RFID/NFC: "Two days of security and privacy nightmares"
The workshop covers RFID from the Low Frequency band (mainly used for individual physical access to buildings, garages, hotels, etc.) to the High Frequency band, where NFC is the main term we are going to discuss about. We will provide you with all the tools, materials and references for further study and research.
You will understand which type of access cards can be emulated or even cloned; then we are going to use traditional NFC USB readers, we will compile and execute the famous LibNFC, and play with some special hardware like the Proxmark3 and HydraNFC. Arduino examples will be shown to deal with both Low and High frequency cards and tokens. You will learn how to deal with the most common LF and HF transponders.
HID iClass vulnerabilities will be discussed as well as the NXP MIFARE Classic (and Plus) technology along with its public hacks.
We will also discuss some case studies, practical hacks and lessons learned from working systems the can be found in the wild, including ePassports, RFID Toys, Credit Cards and Host-based Card Emulation.
Prior Required Skills:
No prior RFID / NFC technology knowledge is required. We will start from the very beginning.
It is desirable to have a minimum knowledge of C language – debugging, compiling, and running.
The speakers will conduct all the demos (yup! real hardware) with the help of the audience, so it is not a requirement to bring any laptop or other equipment. However, the attendees are encouraged to bring their laptops and a compiled version of the latest LibNFC toolset or an updated Kali Linux to play with the teacher’s equipment.
Any RFID / NFC transponder or device is very welcome to share experiences and try some hacks on/with them.
This class is perfect for information security enthusiasts and professionals, seeking to enter the Radio Frequency Identification + NFC world. Penetration Testers running Physical access engagements will love this intro course.
From Beginners to Intermediate.