Is Your RFID Card BROKEN or Does it Just SUCK?
HTML-код
- Опубликовано: 24 июл 2024
- I mean, let's be honest, at some point there's almost no difference between "this item is unusable because it is hopelessly broken" versus "this item is unusable because it is of such low quality that i can't spend the time and effort necessary to make it work."
I have been on a journey recently when it comes to all kinds of RFID cards from all kinds of vendors and I wanted to share a few tips with you along with some tricks and methods for trying to figure out the age-old question: "Am I doing something wrong, or is this RFD card just a piece of crap?"
Enjoy! 👍😁👍
- -- ----- ----------
Sign up for give-away drawings here...
deviating.net/contests/give-a...
I'm on the Fediverse. When Twitter dies completely that's the best place to find me...
defcon.social/@deviantollam
I'm on Twitter. I mostly use it for swearing...
/ deviantollam
I'm also on Instagram. I mostly use it for liking my friends' photos...
/ deviantollam
This is my GitHub. I post my design files there...
github.com/deviantollam
This is my personal web site. Most things i create wind up online...
deviating.net
This is my company. We're good at stuff...
enterthecore.net
This is where i train. Come and learn badass skills...
redteamalliance.com
- -- ----- ----------
`hf tune --bar` if you want a nice graphical bar `hf tune --mix` if you want the bar and voltage readout. An additional issue that we have seen lately with T55 is that there is a batch of chips that have blocks 3-6 locked. EM only takes 2 blocks and will work but things that take 3+ blocks (like HID Pro) will have issues.
Awesome advice... I'm pinning this because it's so good! 👍
11:13 - I really appreciate how patient you can be with some customers. I´m a bit of noob with a lot of digital solutions, and one of these days it will be me asking a "dumbass" question like that. I just love how you approach anything as weird as that, it must seem so blatantly obvious to you, and most people in your place might just start to abuse the ignorant buyer with all the tech terms for how he/she might have done something wrong. I know this is the case for a lot of retailers where I live in a lot of matters when it comes to IT solutions. So thank you for addressing every problem in the way you do, it is a very pleasant approach to a problem which a lot of people could learn from.
Oh, I try to be, yeah. Thank you. Everyone learn something at some point and everyone is in a position to be informed if something isn't working for them. I'd rather see people lifted up than kicked down.
@@DeviantOllam Very much why I like you, apart from all the great tips and tricks you provide. Thanks, Dev! You're the main man!
@@olenilsen4660 ☺️ thanks very much
At my previous job at helpdesk-style customer interface I loved both the people who knew the stuff and also those who didn't know... Irritating ones we're those who _thought_ they knew and did not... Merely not knowing something was very fine, they took input just fine, unlike others :)
I love the analogy of the uncut key. "Any sufficiently advanced technology is indistinguishable from magic", but your explanation made it a little less mystical.
Love this. Thank you for going over this.
I got a proxmark easy and I'm having a hard time getting started / learning. Glad you're talking about it.
So glad it was helpful! 👍
For any of the RF electronics nerds out there, you can make antennas for a vector network analyzer to measure the resonant frequency and Q of suspected RFID transponders. Even a nice and affordable little NanoVNA will work. You'll need to make different coils for LF vs. HF transponders. The signal dip is really small, so you'll generally need to mess with the display scaling and use averaging to hide the noise. It hadn't occurred to me to use the tune mode in a Proxmark to detect the presence of a transponder, and I think this is brilliant! For UHF transponders, I've had better luck coupling capacitively than magnetically.
Thanks to your advice on cards, I have successfully broken mine. I appreciate the reassurance that helped me gain the confidence to break them
breaking something is the first step to leaening about it :3
I can understand the customer who couldn't enroll the cards, because a lot of cards, or key fobs come preprogrammed with some data right from the factory. Especially the ones you get from AliExpress. I haven't had terrible experience with those cards though, not even the magic Mifare ones.
Yes, absolutely this is the case.
I don't consider that customer foolish, I just considered it a wonderful opportunity to explore and explain these nuances both with them and with all of you. ☺️👍
You don’t know what you don’t know, being ones prior worked.
I picked up a dual-band+contact PIVKey card for testing a while back, and figuring out that it isn't just moving a cert onto the card, but mapping it to a specific "slot" took me a while to figure out, especially since it came with a demo cert in that slot.
Thanks for another really cool video, when I used to work security I had to deal a lot with “my card is broken” complaints, and one of the things we had to start using as a blanket statement is “the antenna is broken”. I’m just curious if anyone knows if that’s a thing, a lot of pepole were bending the cards like crazy becuase they for some reason liked to push and rub instead of tap, so I figured it was at least possible. Thanks again for another cool video and everything you do
Oh, gosh, the number of times I have seen people use a punch to make a hole in their badge and wear it on a lanyard and accidentally they punch through the antenna windings... yeah.
(On some cards it's really useful to use that flashlight trick, because the antenna favors one side or the other sometimes and you can "aim" with the punch to make the slot in a place that is not harmful)
Good point. I haven't been working with these yet since I have yet to find a use for them in my daily life. But it's always good to keep in mind that some are a waste of time if they are bad quality.
Thanks - I always learn something when I watch your videos
Funny story about the FFFFFFFFFF, I’ve found a lot of EM readers will fart open when presented with that uid…
Memory error, or some kind of terrible factory test uid, but most can’t be removed
Good to know! 😁👍
With HF cards, not even the same silicon is a guarantee of identical performance. Besides the differences in antennas and antenna manufacturing (there are a few different ways to assemble the cards), there are a number of settings on modern silicon (especially NXP) that can affect card performance in terms of range and speed. Configuring cards to be faster can come at an expense in terms of reliability and speed.
nice video, the proxmark looks like a really nice utility, I wonder if there's a more budget reader/writer for getting into RFID testing.
My friend Naomi Wu did a video where she shows some other tools that have a slightly more achievable price point...
ruclips.net/video/RHIaHI-11TU/видео.html
Thank you a lot for this video. I have a HF Chip in my hand, that stopped working. I didn't know, that Proxmark has the ability for continuous scan and the tune option. I will try it out tonight.
Good luck and I hope you can get some reads from it! (Try to position the proxmark antenna windings "perpendicular" to the shape of the implant itself. Like, if the proxmark antenna coil were a street, the glass enclosure of your implant is like a speed bump stretching across the road. And press your hand hard into the proxmark antenna. Let someone else use the keyboard if necessary)
Well this explains what is going on with the door at work. The company got new door locks and new cards and of course there were problems. The new cards barely read, so I'm thinking they bought a bunch of cheap cards. This has resulted in a security weakness, as everyone knows the swipe doesn't work most times, if they are inside and near the door they will just open it for people. I'd like to say they limit it to people they know, but we have a bunch of new hires, so effectively it is anyone. All the Pen Testers out there it might be worth checking the quality of the cards the company issues, because if they are crap cards, security will be weak around them. Security Admins buy good cards or your employees will find ways to avoid using the crap ones.
Good stuff, looks like a great toy to play around with as well. I need to find more of these things in Europe.
We ship to Europe 😉👍
Would love to see more proxmark videos!
Thank you for the video. Definitely helps.
I'm so glad it's helpful. It's inspired by questions I've gotten in the past and questions I've HAD in the past! 😁👍
Nice video as always.
The cards issued by my bank (Westpac, one of the 4 major banks in Australia) totally suck. I have had to re-order the card several times. (It's not a storage issue, they suck when I get them).
Ooohhhhhh, some RFID tech to start my morning. This is what I needed.
Enjoy! 😁👍
I wish I had a proxmark or access to one. At our uni, we use rfid cards, and we are pretty sure that it uses an older mifare protocol that is susceptible to replay attacks or more. We could potentially literally get a free lunch.
Hey Dev, you're really good at this! You should think about making a video on this subject! ;-)
Good to know. This is one area that I'm not familiar with.
i was about to buy some RFID cards on amazon which Deviant left a negative review. so i skipped that one. thank you D!
Glad to help! 😂👍
Interesting video. We hate the facilities that use NFC-based cards for building access...they are SO painful, often requiring a good 3-5 seconds in "the right spot" on the reader to scan the card, and some people have also had them die in annoying ways where the SmartCard contacts work but the NFC is broken and they can't get it replaced because the ID office tests them using the SmarCard slot. Some have had to have them accidentally get slammed in a door or similar and smashed to get them replaced stuck between a facility access control saying it is faulty and ID office saying its fine. We have also learned many of the readers seem to not work if it sees both a LF and HF card present at the same time...which is REALLY a pain if you have both in the same badge holder.
Cheap cards, and/or cheap reader.
Hey nice video!
PS, your gone Twitter account is still shown in the end card. 😉
Yes. Because it's still my account, even if I don't post anymore.
I let folk know it's not an imposter
@@DeviantOllam ah, OK. This makes sense. 👍
Can you point me back to the video where you installed a RFID in your hand? Thanking of doing the same thing for my apt building. Thanks.
Wow. Seems like another rabbit hole to go down on.
Im curious about what type of card my metro smartcard is
the only thing i do know is i have to be fairly presise with presenting it to the metro readers, and the card seems to have the capability of storing data (which from what i can tell includes information about the card ballance and the last station it was touched in at including the date and time, based on what the metro app tells me when i use the card check function (and i did confirm this feature of the app even works when the phone has no internet connection, and gives the same data))
Hi Dev. Have you tried the flipper device? If so, may I ask what you think of it. Thanks.
It's a neat item 👍 🐬
Deviant - where can I get a card/fob that works with mifare 1k and also a t5577? Trying to make a copy of my apartment key fob that uses both frequencies.
RedTeamTools.com gotcha covered 👍
would be more work, but for these people you could have an option on your site to pre-provision the cards in the format for what they want but have a default option be unprovisioned.
That is a thought but it would require so much more touch time for my team that it would make those cards ridiculously more expensive.
@@DeviantOllam I was thinking that it could be an extra charge, but I think you're right it's not worth it if you're gonna do this on a mass scale.
Worked through all my card stock and now know which cards won't be packed as field gear.....Now I just need to understand what I can connect this HF antenna (claims 40cm range) to in order to weaponize it. Would need to create an adapter cable to a proxmark and still not sure the power would be right. So thinking maybe just connect it to a HF reader and read the weigand off the back of it.
I giggled at "look at that, that's some good coupling"
Hahaha NSFW credential activation ☺️👍
Ah the RUclips algorithm.
As an outsider, I have some things to say:
1. Overall very good video, probably super approachable to all of your customers!
2. Is there a reason why you wouldn't sell RFID tags with random data on them (like a randomly cut key in the analogy) for customers like that one?
3. You probably get this question a lot, but what can and can't you do using just a recent smartphone with NFC built into it? Can it replace the proxmark for some rudimentary operations?
Not Deviant, but I can at least say for point 3:
*Most* smartphones really only want to *read* NFC, it takes specific operation to make it emit NFC data, such as whatever your preferred payment app is, where the phone is basically a cloned credential, just instead of it being some door key, it's your credit card (simplified, but gets the point across).
NFC is not the same as the RFID technology here. Technically, HF RFID uses the same frequency as NFC (13.56 MHz), but they're different protocols - like how Bluetooth and Wi-Fi are both 2.4 GHz frequency systems, but you can't connect a bluetooth speaker to your wireless access point, they both listen in the same range but speak different languages.
As far as using it to read things, that's actually possible. For example, a decent niche has taken to cloning Amiibo onto just... blank NFC cards since all the Amiibo is is an NFC tag, and your phone can read the ID number off it, and, with the right app, transfer that to another one. (Or, in some places you can just download a dump of every binary that we know of, pick the right file, transfer it to your phone, press write, hold up card, and now you have a functional "Amiibo" without spending a cent. Don't ask how you can do this.) So, *writing NFC* is possible. Some other apps are general purpose NFC reader/writer, which you can use for things like inspecting the data on your cards. But, still, that's NFC. They theoretically have the *antenna* to communicate with HF RFID devices, but that would depend on if the rest of the hardware can cope with that protocol, *and* there's some way of telling the hardware to use that protocol. It's been a while since I dove into the Android hardware APIs, so I don't quite remember if it's possible to deal with non-NFC RFID, or if it's possible but requires rooting. As far as LF RFID cards, like just your basic HID Prox credentials, the antenna in your phone isn't meant to operate in that frequency range (125 kHz as shown), so that's out of the question, meaning, as far as I understand it, *most* of the things you'd be doing, say, cloning door cards or hotel keycards, is dead right there, with no way to interact with that frequency space, because it's been created to correctly work at 13,560,000 Hz, not 125,000 Hz (okay maybe not those exact numbers but that should really show you that they're too far apart to fudge it).
TL;DR - Some applications (NFC tags and payment cards) a smartphone can interact with, but a number of other cards like these here, it either *definitely* cannot or *likely* cannot.
As a tinkerer looking to get into more RFID tools, the Proxmark is kind of a steep investment. Do you have any recommendations of tinkering hardware for people who want to start out but can’t yet justify the price of a Proxmark? Thanks and keep the RFID content coming!
Get the proxmark easy, just as good minus the form factor
@@ip7427 I don’t really want to invest in obsolete hardware… If I had more experience to know when something I’m encountering is expected behavior or not, then that would make more sense.
To be fair, it's definitely not as good. But it can do some of the things.
@@DeviantOllam would you mind elaborating on what was subpar for you needs? i played with the knockoff, pm3 rdv4.01 and the i-copy thingy and would have a real hard time saying one is better than the other on the bench. im not an expert tho. edit: and considering $value i think pm easy is a clear winner for anyone starting out.
@@ip7427 so the "easy" has less memory on board. It can support many basic functions, but the official proxmark has more memory and the official proxmark development chain includes code for more advanced functions which requires more memory. That code simply won't run on the easy. But the easy can do a lot of basic stuff, yes.
The I-Copy-X is far worse, unfortunately. Because it was made to use a screen and better user interface, what they had to do was take a snapshot of the proxmark code at the time of the product's release.
This means that there are no updates for the I-Copy. It does not support any of the myriad of new functions that have been developed over the years by the proxmark community.
Hey dev, what're your thoughts on the Flipper Zero?
Very cool tool. Can do a lot of neat things.
What's the general opinion on Paradox equipment? I'm about to put in my company's first fob system next week, and we went with one of their systems.
I'd have to ask Babak about that one
Thanks, Dev. I'm trying to set up this system so even I will have a hard time getting in after following you for close to a decade.
@@DeviantOllam Welp Dev, I've started installing the system and it's a complete joke. The support portal only allows for 8 character alphanumeric (no punctuation characters) passwords, and they aren't even case sensitive. They use a propritery "evobus" (basically i2c), but that just means you only need 1 espkey to read all the readers that are daisychained together.
Kind of related to card quality, I have two high frequency cards (from different financial institutions actually). Stacked together, so in theory both antennas are being read: shouldnt both cards cancel each other out and the card reader rejects them?
What happened was the metal card was read and the nonmetal card didn’t read. (sample size of 2).
Does anyone have insights to what/what was happening? I assumed the reader would see a conflict and just reject what it was reading (clearly not true)
Low frequency cards can sometimes "cancel one another out" but high frequency cards sometimes can discriminate what's going on. It varies.
There once was a product called a guard bunny but it wasn't fully reliable, I think, and the project stopped being supported possibly.
Some years ago I was interested in the idea of rfid chips injected into a hand - there were a few people who did it. I couldn't figure out what the "killer app" would be. If I could reliably make payments on POS systems, I might do it. Maybe if I could eliminate door/car locks from my life (but that would be difficult) - not just the door to work!
That's all coming, bit by bit, thanks to folk like Amal from Dangerous Things
@@DeviantOllam I got both a HF and LF tag from dangerous things, one in each hand, a few years ago, and i've often wondered the same thing as OP. I think it comes down to a few things, and I don't think there will be a 'killler app', as they say (for injectables atleast).
RFID is already such a convenient technology, and it's pretty well saturated into the markets where it fits. Just about anything you'd want keyed or password protected can be retrofitted or replaced with an RFID scanner version.
It's not about the adoption of RFID tech, it's about the fact that tags have already been made into so many form factors that could do the same thing as an injectable, that an injectable isn't necessary for the average person. You could get a ring, bracelet, key fob, or badge. The only edge that injectables may have is that you can't loose them, but they come with the downsides of concerns should you need a CAT scan, and many are concerned about if they may break. I know the ones at dangerous things are well tested to not break physically, but they can still be bricked for various reasons (like a bad write that overwrites vital data sectors), which may mean you need to remove it.
Overall, I do see injectables becoming more common, but not much. Certainly not mainstream. I like it because it's a sort of symbolic connection to technology (it's a part of me now), and because I'm not averse to body modification (like piercings and tattoos). Not everybody is like that, and most of them would be happy with just a ring/fob/badge.
I like using mine for my PC, as I use linux, and manually typing a lengthy password several times in a given session gets tedious. I'd love to use it at work, but my employer won't enroll it, and I understand their reasons.
@@DeviantOllam Do you know is he still doing anything in this space? Immediately I see a ted talk from 9 years ago - this is probably when I was pretty interested in it. POS systems change every few years, and there are ethical issues with putting a chip in children, so getting everyone in a family "compatible" with the locks is its own thing. I bought a bunch of RFID junk on ali-express at the time, I should get it back out and play with it while I'm thinking about it.
@@DigitalArchmage yeah, he definitely is. The new Apex line of implants is continuing development and integration with wider systems.
@@DeviantOllam ok - very cool :-)
you got to have a Flipper Zero
so what do you think of it?
It's a fun little tool 🐬👍
Do you sell (or do they even exist) dual mode cards that have a slot or can be punched with one without cutting the HF antenna?
So the flashlight trick is the best plan there, I think. Visualizing where the antenna is, possibly even making some marks with a sharpie, and then manually punching it tends to be the best plan.
Heh, in another just now, as well, I mentioned that i've seen so many antennas get clipped when you try to make a hole in the card. 🙃
@@DeviantOllam So none are available pre-punched?
I'm glad I got a proxmark with my implants. The FlipperZero is portable but doesn't have the same power and ease of use once you learn a few proxmark commands.
Something that i don't think gets anywhere near enough credit is that most people carry around a reprogrammable NFC reader and writer in the form of a smartphone. You can do a fair amount of stuff with just an app, and i think the value is easily overlooked
Do you know how to clone a DKS fob? There seems to be services, but they are all hush hush about it.
I've seen DKProx shown as a credential name but I haven't ever been hands on with one. Would love to check one out, though!
You still have Twatter listed in your "Outro."
Yes, to let people know that it's a parked account and not an imposter
@@DeviantOllam Okey dokey. 👍
Sounds like that customer was looking for a preprogrammed card. Preprogrammed cards will have a serial number on them.
I'd love to learn more about NFC; but sources I've found have been... sparse.
How rugged are these cards with respect to mechanical shock such as a drop of 2 meters?
Well you could key a lock to a blank by taking out all the pins lol.
Those cards you can remotely pickpocket? I know you can only run them once that way, but do it at a festival and charge it under something with "food cart" in the name and you're looking a fine day of grand larceny.
What Proxmark model do you use?
That's a proxmark3 RDV4.01
@@DeviantOllam Thanks!
Thanks, lol 🖐️
might wanna remove or cross out twitter from that social overlay you were showing at the end there if you're not using it anymore, then
I keep it because it's still me, even if I'm not posting.
I let folk know that it's not an imposter
just did a quick search on your channel, we can speak privately, but i am a union lv contractor that somehow am forced on all our sec installs, whether it's my wire snakeing and logic thinking, or just screwed by the gods above lmaoo... i was surprise introduced to osdp, and, at the same time, have the attention span of a late 70's baby that got involved in the industry late 90s, to now wantig to keep my gig, but start a congruent {maybe if that works lol} side biz, or cunsultant -ish concept. maybe we could talk offline, or well offtube, or whatever. btw, i can praise and not exactly fault, but be pissed at your lil tiny lishi spacer... lmao it's prolly just dumb luck, but, well, hopefully we connect somehow
LV meaning Las Vegas? We actually have atraining facility out there. I'll be out there next week. 👍
@@DeviantOllam hey D, sorry was rambling lol, but I just meant low voltage. Just finished watching the vid on your new space. Looks outstanding! when I gather the rest of my ideas coherently, and share my vision and questions, i'll reach out somewhere in this platform, but will follow up with a direct email to you at RTA. Thanks for the reply btw!
Is there a social engineering usefulness in reliable unreliability?
I wouldn't bet on it.
thanks my friend
You're welcome 👍😁👍
"let's not use that hand" did you just dox your chip lol.
some arcades use rfid cards for cash
Thanks Olaf!
You're welcome! Thank you for pronouncing my name right. 😉👍
It is very, very, VERY HARD to actually destroy an rfid tag.
I don't mean that it's physically difficult to do, I mean that you must be extremely thorough in destroying both the traces AND the chip section ENTIRELY or the data is still very easily recoverable.
I cut a tag into pieces, lit it on fire with a blowtorch and manually scrapped off the copper traces with a knife, the thing was in absolute shambles, and I could STILL read the data off it. That was just one of the tags themselves, the part thats inside the plastic card.
Regular wear and tear will NEVER destroy an actual plastic rfid card. I'd bet my internal organs on that.
I mean.... You could do all that -or- you can put the card in a microwave for as little as 1 or 2 seconds. Because that will fry the shit out of the chip in an unrecoverable fashion. 😉👍🔥
@@DeviantOllam I was testing to see how recoverable data is under 'natural' conditions of wear and tear or damage. I did it for fun and to test how good my flipper is.
The point of making this statement about my anecdote was to agree with the proposition that your rfid card is probaby garbage 99/100 times, rather than broken.
I love how not 5 seconds after you mention that you've left Twitter, your Twitter handle appears onscreen
Yes, because it's important for me to convey to other people that this is one of my genuine accounts, not an imposter, even if I'm not using it.