NCFKill attacks against implants

yep, that’s called a “duress code”, and it’s totally possible…


I like the idea of having a hidden volume like VeraCrypt has…


Ok, I just ordered a few readers to sacrifice in the name of science --and entertainment.

Going to attack a Nexus 5 too, but if anyone has an old (or new) phone they would like to see tested, let me know and we can chat out of thread.

I’ve also got some better camera gear on the way, so definitely a youtube video, possibly a live stream if I can get the multi-source capture ironed out.


yeah we might be able to actually fork or merge VivoKey support into VeraCrypt … eventually…


I just uploaded a full length live stream of the NFCKill being used against various devices. Some interesting results for sure.

RFID cards/implants are affected at a greater range, but take more “strikes” to destroy. RFID readers can also be disabled.
NFC card/implants are easier to destroy, but are only affected at close range. The NFC readers, including the Nexus 5 tested in the video, don’t seem to be affected at all.

Stream starts at 10:30


Just to be clear (as we don’t want to propagate the misconception) NFC implants are RFID implants

Video sounds interesting, taking a look now :smiley:


Thanks for the share, 1hr40min, I guess I know what I am watching on the bike tomorrow morning :biking_man:


I’ll be sure to put that distinction in the video notes. Thank you for keeping me honest!


Who was the gorgeous cameo at 48min? And why are they not staring in this thread?!


I wonder if it could get through platemale or chainmail?


If not maybe I would finally have a reasonable excuse to get a set of armory… :sweat_smile:

Video was good, interesting to see what the device is capable off. The DOS of an entry point to relax security was the only practical usecases I could think of so far.

1 Like

That’s Soapy. :slight_smile: I’ll have to put some pictures up!


Thanks for watching!

Yeah it’s hard to imagine an engagement scope actually allowing for this to be deployed, but it’s certainly a scenario worth some exploration.

1 Like

I did about an hour on the bike, so have another 40 mins to watch, Did you do any testing from the underside, Just wondering if it is shielded / directional.

Deployment wise, in a satchel, as a brush past in a crowd???
Dick Move but possible, although slightly more difficult now with social distancing.

Think Electronic Frottage attack

I think @freqyXin is saying that it would be hard to get a company to agree to let this tool be used in an engagement. Like red team stuff. Not that it would be hard to physically use.

1 Like

For the cost of a couple of access cards, it would prove a point
“Your staff should be wearing RFID Shield ID card carriers”
And here’s why

1 Like

We where talking about blowing the reader on the door so that that a pen tester could slip in when they end up propping the door open or something like that due to it being broken.

There is limited to no gain from killing a card in terms of getting further access that I can think of.

1 Like

Ah, gotcha.
Still a DOS on an individual(s)
but I see your point

If you kill enough badges, ie a phony reader, it could make the target second guess badges that don’t work. They’ll either set up a manned checkpoint (bad) or just prop the door open (good) until its “fixed”


I was thinking this too. Create a precedence where access cards aren’t working, then just slip in with all the others.

I haven’t had a chance to watch the whole video yet, but what kind of… spill does it have? How narrow is the target area, if that makes sense?

Would you need to protect, or worry about, hand implants while using it on, say a key card?

1 Like