The antišŸš«-derailmentšŸšƒ & threadšŸ§µ hijackingšŸ”« threadšŸ§µ ā‰

Lounge
9979

Hey Rosco, youā€™re my goto for long range reader shenanigans

Iā€™m thinking of running a contest at CircleCityCon, an open challenge to steal the uid Iā€™m going to use to open the pistol safe I just built as a example

Whatā€™s the range actually like with the long range reader and a x series? I know the ISO cards can get like 2-3 feetā€¦ but glassies tend to be picky and petulant

Good idea? Bad idea? Terrible but failure is fun?

I figure best case, itā€™s incredibly hard to sniff the uid, which can be seen as a benefit

Worst case itā€™s not hard, and then thereā€™s clarity about realistic vulnerability

2 Likes
9980

My most powerful HF readers are the DL533-XL (ISO14443 - about 1W) and the FEIG MR102 with the 240mm x 340mm pad antenna (ISO15693 - about 1.2W). Both have a range of about 4 cm with glassies.

But most importantly, you only get that range when the glassie is orthogonal to the antennaā€™s coil wire. It wonā€™t work if the glassie is positioned alongside the wire, it wonā€™t work if itā€™s in the middle of the antennaā€¦ Itā€™s quite specific, and much MUCH less forgiving than LF.

The FEIG reader for instance is something I got to make a quality control machine for production: the glassies to test actually come in a chute and stop at precise locations along the perimeter of the pad antenna. You canā€™t just throw a bucket of them on the antenna any which way and hope to get good reads, despite its power. Itā€™s that finicky.

Iā€™m not sure how you intend to run your contest thing, but bear that in mind because it might end up not being a terribly practical thing to use in the field.

1 Like
9981

Mostly Im sick of hearing people go on about how easy it would be to steal a uid from an implant
Because they can do so easily ish with an iso card and think they would get the same range

So this is aā€¦ ā€œwell letā€™s see you do it thenā€

I think the rough idea isā€¦ you have 3 days at the conference to get it from meā€¦ without being super obvious

I am looking to use LF ( system uses that, and I can rewrite it if I loose the challenge)

Specifically em mode on either a next or xem

2 Likes
9982

It is easy with LF: typical parking garage readers have ridiculous power and range, and most importantly, the LF tags offer exactly zero protection and are completely trivial to clone to a T55xx. My LF readers get a clear foot of range with the flexEM, and a good few inches with the xEM:

But thatā€™s LF. HF is much more bitchy to use. Even flex HF implants are completely impractlcal to read and clone for nefarious purposes. They only pose a risk if youā€™re passed out or asleep and your attacker is reasonably technically savvy, which isnā€™t terribly likely since youā€™re most likely to be passed out in a bar and asleep at home.

Ah sorry I was under the impression your system used HF.

Then yes, LF is a very real sniffing risk. Someone with the know-how will defeat your system in no time at all.

2 Likes
9983

I think thatā€™s the thingā€¦

I feel like only a couple inches and the orientation is going to be inconsistent and erraticā€¦ is the actual challenge

Thatā€™s part of why I think I wanna do LF, its only about wether the coupling range makes it difficult enough to sniff or not

Also, for what itā€™s worthā€¦ there would also be 4 other lf tags in the same regionā€¦ not sure if that reader has any kind of anti collision?

9984

Coupling is NOT difficult with LF: itā€™s very forgiving and very consistent.

Your chances at not getting your implant cloned (assuming someone with a portable parking garage reader is trying to do that to open your safe) are:

  • Watch out for weird people following you around wearing a satchel and invading your personal space all the time
  • Use a less common LF protocol, like Indala, that high-power Chinese readers canā€™t read
  • And yes, tape LF tags around your hand to create collisions :slight_smile:
3 Likes
9985

I have 4 lf tags in the same hand lol surely thatā€™s something

9986

That would foil a high-power reader for sure.

Hell, the high-power reader in my office chair that reads the flexEM in my back even prevents a Halo reader from reading the xBT in my chest.

But I should say this: if all your LF tags are EM, thereā€™s a chance a high-power reader will get the ID of one of them. Which one is a toss-up, but collisions arenā€™t always a guarantee that stuff is totally unreadable.

9987

Oh Iā€™m not trusting that range and collisions make it unreadableā€¦ I just think itā€™s significantly harder than non DT people make it out to be

So I want to see them try

9988

Alternatively, you could get yourself one of them Chinese parking garage readers to try it yourself. Theyā€™re dirt cheap, and when youā€™re done testing, you can use it for another fun project. Iā€™ve had tons of fun putting together implant-related projects with those things. You would too.

9989

What does the reader do, if I may ask? Seems pretty cool.

Plus a reader under a floor mat :scream:. Thatā€™s smart

9990

Do yourself a favour. check out Roscos threads, he has made some cool shit

3 Likes
9991

image
image507Ɨ720 304 KB

7 Likes
9992

Bought an older Dell laptop with an integrated RFID reader. After issuing one command to change the proprietary nonsense Dell security mode it was in, it is now acting like a normal PC/SC reader. Too bad the laptop is so old and slow itā€™s basically only useful for the lab.

3 Likes
9993

My nicer laptop (Asus scar 15 G533QS-DS76 came with a Rfid reader built inā€¦ mostly for proprietary sillynessā€¦ but I hoped I could maybe do something with it

Near as I can tell it only works with iso15693 and it can only detect it when itā€™s inserted into the slot

Oh well I didnā€™t expect to use it for much

1 Like
9994

Anybody wanting to learn about the Proxmark3 (RDV4), there is a hands on workshop in Paris.

Run by @doegox (RFID Discord) Heā€™s a switched on cookie and nice guy.

2022-07-06, 09:30ā€“12:30 (Europe/Paris), Workshop Room

You will enjoy hacking with RFID/NFC cards and devices by means of open source.
You will have plenty of time to get familiar with the Proxmark3 RDV4 and operate it by yourself in various conditions and challenges.

1 Like
9995

Access to stuff like this, (maker spaces, and science cafes) is the only thing I regret about living out in the sticks.

Not enough to move, though.

1 Like
9996

I used to have a Precision with that same feature back in the day. Chances are that yours also has a normal smartcard reader under the PCMCIA slot just like mine did.

9997

Hey @Amal,
( or anyone else that knows )

it occurs to me, there arenā€™t specific instructions for removing users from a XACv2
I understand the
scan ā€œadd masterā€, scan new chip, scan ā€œadd masterā€
and
scan ā€œremove masterā€, scan unwanted chip, scan ā€œremove masterā€

but this implies that I HAVE the old tagā€¦

any secret scan order to remove all active tags?
or would you have to put the jumper back into master mode?

or scaryā€¦ are they always in memory unless you scan them to be removed?

9998

Hahaha, you learnt :wink:

I havenā€™t re-read it, but does this post OR thread help answer your question