SIRJ_HMS117_SIRJ_HMS
117_SIRJ_HMSChandan Raj
 
Tablet in 2012
Tablet in 2012Tablet in 2012
Tablet in 2012JJ Wu
 
My best effort
My best effortMy best effort
My best effortsujataray
 
การใช้งานโปรแกรม Power point
การใช้งานโปรแกรม Power pointการใช้งานโปรแกรม Power point
การใช้งานโปรแกรม Power pointanniesimcard
 
A 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCA 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCSlawomir Jasek
 
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)PROIDEA
 
A 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCA 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCSecuRing
 
NFC on Android - Near Field Communication
NFC on Android - Near Field CommunicationNFC on Android - Near Field Communication
NFC on Android - Near Field CommunicationSven Haiges
 
Making Sense of Wireless Technologies
Making Sense of Wireless TechnologiesMaking Sense of Wireless Technologies
Making Sense of Wireless TechnologiesAnton Mills
 

Weitere ähnliche Inhalte

Was ist angesagt?

Identify vehicle visibility 20121117_r01_wn
Identify vehicle visibility 20121117_r01_wnIdentify vehicle visibility 20121117_r01_wn
Identify vehicle visibility 20121117_r01_wnWirote Ng
 
Near field communication(nfc)
Near field communication(nfc)Near field communication(nfc)
Near field communication(nfc)Bhaumik Gagwani
 
Securing the Network, por Ricardo Ross
Securing the Network, por Ricardo RossSecuring the Network, por Ricardo Ross
Securing the Network, por Ricardo RossForo Global Crossing
 
RFID Protocols and Privacy Models for RFID
RFID Protocols and Privacy Models for RFIDRFID Protocols and Privacy Models for RFID
RFID Protocols and Privacy Models for RFIDFaisal Razzak
 
Near Field Communication by Mohammed Mudassir
Near Field Communication by Mohammed MudassirNear Field Communication by Mohammed Mudassir
Near Field Communication by Mohammed MudassirMohammed Mudassir
 
Use of rfid in operations management
Use of rfid in operations managementUse of rfid in operations management
Use of rfid in operations managementmusicalmood
 
E-Catalogue Of HUAYUAN RFID Products
E-Catalogue Of HUAYUAN RFID ProductsE-Catalogue Of HUAYUAN RFID Products
E-Catalogue Of HUAYUAN RFID ProductsHUAYUAN ELECTRONIC
 
IDEX Smartfinger Product Data Sheet
IDEX Smartfinger Product Data SheetIDEX Smartfinger Product Data Sheet
IDEX Smartfinger Product Data SheetIDEX ASA
 
Contactless NFC Tags For Mobile Loyalty
Contactless NFC Tags For Mobile LoyaltyContactless NFC Tags For Mobile Loyalty
Contactless NFC Tags For Mobile LoyaltyMerchant360, Inc.
 
Smart Phone in 2013
Smart Phone in 2013Smart Phone in 2013
Smart Phone in 2013JJ Wu
 
Tablet in 2012
Tablet in 2012Tablet in 2012
Tablet in 2012JJ Wu
 

Was ist angesagt? (15)

Identify vehicle visibility 20121117_r01_wn
Identify vehicle visibility 20121117_r01_wnIdentify vehicle visibility 20121117_r01_wn
Identify vehicle visibility 20121117_r01_wn
 
Near field communication(nfc)
Near field communication(nfc)Near field communication(nfc)
Near field communication(nfc)
 
Securing the Network, por Ricardo Ross
Securing the Network, por Ricardo RossSecuring the Network, por Ricardo Ross
Securing the Network, por Ricardo Ross
 
RFID Protocols and Privacy Models for RFID
RFID Protocols and Privacy Models for RFIDRFID Protocols and Privacy Models for RFID
RFID Protocols and Privacy Models for RFID
 
Near Field Communication by Mohammed Mudassir
Near Field Communication by Mohammed MudassirNear Field Communication by Mohammed Mudassir
Near Field Communication by Mohammed Mudassir
 
Use of rfid in operations management
Use of rfid in operations managementUse of rfid in operations management
Use of rfid in operations management
 
E-Catalogue Of HUAYUAN RFID Products
E-Catalogue Of HUAYUAN RFID ProductsE-Catalogue Of HUAYUAN RFID Products
E-Catalogue Of HUAYUAN RFID Products
 
IDEX Smartfinger Product Data Sheet
IDEX Smartfinger Product Data SheetIDEX Smartfinger Product Data Sheet
IDEX Smartfinger Product Data Sheet
 
Talk-ID Engels (1)
Talk-ID Engels (1)Talk-ID Engels (1)
Talk-ID Engels (1)
 
Contactless NFC Tags For Mobile Loyalty
Contactless NFC Tags For Mobile LoyaltyContactless NFC Tags For Mobile Loyalty
Contactless NFC Tags For Mobile Loyalty
 
Nfc power point
Nfc power pointNfc power point
Nfc power point
 
QR code
QR codeQR code
QR code
 
Smart Phone in 2013
Smart Phone in 2013Smart Phone in 2013
Smart Phone in 2013
 
117_SIRJ_HMS
117_SIRJ_HMS117_SIRJ_HMS
117_SIRJ_HMS
 
Tablet in 2012
Tablet in 2012Tablet in 2012
Tablet in 2012
 

Ähnlich wie DefCon 2012 - Near-Field Communication / RFID Hacking - Lee

My best effort
My best effortMy best effort
My best effortsujataray
 
การใช้งานโปรแกรม Power point
การใช้งานโปรแกรม Power pointการใช้งานโปรแกรม Power point
การใช้งานโปรแกรม Power pointanniesimcard
 
A 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCA 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCSlawomir Jasek
 
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)PROIDEA
 
A 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCA 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCSecuRing
 
NFC on Android - Near Field Communication
NFC on Android - Near Field CommunicationNFC on Android - Near Field Communication
NFC on Android - Near Field CommunicationSven Haiges
 
Making Sense of Wireless Technologies
Making Sense of Wireless TechnologiesMaking Sense of Wireless Technologies
Making Sense of Wireless TechnologiesAnton Mills
 
Rfid101 rfid introduction_lr
Rfid101 rfid introduction_lrRfid101 rfid introduction_lr
Rfid101 rfid introduction_lrCecile Tan
 
Rfid101 rfid introduction_lr
Rfid101 rfid introduction_lrRfid101 rfid introduction_lr
Rfid101 rfid introduction_lrCecile Tan
 
Meetup -- RFID
Meetup -- RFIDMeetup -- RFID
Meetup -- RFIDKevin2600
 
Rfid security workshop v0.9 -nahuel_grisolia
Rfid security workshop v0.9 -nahuel_grisoliaRfid security workshop v0.9 -nahuel_grisolia
Rfid security workshop v0.9 -nahuel_grisoliaPositive Hack Days
 
Nahuel Grisolia. RFID Workshop.
Nahuel Grisolia. RFID Workshop.Nahuel Grisolia. RFID Workshop.
Nahuel Grisolia. RFID Workshop.Positive Hack Days
 
Rfid Tag Manufacturer | Identis
Rfid Tag Manufacturer | IdentisRfid Tag Manufacturer | Identis
Rfid Tag Manufacturer | IdentisSMO Clicks
 
Hacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades shortHacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades shortVincent Ohprecio
 
NFC Bootcamp Seattle Day 2
NFC Bootcamp Seattle Day 2 NFC Bootcamp Seattle Day 2
NFC Bootcamp Seattle Day 2 traceebeebe
 
Leverage RFID with NFC for Better ROI - by Steve McRae
Leverage RFID with NFC for Better ROI - by Steve McRaeLeverage RFID with NFC for Better ROI - by Steve McRae
Leverage RFID with NFC for Better ROI - by Steve McRaeMerchant360, Inc.
 

Ähnlich wie DefCon 2012 - Near-Field Communication / RFID Hacking - Lee (20)

My best effort
My best effortMy best effort
My best effort
 
การใช้งานโปรแกรม Power point
การใช้งานโปรแกรม Power pointการใช้งานโปรแกรม Power point
การใช้งานโปรแกรม Power point
 
A 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCA 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFC
 
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
 
A 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCA 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFC
 
NFC on Android - Near Field Communication
NFC on Android - Near Field CommunicationNFC on Android - Near Field Communication
NFC on Android - Near Field Communication
 
Making Sense of Wireless Technologies
Making Sense of Wireless TechnologiesMaking Sense of Wireless Technologies
Making Sense of Wireless Technologies
 
Rfid101 rfid introduction_lr
Rfid101 rfid introduction_lrRfid101 rfid introduction_lr
Rfid101 rfid introduction_lr
 
Rfid101 rfid introduction_lr
Rfid101 rfid introduction_lrRfid101 rfid introduction_lr
Rfid101 rfid introduction_lr
 
Aidc technology
Aidc technologyAidc technology
Aidc technology
 
Meetup -- RFID
Meetup -- RFIDMeetup -- RFID
Meetup -- RFID
 
NFC In Mobile Commerce
NFC In Mobile CommerceNFC In Mobile Commerce
NFC In Mobile Commerce
 
RFID Technology
RFID TechnologyRFID Technology
RFID Technology
 
Hftn
HftnHftn
Hftn
 
Rfid security workshop v0.9 -nahuel_grisolia
Rfid security workshop v0.9 -nahuel_grisoliaRfid security workshop v0.9 -nahuel_grisolia
Rfid security workshop v0.9 -nahuel_grisolia
 
Nahuel Grisolia. RFID Workshop.
Nahuel Grisolia. RFID Workshop.Nahuel Grisolia. RFID Workshop.
Nahuel Grisolia. RFID Workshop.
 
Rfid Tag Manufacturer | Identis
Rfid Tag Manufacturer | IdentisRfid Tag Manufacturer | Identis
Rfid Tag Manufacturer | Identis
 
Hacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades shortHacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades short
 
NFC Bootcamp Seattle Day 2
NFC Bootcamp Seattle Day 2 NFC Bootcamp Seattle Day 2
NFC Bootcamp Seattle Day 2
 
Leverage RFID with NFC for Better ROI - by Steve McRae
Leverage RFID with NFC for Better ROI - by Steve McRaeLeverage RFID with NFC for Better ROI - by Steve McRae
Leverage RFID with NFC for Better ROI - by Steve McRae
 

Mehr von Michael Smith

DHS - Recommendations for Securing Zigbee Networks in Process Control Systems
DHS - Recommendations for Securing Zigbee Networks in Process Control SystemsDHS - Recommendations for Securing Zigbee Networks in Process Control Systems
DHS - Recommendations for Securing Zigbee Networks in Process Control SystemsMichael Smith
 
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)Michael Smith
 
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)Michael Smith
 
BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...
BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...
BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...Michael Smith
 
BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)Michael Smith
 
DefCon 2012 - Sub-1 GHz Radio Frequency Security
DefCon 2012 - Sub-1 GHz Radio Frequency SecurityDefCon 2012 - Sub-1 GHz Radio Frequency Security
DefCon 2012 - Sub-1 GHz Radio Frequency SecurityMichael Smith
 
DefCon 2012 - Near-Field Communication / RFID Hacking - Miller
DefCon 2012 - Near-Field Communication / RFID Hacking - MillerDefCon 2012 - Near-Field Communication / RFID Hacking - Miller
DefCon 2012 - Near-Field Communication / RFID Hacking - MillerMichael Smith
 
DefCon 2012 - Hardware Backdooring (White Paper)
DefCon 2012 - Hardware Backdooring (White Paper)DefCon 2012 - Hardware Backdooring (White Paper)
DefCon 2012 - Hardware Backdooring (White Paper)Michael Smith
 
DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)Michael Smith
 
DefCon 2012 - Firmware Vulnerability Hunting with FRAK
DefCon 2012 - Firmware Vulnerability Hunting with FRAKDefCon 2012 - Firmware Vulnerability Hunting with FRAK
DefCon 2012 - Firmware Vulnerability Hunting with FRAKMichael Smith
 
DefCon 2011 - Vulnerabilities in Wireless Water Meters
DefCon 2011 - Vulnerabilities in Wireless Water MetersDefCon 2011 - Vulnerabilities in Wireless Water Meters
DefCon 2011 - Vulnerabilities in Wireless Water MetersMichael Smith
 
Defcon 2011 - Penetration Testing Over Powerlines
Defcon 2011 - Penetration Testing Over PowerlinesDefcon 2011 - Penetration Testing Over Powerlines
Defcon 2011 - Penetration Testing Over PowerlinesMichael Smith
 
DefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
DefCon 2012 - Anti-Forensics and Anti-Anti-ForensicsDefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
DefCon 2012 - Anti-Forensics and Anti-Anti-ForensicsMichael Smith
 
DefCon 2012 - Subterfuge - Automated MITM Attacks
DefCon 2012 - Subterfuge - Automated MITM AttacksDefCon 2012 - Subterfuge - Automated MITM Attacks
DefCon 2012 - Subterfuge - Automated MITM AttacksMichael Smith
 
DefCon 2012 - Bluetooth Monitoring With SCAPY
DefCon 2012 - Bluetooth Monitoring With SCAPYDefCon 2012 - Bluetooth Monitoring With SCAPY
DefCon 2012 - Bluetooth Monitoring With SCAPYMichael Smith
 
DefCon 2012 - Owned In 60 Seconds - Windows Hacking
DefCon 2012 - Owned In 60 Seconds - Windows HackingDefCon 2012 - Owned In 60 Seconds - Windows Hacking
DefCon 2012 - Owned In 60 Seconds - Windows HackingMichael Smith
 
DefCon 2012 - Rooting SOHO Routers
DefCon 2012 - Rooting SOHO RoutersDefCon 2012 - Rooting SOHO Routers
DefCon 2012 - Rooting SOHO RoutersMichael Smith
 
DefCon 2012 - Finding Firmware Vulnerabilities
DefCon 2012 - Finding Firmware VulnerabilitiesDefCon 2012 - Finding Firmware Vulnerabilities
DefCon 2012 - Finding Firmware VulnerabilitiesMichael Smith
 
DefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android DataDefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android DataMichael Smith
 
DefCon 2012 - Power Smart Meter Hacking
DefCon 2012 - Power Smart Meter HackingDefCon 2012 - Power Smart Meter Hacking
DefCon 2012 - Power Smart Meter HackingMichael Smith
 

Mehr von Michael Smith (20)

DHS - Recommendations for Securing Zigbee Networks in Process Control Systems
DHS - Recommendations for Securing Zigbee Networks in Process Control SystemsDHS - Recommendations for Securing Zigbee Networks in Process Control Systems
DHS - Recommendations for Securing Zigbee Networks in Process Control Systems
 
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)
 
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
 
BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...
BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...
BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...
 
BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)
 
DefCon 2012 - Sub-1 GHz Radio Frequency Security
DefCon 2012 - Sub-1 GHz Radio Frequency SecurityDefCon 2012 - Sub-1 GHz Radio Frequency Security
DefCon 2012 - Sub-1 GHz Radio Frequency Security
 
DefCon 2012 - Near-Field Communication / RFID Hacking - Miller
DefCon 2012 - Near-Field Communication / RFID Hacking - MillerDefCon 2012 - Near-Field Communication / RFID Hacking - Miller
DefCon 2012 - Near-Field Communication / RFID Hacking - Miller
 
DefCon 2012 - Hardware Backdooring (White Paper)
DefCon 2012 - Hardware Backdooring (White Paper)DefCon 2012 - Hardware Backdooring (White Paper)
DefCon 2012 - Hardware Backdooring (White Paper)
 
DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)
 
DefCon 2012 - Firmware Vulnerability Hunting with FRAK
DefCon 2012 - Firmware Vulnerability Hunting with FRAKDefCon 2012 - Firmware Vulnerability Hunting with FRAK
DefCon 2012 - Firmware Vulnerability Hunting with FRAK
 
DefCon 2011 - Vulnerabilities in Wireless Water Meters
DefCon 2011 - Vulnerabilities in Wireless Water MetersDefCon 2011 - Vulnerabilities in Wireless Water Meters
DefCon 2011 - Vulnerabilities in Wireless Water Meters
 
Defcon 2011 - Penetration Testing Over Powerlines
Defcon 2011 - Penetration Testing Over PowerlinesDefcon 2011 - Penetration Testing Over Powerlines
Defcon 2011 - Penetration Testing Over Powerlines
 
DefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
DefCon 2012 - Anti-Forensics and Anti-Anti-ForensicsDefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
DefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
 
DefCon 2012 - Subterfuge - Automated MITM Attacks
DefCon 2012 - Subterfuge - Automated MITM AttacksDefCon 2012 - Subterfuge - Automated MITM Attacks
DefCon 2012 - Subterfuge - Automated MITM Attacks
 
DefCon 2012 - Bluetooth Monitoring With SCAPY
DefCon 2012 - Bluetooth Monitoring With SCAPYDefCon 2012 - Bluetooth Monitoring With SCAPY
DefCon 2012 - Bluetooth Monitoring With SCAPY
 
DefCon 2012 - Owned In 60 Seconds - Windows Hacking
DefCon 2012 - Owned In 60 Seconds - Windows HackingDefCon 2012 - Owned In 60 Seconds - Windows Hacking
DefCon 2012 - Owned In 60 Seconds - Windows Hacking
 
DefCon 2012 - Rooting SOHO Routers
DefCon 2012 - Rooting SOHO RoutersDefCon 2012 - Rooting SOHO Routers
DefCon 2012 - Rooting SOHO Routers
 
DefCon 2012 - Finding Firmware Vulnerabilities
DefCon 2012 - Finding Firmware VulnerabilitiesDefCon 2012 - Finding Firmware Vulnerabilities
DefCon 2012 - Finding Firmware Vulnerabilities
 
DefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android DataDefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android Data
 
DefCon 2012 - Power Smart Meter Hacking
DefCon 2012 - Power Smart Meter HackingDefCon 2012 - Power Smart Meter Hacking
DefCon 2012 - Power Smart Meter Hacking
 

Kürzlich hochgeladen

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 

Kürzlich hochgeladen (20)

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

DefCon 2012 - Near-Field Communication / RFID Hacking - Lee

  • 1. DEFCON 20 NFC Hacking: The Easy Way Eddie Lee eddie{at}blackwinghq.com
  • 2. !   Security Researcher for Blackwing Intelligence (formerly Praetorian Global) About Me !   We’re always looking for cool security projects !   Member of Digital Revelation !   2-time CTF Champs – Defcon 9 & 10 !   Not an NFC or RFID expert!
  • 3. !   Radio Frequency Identification - RFID !   Broad range of frequencies: low kHz to super high GHz Introduction // RFID Primer !   Near Field Communication - NFC !   13.56 MHz !   Payment cards !   Library systems !   e-Passports !   Smart cards !   Standard range: ~3 - 10 cm !   RFID Tag !   Transceiver !   Antenna !   Chip (processor) or memory
  • 4. !   RFID (tag) in credit cards !   Visa – PayWave Introduction // RFID Primer !   MasterCard – PayPass !   American Express – ExpressPay !   Discover – Zip !   Proximity Coupling Devices (PCD) / Point of Sale (POS) terminal / Reader !   EMV (Europay, Mastercard, and VISA) standard for communication between chipped credit cards and POS terminals !   Four “books” long !   Based on ISO 14443 and ISO 7816 !   Communicate with Application Protocol Data Units (APDUs)
  • 5. !   Why create NFCProxy? !   I’m lazy Introduction // Motivation !   Don’t like to read specs !   Didn’t want to learn protocol (from reading specs) !   Future releases should work with other standards (diff protocols) !   Make it easier to analyze protocols !   Make it easier for other people to get involved !   Contribute to reasons why this standard should be fixed
  • 6. !   Adam Laurie (Major Malfunction) ! RFIDIOt Previous work ! http://rfidiot.org ! Pablos Holman !   Skimming RFID credit cards with ebay reader ! http://www.youtube.com/watch?v=vmajlKJlT3U !   3ric Johanson ! Pwnpass ! http://www.rfidunplugged.com/pwnpass/ !   Kristen Paget !   Cloning RFID credit cards to mag strip ! http://www.shmoocon.org/2012/presentations/Paget_shmoocon2012-credit- cards.pdf !   Tag reading apps
  • 7. !   Contactless Credit card reader (e.g. VivoPay, Verifone) !   ~$150 (retail) Typical Hardware !   ~$10 - $30 (ebay) !   Card reader ! OmniKey (~$50-90 ebay), ACG, etc. ! Proxmark ($230-$400) !   Mag stripe encoder ($200-$300)
  • 8. !   What is NFCProxy? !   An open source Android app Tool Overview !   A tool that makes it easier to start messing with NFC/RFID !   Protocol analyzer !   Hardware required !   Two NFC capable Android phones for full feature set !   Nexus S (~$60 - $90 ebay) !   LG Optimus Elite (~$130 new. Contract free) !   No custom ROMs yet !   Galaxy Nexus, Galaxy S3, etc. (http://www.nfcworld.com/nfc-phones-list/) !   Software required !   One phone !   Android 2.3+ (Gingerbread) !   Tested 2.3.7 and ICS !   At least one phone needs: !   Cyanogen 9 nightly build from: Jan 20 - Feb 24 2012 !   Or Custom build of Cyanogen
  • 9.
  • 10. ! android_frameworks_base (Java API) ! https://github.com/CyanogenMod/android_frameworks_base/commit/ Cyanogen Card Emulation c80c15bed5b5edffb61eb543e31f0b90eddcdadf ! android_external_libnfc-nxp (native library) ! https://github.com/CyanogenMod/android_external_libnfc-nxp/ commit/34f13082c2e78d1770e98b4ed61f446beeb03d88 ! android_packages_apps_Nfc (Nfc.apk – NFC Service) ! https://github.com/CyanogenMod/android_packages_apps_Nfc/ commit/d41edfd794d4d0fedd91d561114308f0d5f83878 !   NFC Reader code disabled because it interferes with Google Wallet ! https://github.com/CyanogenMod/android_packages_apps_Nfc/ commit/75ad85b06935cfe2cc556ea1fe5ccb9b54467695
  • 11. NFC Hardware Architecture Host   Antenna   Secure   NFC  Chip   Element  
  • 12. !   Proxy transactions !   Save transactions Tool Features !   Export transactions !   Tag replay (on Cyanogen side) !   PCD replay !   Don’t need to know the correct APDUs for a real transactions !   Use the tool to learn about the protocol (APDUs)
  • 13. Standard Transaction APDU   RFID   APDU  
  • 14. How It Works // Proxy Mode WiFi   NFC   APDU   NFC   APDU  
  • 15. Proxy Mode! How It Works // Terminology WiFi   NFC   Relay Mode! NFC  
  • 16. !   Relay Mode !   Opens port and waits for connection from proxy How It Works // Modes !   Place Relay on card/tag !   Proxy Mode !   Swipe across reader !   Forwards APDUs from reader to card !   Transactions displayed on screen !   Long Clicking allows you to Save, Export, Replay, or Delete
  • 17. !   Replay Reader (Skimming mode*) !   Put phone near credit card How It works // Replay Mode !   Nothing special going on here !   Know the right APDUs !   Replay Card (Spending mode) !   Swipe phone across reader !   Phone needs to be able to detect reader – Card Emulation mode !   Requires CyanogenMod tweaks !   Virtual wallet
  • 18. !   A word about android NFC antennas !   Galaxy Nexus: CRAP! Antennas !   Nexus S: Good ! Optimus Elite: Good !   NFC communication is often incomplete !   Need to reengage/re-swipe the phone with a card/reader !   Check the “Status” tab in NFCProxy
  • 19. !   EMV Book 3 ! http://www.emvco.com/download_agreement.aspx?id=654 APDU-Speak !   See RFIDIOt (ChAP.py) and pwnpass for APDUs used for skimming !   Proxy not needed for skimming and spending !   Just for protocol analysis
  • 21. !   Let’s see it in action! Demo!
  • 22. !   What’s next? !   Generic framework that works with multiple technologies Future Work !   Requires better reader detection !   Pluggable modules !   MITM !   Protocol Fuzzing
  • 23. !   Now available for download and contribution! Source Code !   http://sourceforge.net/projects/nfcproxy/
  • 24. !   Questions? Q & A !   Contact: eddie{at}blackwinghq.com