Actions
Forum Thread Details
  • Replies 19 replies
  • Subscribers 15 subscribers
  • Views 157 views
  • Users 0 members are here
Related

Looking for RFID hardware and software insight

colporteur

I am looking at pursuing some security research into  RFID cards. I would like to be able to read and replicate lower freq and mid freq cards. My focus is more on the mid freq cards but the lower freq cards can provide some insight. I have watched a few youtube videos to get some idea of what is involved. I have found a myriad of hardware options and mostly Proxmark for software.

 

I'm looking for insight into hardware and software recommendation that support a working solutions?

I'm looking for insight into operating system that supports a working solutions?

I'm looking for insight into a working solutions using Raspberry Pi and Arduino?

I'm looking for insight from a person that has a working solutions and not heard about or seen about it. Getting it to work from bare metal ,to me provides experience. I'm looking to tap that experience. My goal is to get a working solution. I am willing to invest the time to get to that point but, I am trying to avoid the numerous dead ends I would follow if I did it on my own, to get it working. You could try this or you could try that if it fails, is not what I am looking for.

 

My immediate need is the working setup for the research project, not really the journey through the valley of learning to get there. What I need to learn will be done in the working solutions, at least I hope.

Parents

  • Is this engineer speak? What frequencies do you mean when you say "My focus is more on the mid freq cards but the lower freq cards can provide some insight"

     

    Do you see 13.56MHz as high or medium, for example, as there is also an ultra-high frequency range too. I'm assuming that 125kHz is regarded as low - but I too could be wrong.

  • in reply to BigG

    My inexperience in the technology is showing through. I in no way will try to impersonate any engineering in this field.  How to mask my newborn face?

     

    You are correct low frequency 125Khz, middle 13.5Mhz and I my understanding is their is an upper frequency. I can't recall the frequency number of Hz.

     

    My understanding is the low freq cards have the least security measures. Learning without cumbersome security, I think may be helpful. My goal is the mid freq cards. I would like to understand why my replication exercise is doomed to failure. Maybe I won't succeed in reading and writing the card but I am hoping to understand the limits.

  • in reply to colporteur

    There's a difference between RFID and NFC technologies despite the overlap. RFID usually is for "identification" purposes, mostly "dumb" memory that "bleeps" out their ID into a field (for lack of a more technical way of saying it). Sure, there are some low frequency 125kHz (or 133kHz) which may still be used for access control, and some other systems in the 900MHz region for asset tagging (e.g. livestock, car tollways, library books). Security with these systems usually is not so high.

     

    NFC cards on the other hand, are a bit more complicated. NFC is more of a data-communications channel for close-range, higher speed two-way communication and power. Most 13.56MHz cards are ISO 14443 standard compliant. Such cards have an internal microcontroller or CPU, non-volatile memory, some RAM and often cryptographic hardware to perform operations on the memory. More complicated cards even have their own operating system stack and run Java internally (e.g. the Global Platform cards, e.g. bank cards, some Sony FeliCa cards). Because of this, it's similar to the contact-type smart cards - they have a brain so you're not just "cloning" memory. You'll have to authenticate to the card to access protected areas, and even then, depending on the key you will only have limited privileges. There is also the "immutable" card ID data which is burned in at manufacturing, to allow for unique identification and selection of cards when multiple cards are in a field. But whatever the case may be, usually unless you are the designer/commissioner of a system, you won't know the master key and will have no way to obtain it - and for cards with an OS, you won't have the application code either, let alone the user data.

     

    There are exceptions - e.g. the NXP MiFare Classic cards are relatively weak cryptographically, so they can be cloned. Some aftermarket UID-changeable cards allow for perfect clones of these to be made. But since the issue of their vulnerabilities have been long known, most users have always transitioned away to more secure MiFare DESFireEV3 cards which are practically immune to attack (to my knowledge, at this time) and utilise mutual authentication. The design of the chips also has a bearing as to what can be done as some will have security keys, write-once areas, etc.

     

    Another issue is that the frequency doesn't tell you all that much - in 13.56MHz you can have MiFare Classic, MiFare DESFire (EV1-EV2-EV3), Mifare Ultralight, Broadcom Topaz, Sony FeliCa, etc, Each behave somewhat differently and have different capabilities, memory layouts, etc.

     

    - Gough

  • in reply to Gough Lui

    Ouch! That is my one RFID nerve getting pinched.

     

    Am I naive in thinking I can start small with some working solutions and build from that?

  • in reply to colporteur

    In the end, it depends on what your aim is ... if you're happy to play with cloning LF tags, that's fairly simple with commercial equipment available.

     

    You could build your own 13.56MHz based NFC card systems if you wish and understand more about how the cryptographic functions on some more modern cards work. However, don't expect to be able to clone commercially issued cards if they have their security set-up right.

     

    - Gough

  • in reply to Gough Lui

    I'm thinking start small.

     

    I have some vendor RFID cards, I first would like to examine and then try to replicate. I anticipate failure more often than success, since I have no idea what the standard is for the cards.

     

    RFID is a subject I have rolled around as a learning exercise for some time. I recently had an inquiry and thought what would it take equipment and software to make an entry.

     

    I have seen the hand held read and write guns for making card copies. My definition of low freq card it appears. I have also seen screen shots of the Proxmark RFID card standards. My question is to see if I can close the gap on what I could develop a working solution.

     

    I'm more interests in the Pi and Arduino options but that may be a stretch.

  • in reply to colporteur

    If you just wanted to get some experience with NFC tags/cards and were okay with just using 13.56MHz, Amazon has inexpensive modules based on the PN532.

     

    I have one that works with SPI or I2C https://www.amazon.com/gp/product/B0746GB1RQ/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1

     

    I currently have it hooked up with an Arduino MKR1000 over I2C.  I have not tried SPI yet, but I have used SPI with an RC522 module and a Sparkfun ESP8266 Thing Dev board.

     

    I'm using the Adafruit_PN532 library which had the following examples - (I'm using readMifare, which can also write to the card).

    You can use this with the RPi using libnfc, but I haven't tried that.

     

    If you have an Android phone/tablet, you could probably use that with an NFC app to try to read/write the cards that you have.

Reply
  • in reply to colporteur

    If you just wanted to get some experience with NFC tags/cards and were okay with just using 13.56MHz, Amazon has inexpensive modules based on the PN532.

     

    I have one that works with SPI or I2C https://www.amazon.com/gp/product/B0746GB1RQ/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1

     

    I currently have it hooked up with an Arduino MKR1000 over I2C.  I have not tried SPI yet, but I have used SPI with an RC522 module and a Sparkfun ESP8266 Thing Dev board.

     

    I'm using the Adafruit_PN532 library which had the following examples - (I'm using readMifare, which can also write to the card).

    You can use this with the RPi using libnfc, but I haven't tried that.

     

    If you have an Android phone/tablet, you could probably use that with an NFC app to try to read/write the cards that you have.

Children
No Data