RFID/NFC fully reloaded and even dirtier: Interaction, Cloning, Emulation, Replaying and Relaying

You will learn by example how to play with RFID/NFC cards and equipment. SCL3711, ACR122U, Proxmark3, Mifare Ultralight, Ultralight C, Classic, Plus, DesFire, iClass, HID Proximity, EM, credit cards, passports and more.

During the first day you will deal with different types of the most common transponders that can be found in the wild (aka tags, tokens, etc.). More tinkering, hacking and hands-on than ever, starting right away from the first day. Not a ton of theory. You can read the papers later, right? During the second day, you will interact with real digital payment systems such as “Samsung Pay”, “Visa PayWave”, “Apple Pay”, etc. and their possible exploitation (eg. Relay & Replay attacks).

The first day of this unique workshop covers RFID from the Low Frequency band (mainly used for individual physical access to buildings, garages, hotels, etc.) to the High Frequency band, where credit cards, passports, but also NFC come into play. We will provide you with all the tools, materials and references for further study and research, with a strong emphasis on free software & free hardware.

You will understand which type of access cards can be emulated or even cloned; then, we are going to use traditional NFC USB readers, we will compile and execute the famous LibNFC, and play with some special hardware like the Proxmark3 and Chameleon Mini. Arduino examples will be shown to deal with both Low and High frequency cards and tokens. You will learn how to deal with the most common LF and HF transponders.

HID iClass vulnerabilities will be discussed as well as the NXP MIFARE Classic (and Plus) technology along with its public hacks.

We will also discuss some case studies, practical hacks and lessons learned from working systems the can be found in the wild, including ePassports, RFID Toys, Credit Cards, etc.

The second day will focus on digital payments and RFID/NFC attacks on them. You will understand the risk of the real threats that can be faced by all types of institutions that handle digital and physical payments (using NFC as well as Magnetic Secure Transmission -MST-). Demonstrations and real practices will be presented with real digital payments and their possible exploitation (eg. Relay and Replay attacks). Furthermore, we will discuss new type of attacks or data extraction that is not documented ;-).

So, yes, two days for getting very dirty playing with RFID and NFC devices!

Requirements

The attendees are encouraged to bring their laptops with preferably a linux setup (natively or in a VM, e.g. a Kali) and a compilation environment (git, gcc and gcc-arm <5) to play with the equipment.
It is desirable to have a minimum knowledge of C language – debugging, compiling, and running. You may succeed using other OSes but you’re on your own…
An Android phone (also optional) with 4.4 KitKat system or higher, with NFC technology.
Any RFID/NFC transponder or device is very welcome to share experiences and try some hacks on with it.

About the Speakers

Nahuel Grisolia

Nahuel Grisolía is the Founder and CEO of Cinta Infinita, an Information Security company based in Buenos Aires, Argentina. He is specialized in (Web) Application Penetration Testing and Hardware Hacking. He loves playing with Arduino’s, IOT devices, ARM based hardware devices, Tamagotchis, Quadcopters, Lasers, etc. He has delivered trainings and talks in conferences and events around the world: BugCON (Mexico), H2HC (Brazil), Ekoparty (Argentina), OWASP events (Argentina), TROOPERS (Germany), PHDays (Russia), Ground Zero Summit (India), etc. He has discovered vulnerabilities in software from McAfee, VMWare, Manage Engine, Oracle, Websense, Google, Twitter, Auth0 and also in free software projects like Achievo, Cacti, OSSIM, Dolibarr and osTicket.

More Info at: http://cintainfinita.com http://www.linkedin.com/in/nahuelgrisolia http://www.exploit-db.com/author/?a=2008 http://www.proxmark.org/forum/profile.php?id=3000