How safe is contactless payment? || How does RFID & NFC work? || EB#40
HTML-код
- Опубликовано: 30 сен 2024
- $2 for 10PCBs (24 Hour Fast Build): jlcpcb.com
Previous video: • Make your own Modern L...
How Does Wireless Charging Work? video: • How Does Wireless Char...
DIY Wireless Energy Transfer System video: • DIY Wireless Energy Tr...
Facebook: / greatscottlab
Twitter: / greatscottlab
Support me for more videos: www.patreon.co...
You can get the components shown in the video here: (affiliate links)
Aliexpress:
RC522: s.click.aliexp...
PN532: s.click.aliexp...
RDM6300: s.click.aliexp...
RFID Blocking Card Holder: s.click.aliexp...
Ebay:
RC522: rover.ebay.com/...
PN532: rover.ebay.com/...
RDM6300: rover.ebay.com/...
RFID Blocking Card Holder: rover.ebay.com/...
In this video I will be showing you how RFID and NFC works. Along the way we will have a look at a few RFID readers, how to use them for Arduino projects and in the end determine whether contactless payment is truly safe. Let's get started!
Websites which were shown/used during the video:
github.com/ele...
www.boecker-sy...
www.nxp.com/do...
ww1.microchip.c...
www.nxp.com/do...
www.nxp.com/do...
www.mouser.com/...
Thanks to JLCPCB for sponsoring this video
Visit jlcpcb.com to get professional PCBs for low prices
Music:
2011 Lookalike by Bartlebeats
Killing Time, Kevin MacLeod
(incompetech.com)
As it's know in the security industry, the S in RFID is for Safety.
There is no S in...
Oh...
@@rich1051414 👏dont worry i was about to post that
Thers no S in RFID... are yu stupid or someting?????
@@Loznero No
@@Loznero I hope you're joking
I frequently pick up peoples discarded public transit passes, or wristbands from concerts, they contain mifare ultralight tags which can be reprogrammed to perform various tasks on NFC-enabled phones. For example I taped one to my night stand and programmed my phone to enable Do Not Disturb when its detected. Super handy and people just leave them everywhere.
That's pretty cool
Great idea! Can old credit cards be reprogrammed? Or does the security prevent that?
@@TheRainHarvester cards that have security cant be reprogrammed but apps like Tasker and Trigger can still use them
I wish mifare desfire mk2s weren't protected so much
Shadan Rikan yeah but free is free
Didn't mythbusters get in trouble for trying to cover this topic?
Useless Duck Company Yes you’re right
derbi senda why would they get in trouble?
Nicksperiments Wellll, they found out how crappy the system was.
@@Nicksperiments they got in trouble because the credit cards companies threatened to cut ad money for their TV channel
sligovolts, really? But if this was true, then media system that relies on commercial sponsors but yet claims to be independent would be inherently broken!? unbelievable.
Greetings to Germany from Germany
The only country where your credit Card is Secure (because you just cant use it to buy a cup of coffee) :D
Same :D
@@ostelaymetaule haha xD
@@ostelaymetaule sooo true 🤣
Danke😉🤣
I remember a few years back at work, having to implement the MIFARE DESFire NFC card's instruction set. Was quite interesting to see how advanced they can technically be.
Lasse Hovlandsdal, may I ask what you implemented?
@@martinrocket1436 Certainly. We were implementing what is colloquially called (at least here) "bus cards"; the NFC-based cards you in many cases can use on public transport. (Specifically, it was an implementation of a subset of the ENV 1545-2 standard.)
@@MrZenzio It might be weird, but I'm wondering, why would you implement like cards instruction set, where there are complete chips that provide complete solution including encryption implementation, CRC validation etc.?
For example PN532 mentioned by Scott. It's just like "I want to talk to that card, that's the password, gimme data from that sector" etc.
@@domints Quite simply, availability. At the time, there was no suitable drop-in component that would work within our specificatio (the hardware it was required to interact with, and some requirements imposed on us by a third party). You are certainly right that it sound like a strange thing to do :)
Come on Scott, this is oversimplified. You usually create content with precise info and much more details. Keep up the standard :-)
I was disappointed too
Yes, its lacking something else
Maybe it's in order to prevent abuse of critical security problems in a criminal way...
Yes that's was a bit short video, usually much more info, but anyway thx Scott
Cookie__XD this was my thought
Worked in industry with this technology the big thing I took away from it was that cards don't have a rolling transaction number, your phone does thus each transaction on your phone can only be used once per transaction and not duplicated.
Had the idea to make my phone work as a key to my rfid sensor and came to this conclusion as well. It scanned a different number everytime. So that didn't work..
Only problem is that the phone can be hacked. Often over blue tooth . Then your payment processing app will provide codes to the hacker remotely until it's caught.
Currently phone payment systems are less secure than chip and pin. Every one of them has been shown vulnerable.
@@kaseyboles30 That's not true
@@resneptacle several of these hacks were demoed at the black hat conference in 11/17 and more have been found since, like the Samsung one with it's predictable token generator(to small a token space, and the way it handles multiple cards on one account makes it worse in that case).
Dig into what the security researchers actual say. Right now chip&pin is much more secure (assuming properly implanted, quite a few are incomplete atm).
@@kaseyboles30 Have a link to what they say?
The short range is not because of the "high frequency", it's because that chips use capacitive coupling. At work I had to do with UHF tags at 868 MHz which have a much higher range because they are using inductive coupling. But please don't ask me for details, I just had to control the reader :)
Both can have really long ranges with very specialised equipment, so it is possible to make it go far
That's not really true...
You can pay with NFC on credit cards with higher values than 25€ ;)
For example I paid 480€ contact less for my TV.
The limit of 25€ is only set by your local Sparkasse bank
depends on the banks, you can also make that limit higher or delete. if limit exceed you need to enter your code
Could you make a video about DIY or BUY BMS with balance charging? As always, great video m8!
Gruezi
Search for collin hickey or adam welsh diy bms
Part list around 30 dollar
Before watching the vid, i thought nfc stands for No Freakin' Cable...
lol
Near Field Communication*
@@iProgramInCpp really? I'm shocked
Diy or buy rfid smart door lock?
Cool,would definitely like to see
Still not safe tho
DIY, i have a $1000 SALTO-system at my home. Way to expensive
Depends of the safety you need.
If it's for your house's main door definitely buy, but if it's just to keep your annoying sibling out of your room or something like that diy is the way to go.
buy an encrypted one for the front door/backdoor/exterior access. Definitely DIY anything on the inside because buying each time for the inside will leave your wallet drier than the mojave.
Please make a Video with muscle sensors!
I can put it on my to do list
And maybe also the alcohol sensor from Arduino
Your channel has grown alot since I started watching a few years ago. Great work, as always! Your videos are always well made and detailed.
both bank (ATM) cards and SIM cards are using same standard and actually are (at very least) similar inside, if not identical
those are not just memories
those are full blown computers inside (granted very embedded, but still computers)
they never give access to what is inside, but rather are used to sing, decrypt and encrypt data
Vpr paranjitt vannathaa....
OK, it sends the data, but encrypted by the manufacturer key. *Safe as long as the card maker* can keep their encryption keys safe. After that, everybody is not safe. The govts can probably pressure the card issues to give them the keys, if they wanted to. OR till real evil people figure out some weakness in the tech.
Why would the govt want the keys?
Now if everything is connected to the internet, nothing is safer :(
Thanks for this video!
This video had nothing to do with the internet
flexairz Transfer between the store and the bank would happen the same way whether or not the customer used NFC. This video is about RFID and NFC so I was just saying this comment is not very relevant to the topic of the video.
does not matter internet or not, nothing is absolutely saft
You shouldn't be, at least if you're using Google pay or similar. If Google messes things up you'd be sure that they won't take it lightly, besides banks always insures you that your money is safe, no matter how stupid you are.
You could live even without internet just some simple Phones and Messages now it is painful because most of time everything uses Internet for faster communication
Great Video, Scott.
Should you want to go into more "in depth" of both NFC and the security around it, I can connect you to people that are on the edge of this technology. I recently got a demo about the NTAG 424 DNA (Followup of the NTAG 413 DNA) which is a great and affordable chip type from NXP and has a very, very high level of security.
My dorm just had a renovation and introduced RFID/NFC door locks... I wonder how secure it is. I'm going to try and see if they did something stupid like having the memory on the key being a combination of your room nr and something else and not a completely random key. If it isn't random I could make a master key that works everywhere. It wouldn't surprise me.
Edit (09/12/2022): Today I picked up a newspaper at my dorm. On the front page the company that installed our locks in our dorm is being criticized for ignoring security concerns and that their locks are easily copied and turned into universal keys that work for thousands of apartments and dorms. Guess i was right xD
I would love to see a collab with LiveOverflow again about this
You can also carry two nfc payment cards right up against each other in your wallet, which will confuse the reader.
doesn't even need to be a payment card. I've got my ID card, train ticket, blood donation card, public swimming pool card.... Shit, everything has NFC nowadays
nice 7 cards...x 25 euro ...the bad man can take 175 euro :)) i'm joking..
except it will confuse only shitty readers, because ISO 14443 has collision detection and resolving mechanism described :) With good reader they can bill all your cards at once (except they won't because of reasons I described elsewhere, but having multiple cards isn't the problem)
I thought the cards need energy to activate the chip, so two cards do absolutely nothing to each other.
edit: nevermind, I've read the message wrong.
@Lucas Cruz who should believe what?
5-1=4, that's a minus.
ISO 14443-4, that's a dash.
Not trying to be rude, just informing you of a mistake you make. You're still the best English speaking German I've heard!
Contactless payment is not dangerous since it is a RFIC card instead of RFID card that uses an internal key to sign transactions. Therefore, it is ridiculously hard to clone it even if you get physical access to the chip. Even in that case, just use the CVV is much easier :)
Also, mobile payment is great because it requires you to confirm before release the information. like apple pay or sumsung pay.
In my opinion, ApplePay may be the most safe method since it have a physical chip dedicated to cryptography and generate a unique transaction id to perform the transaction.
BTW, the magnet strip contains card#, date, and CVV. therefore, a card w/o card number is just as dangerous if it have a magnetic strip on it. Therefore, I am disappointed that Apple Card have a mag strip on it and still marketing it to be safer. Is your threat model people who are just taking a picture of your card when it is lying on the table?
I was thinking like, if the card encrypted then what stops people from just copying the cards info directly onto a second (maybe virtual) card? What is it that makes rfic harder to clone? Does it communicate instead of just information dumping?
@@lucasschut4174 so the card contains a asymmetric key to sign transactions inside itself, and it would not allow access to the key without some involved process such as DPA
Try lookup FIDO U2F key or Bitcoin wallet, they work in a similar way
You are correct, but bank card uses NFC (Near Field Communication) which is a subset of RFID, but width a much shorter range Up to about 10 cm or 4 inches. Todays RFID can have ranges up to hundreds of meters.
well, you've talked about passive RFID, but i think it would make a great video if you'd talk about Active RFID, and maybe made like a security system with it or how safe it is in cars.
Are you from Germany?
(the payment card in the beginning of the video is from Sparkasse, the gpay page in the play store showed Aldi Süd as one possible place to pay with it...)
NFC limits are way higher here in Australia (think of people buying groceries etc) I killed my antenna but left the chip untouched, so no contactless payment for me (or anyone else if I lost my wallet) 👍
Here in Europe, NFC also works above €25,-. You're just required to enter the PIN after the NFC transmission for those transactions.
@@phsch108 $100 AUD here is the point after which a pin is required, $100 in multiple store would soon deplete a healthy bank account
I've reported my card missing then used it afterwards contactless several times. I'm about 200 bucks up atm.
I hope u didnt use it in the same location where you live.
@@houdiniabracadabra6180 Yep I sure did. That was a year ago, not had any backlash yet. Banks aren't going to file police reports and subpoena CCTV footage over a couple hundred dollars, they'll just write it off. If I'd stolen thousands or done this more than once, then maybe they would. Good thing about contactless is there's no clawback from the retailer, the Bank takes all of the hit. The extended story behind this is that a utility provider had mistakenly took a large amount out of my account and the bank allowed it even though there was not enough in the account to cover it. It was all sorted and the utility provider refunded the money but the bank refused to refund the fees they charged (which added up quickly) for the unauthorized "borrowing". Instead of going through all the hoops and legal nonsense to get the fees returned, I just did the card thing, then closed the account.
@@spudhead169 ok then i won't hate you. U did what had to be done. Get your rightfull money back. Thx for the idea though ;)
Woah, I would have never thought to "loop" a probe like that.
If you have an android device then play.google.com/store/apps/details?id=com.maxsoft.creditcardreader can read the data on the card.
NFC relay attacks are still a thing which can be done against many card variants. You can buy these garage door readers which allow for long distance (like a few feet) reading; I am not sure how to hack one of these things such that a proxmark can use the antenna instead, but it should be possible.
Btw i have a NFC tag on my keychain... with my contact info, would suck to loose keys
In a German identity card is a RFID chip as well, and it is readable with the Arduino RFID reader :O
Yeah, but its useless to do so because it sends you any time you do a Reset another ID, at least so is mine. Most Datasheets for RFID Cards are under NDA, so you won't know how to talk to it/decrypt it. You can't even get the Datasheets for a Desfire Card without signing any NDA. Actually, they have done well on it in the "Internet Neuland" ;D
So, this is actually a fun topic, as stated, the nfc cards have chips, though, these chips can come in 2 variants, dumb chips, and smart ones. Bank cards actually use the smart ones which can execute code themselves.
When a card comes in contact with a compliant terminal (lets say a train ticket machine) your bank card will communicate and generate a one-time-use token to authorize the payment.
these payments are often bundled together and then send to your bank for processing, but that's another topic.
In essence this means that even if you could capture the data, the token would be different each time, and because only your bank knows how your card encrypts said token, it'll make finding people who try to pass on those fake codes trivial.
Additionally, these transactions need to be approved by your bank, and this needs to be done on-line, essentially:
1) the transaction + authorization token is send to your bank
2) your bank checks if the token is valid
3) your bank checks the transaction itself and may flag it if it spots something wrong with it (done by complex algorithms)
4) your bank checks the receiving party
This system is by no means perfect, if a person were to steal your card, they could make a few transactions before you'd block if for instance.
BUT, its a lot better than the old mag strip system, where all the data was on the strip, rather than cryptographic ally stored on the card
The title is: "How safe is contactless payment?" which was not covered in the video :/
the answer is on a card, sort of, at least no one should be able to steal a significant sum. From a phone? very secure.
@@joestevenson5568 In the video is used completely different card type than the credit card has
@@tomhyhlik1788 wdym?
@@jakedowling8414 no, he is not giving any info about contactless payment at all :D
@@tomhyhlik1788 Contactless payments are rfid cards that emit the cards encrypted data into the reader. the point is that if a hackers reader gets close enough to your card it can get your data, tho encrypted. phones can turn this function on and off. so up till there you can get a pretty good self thought out answer
@GreatScott your video does not make enough distinction between NTAG, Mifare and EMV contactless cards. They are pretty different to each other.
Each of these has their own "API" and access control systems which run over the ISO standards including ISO 14443. The debit card you showed has both RSA and 3DES, and can be accessed using standard ISO7816 commands. The EMV specifications are the open standards for this, and are available from their website.
EMV cards, both contact and contactless, use 3DES or AES session keys which generate a unique cryptogram for each transaction, which signs the transaction amount, the date and a random number from the terminal. This chip data is very difficult to counterfeit or replay (other comments have also made this point).
You totally oversimplified (or just didn't dig enough) the RC522 / PN532 topic. The 13.56MHz tag isn't spitting out data. It won't even spit out ID without being asked, not to tell about the data.
All the data on the card (1KB in case of Mifare Classic 1K) is password protected and your card spit the data out because your reader asked for it and had proper access keys - in case of your card it was transport key, default consisting of loads of 0xFs.
The only card that just spits out data are the 125kHz cards, but there isn't much there to spit - just few bytes of ID.
if you can open your youtube channel with RFID. can you auto subs another person channel with rfid. if that so i can make a card that auto subs me or another person. just tap the card to another strangers phone.
My bus stops near me have nfc cards in the bus stop and when you scan it you get taken to the time table on the website which is pretty cool but instead of that i read the card and rewrit to the card so now when you scan it you get taken to pewdiepies channel so you can subscribe
Dafaq really? And why did they put rewritable cards on there smh
@@tanmay______ yeah i thought that because in the card writing setting you can actually write protect them
@Joshua Hutton
They probably didn’t think to write protect them because they didn’t think people would write to them
Whoopsie doodles
@@Abdega bus stops did an oopsie
Pewdpie.
Really?!
Ffsk..
Yes. They shouldn't have left the cards unprotected.
But just because you can.
Doesn't mean that you should.
Create a project where it uses an active rfid. It should transmit different data in every x second. Make the change synchronized with the Arduino so everytime you authenticate, it would pass. Ex. encrypt "qwerty" with unix time as salt, the mcu(with rfid reader ofc.) and active rfid (also with mcu) will generate the same output as long as their time is in sync.
Great video my friend... Nice format!! It allows people that aren't too technical to somewhat understand the tech they use everyday, and the people that are tech savvy can look up the IEEE standards to acquire more information...
I had a professor in college that taught this way.. He called it "The Big Picture".. It allowed us to start thinking about the subject before we fully understood the science behind it.. That way, we weren't 'blindly' learning and it sparked our interest.
This information is four years old and should be taken down.
Sparkasse?
Felix R, totally looks like. But one thing he didn't research correctly: The NFC blockers don't always have to be bought. Sparkasse and other banks give them out for free if you ask politely.
@@martinrocket1436 I mean, there is literally the Sparkasse Logo on the Card. He taped over the Name of the Bank though, because it gives away his general region
Timbo Jones, haven't we agreed that he lives in Leipzig?
In the channel description stands he's from Fulda.
Ich heiße das ist sein Impressum und nicht seine echte Adresse. Vermutlich nur eine Agentur
Can you do a collaboration with Live Overflow? You guys are both from Germany and both good teachers in tech things
I follow this Chanel for round 3 years now and the quality of the videos is always incredible high! Thank you for all the time, money and passion you put in our free education ❤️
I got an idea! How about you make DIY induction phone charger of course for a phone with QI support? I'd like to see you doing it
This is amazing timing. I discovered NFC tools TODAY and I ordered RFID reader yesterday for a project me and a couple of friends are commiting to.
I am a little bit dissapointed you didn't cover the difference between the different RFID readers. Please cover this in another video!
rfid could be a fun way to open a hidden compartment
Came here before the notification!
lmao me too haha
you make those pens of yours work so hard, you should be sponsored by a pen company
Crazy idea:
What if, your RFID card had a normally-off button built in, to interrupt the energy supplied by the wireless energy coil, until such time as you want to let the information be transmitted?
Those devices usually are miniaturized, and in some cases it would be very difficult to fit a button in... Think for example about credit cards.
But that's just a minor inconvenience, the main issue is that RFID devices are resonant RLC circuits. Their impedance (apparent resistance) is critical for their operation as it determines at which frequency the circuit resonates and works. A button would majorly screw up the circuit's impedance requiring some serious compensation at factory level. That would mean measuring and adjusting every circuit making this idea definitely possible, but very cost inefficient.
In the end, it all comes down to production costs.
Alessandro Celoria
Ah, I see.
Careful Scott - please let us know if you get a visit from SS or bank security...
ตัวแปรงไฟ12Vเอาแปรงเป็น36วัด
I use a contactless card and also my phone for wireless payment in stores
how do i fix a cracked monitor screen?
Aldi, Lidl, Kaufland, Hornbach, Media Markt, Saturn
Giro Karten gibts nur in Deutschland, überall sonst heißt das "Debit Card"
All this technology (RFID, NFC, Magnetic Cards, etc) Is not dangerous in mater of security. But is extremely dangerous in mater of privacy. So If you want to have privacy in your life, simply reduce the use of them of even better stop use them.
That doesn't make any sense, in terms of of payments your purchases are logged the same by both the store and credit card companies either way you pay, only way around that is to use cash for everything...
Now if you were talking about working at some place that uses wireless tags in order to get around the building, then you kinda have a point.
@@vgamesx1 If I was in charge of building security tech, it would include near range fingerprint scanning, palm line scanning, hair and dot configuration fingerprinting of arms, fingerprint of bare foot characteristics, voice analysis, retina scanning, breath and over all air fingerprinting (seeking most unique possible set of particulate mixture put off by a given person [how animals with a strong sense of smell identify]), as well as checking visible physical characteristics of the body, posture and movement. Not necessarily impossible to fool, but if someone did, every living other spy would blush upon it being proved. Most likely armed security would catch them trying to penetrate a wall, floor or ceiling surface that they can't detect is being monitored.
machst du Englische Video´s nur damit es mehr Leute anklicken`?
Glaube ich auch, er hat auch eine deutsche EC Karte
By standard, EMV cards uses strong security which allows safer data exchange. (e.g. RSA/Asymmetric Cryptography)
I want to setup RFID so I can login to a windows 10 computer. I need to program password to RFID, tap near computer and user is logged in
When you walk on street, then a man bumped accidentally to you. Who has a pin machine in his pocket and takes 25 euros (because thats the limt in our country) by passing the pinmachine along your pinpass...
How to earn 500 euros each day!
That pin machine needs to be linked to a bank account (maybe a merchant account?) so he will soon get caught.
but it might be a stolen account that is just used to get the money physically to then put it somewhere else.
And all his personal information becomes available to your bank to press charges.
I'd much prefer that to someone running off with my wallet.
It was just pure sarcasm but oke😂😂
You probably can build a high power transmitter and drive around. It's illegal to do so, but if you're one person stealing people's money I guess you wouldn't care about that.
How German is this guy !
Great video though
I always love watching you draw and write on paper in your videos. It's a cool aesthetic you don't see often anymore.
To protect your card you can also put another NFC tag in your wallet with some random things on it, like a rickroll so if a thief is trying to steal your card your wallet will never let you down :)
Minus four 😢 It's dash or hyphen.
If you can read the internal memory, there's some chance, that you can create a buffer overflow using some kind of exploit in it to actually change the memory data, right?
This kind of technology is used in shops to prevent from stealing. Am I right?
Sometimes it might be, but RFID is very limited in range. Often in stores it's a far simpler circuit, purely coil and capacitor which resonates at a specific frequency, this is then detectable by the induction coil by the doors.
To presne neviem, ale je to možné.
@@dronemansk2121 JJ
V knižniciach sú také karty/nálepky proti krádeží.
@@thisfeatureisbad jáj už viem, ktoré myslíš
at work i use a handheld rfid machine to scan rfid tags for inventory control, it takes about 10 seconds to scan 200 items and works about 20-30 feet away. none of my current debit/credit cards use rfid now, and only one did before but didn't last long it seems.
Its all about the frequency^^ There are Toll Stations with long range RFID, but they can't read your credit card in your wallet, cause they use another frequency.
where is the quadcopter????Oh...and also FIRST!
The video will come out when it is done.
@@greatscottlab r/technicallythetruth
But in all seriousness, take your time. It shurely will be an awesome project, so waiting a but longer will be worth it.
Greetings from Luxembourg!
@@greatscottlab This is one of the questions which made Scott mad. And the one made him hide his "to-do list" 😉😉
@@tonpa8888 maybe he burn it :D
Make Video: how to make a RFID lock
I only use Samsung pay, make a video on MST technology
MST works by emulating a magnetic stripe being read. Magstripe is no longer in use for payments in Europe, hasn't been for a long time. But that also means that it's just as insecure as magstripe, so, not much to learn there.
@@nikomo They are still used in Denmark
@@nikomo That is not the case, the Samsung pay is way safer. I don't know the terms, but it only works one time with each code generated and ofc you can only read the code when the user wants to pay. The only way to scam someone with Samsung pay except for hacking and such would be to have a powerful receiver and read the code and jam the real reader. Would be hard to do in practice and you still need to trick the bank.
@@marcusm5127 It wouldn't have to be that powerful. Also one could just hijack the phone through blue tooth. Then next time they go to use it the token is relayed to your phone instead of the coil. just only do it on a percentage of first tries and the user won't even realize what's going on and just thing it's a normal failure. And both the bluetooth hack and the token relay have been tried and worked. And the relayed of token even worked when relayed to another country that at the time wasn't on Samsung pay's availability list, many miles away from the originating phone, meaning Samsung pay didn't even sanity check it. "oh you're buying a snack in a country we don't support hundreds of miles away from the phone? No problem"
Why I use ApplePay, it still has yet to be cracked, the only found flaw was in setup, not actual payment.
Cooles viedeo sehr interessant und hilfreich. Kannst du vieleich mal ein paar viedeos auf deutsch machen?
Schau mal in sein (erstes?) q&a rein er will es auf englisch machen ende
Nein
you missed the most important part, the security. For example mifare 1K has trailer parts for each 16 memory blocks, there you can set the codeA, codeB and flags for reading the data from that part (for example you can set to use only codeA or both of them, set it to read/write mode) . The idea is that if you use a RC522 module and the passwords and flags were changed you will be unable to read all the content of the card. What is strange is that phones can easily read all information and even change flags when for example a trailer block was set as unreadable, couldn't find any information on this topic since everybody tries to keep it out of sight. Of course mifare 1K is most probably the least secure card nowadays, since there are a lot of ways to break the security and even intercept traffic, but there are tricks to at least make it hard to copy the card. What I would appreciate if you would show about the protocols of communication used by these modules and some of the outdoor readers (Wiegand)
Is there anyway to copy my cc into a tag? (I want to implant one of these)
If you get a regular dangerousthings chip implanted you can't just clone your card. There is however a company called walletmor that do sell payment implants. I got my regular nfc/rfid implant already and am planning on getting a payment implant once I'm 18
Oh du bist Deutscher auf der Karte stand gültig bis
Fortunately for you, MIFARE Plus is the secure version, which uses AES so it's practically unhackable without the key.
It might use, but it also might use compatibility mode. Also, if it is running in compatibility mode, it is hacked already.
HOW THE FUCK CAN YOU DRAW SUCH A PERFECT SIN?????? Und bei der sparkasse? tzz tzz tzz ;D
If your equipment is powerful enough you should be able to read from an NFC chip from far enough to scan it through your pocket while walking along....
Maximum range should theoratically be something about 1.5 metres considering the used 13,56 MHz(if your antenna and amplifier allowing).
It should be mentioned that one cannot simply charge your bank account with your data, as they would have to use a certified and paired device of an official bank institute - therefore they would get busted in no time.
Only way is like they do with the bank cards.
Copy your NFC to a blank card and shipping them to eastern europe.
Most institutes though making NFC payments under reserve.
They will get your money back if anything is suspicious about the payment.
All in all one could say NFC is as secure as payment without direct acknowledge and physical connection could become ;)
The worst part is I never asked for any of these features.
I thought you where going to go hacker man for a sec
Try CREDIT CARD READER 4.3.6 app (banned from Play Store), you need to download the APK. It has no permissions, even don't have internet access permission. That will read all your card details, even will read the last purchasements ;)
Not true. Credit and Debit cards can be also easily read by "Application Protocol Data Unit" - APDU. You just need to read them differently. Try Credit Card Reader app on Android or google "Reading Credit Card data via NFC with an Arduino".
This has been done for proof of concept, please do not do this in real life it is after all illegal:
Wandering coffeshop licence, and a payment terminal.
Modify terminal to use a amplified frontend and a 35cm diameter loop antenna.
Place antenna under a park bench. The increased range is around 15-20cm. It can now access cards in normal wallets and back pockets as well as cards in wallets in bottom of puses/handbags placed on bench.
Every card that comes into field can now be attempted charged for small ammounts, like $5. Ammount is small enough that most won't notice and plausible for a expensive cup of coffee maybe with a bun. Since the bench and purchase is in the vicinity of the legal place of buisiness and the terminal can be a wireless one, it is very hard to dispute the billing.
This is why I have not and will never enable a non-confirmation based wireless billing of my card.
Embed a button in the card that I have to hold in to enable the antenna and I may think about it, untill then; no thank you.
It is encrypted but can't you still copy the encrypted data to your phone and then send it out with your phone at a store
all the info are blocks (lines) and sectors (parts) with further detailed info. exampe, block 0 (first line) containts the UID BCC SAK ATQA and the manufacturer data, etc.
That's bullshit... Even if tour money is gone... You can receive it easily and teach the stealer.... În this word are tooooooooo many dumb peoples usualy those covers are just for money making... For contact less you needed to touch the card on pos.... How the hell does stealer where you have the pocket and each credit card has a limit on no pin requires do that is around 20 dolars so....to steal money from a card you need to have an pos, pos is provided by banks.... And they don't give pos to who wants... Who need pos it's registered with an ic card and each pos have an address as imei code on phones... They use internet too, provided by a Simcard... Etc and when you make an transaction everywhere bank record the pos io address, Mac address, pos is, hours and a lot of things so... Those special wallets are just bullshit for brain washing. I'M WORKING IN A CREDIT CARDS FACTORY SO...
Can duplicate RFID card 13.56mhz to NFC tag 13.56mhz ?
Thankyou
So we can still try to capture it's encrypted data and just reproduce the signal. Thus having a 25€ false card that we can use from time to time if the victim isn't careful on his money transaction
how safe is an nfc bank card, well imagine you drop it on the floor outside a store, along come an individual of dubious morals, he picks up the card, walks into the store, and gets his self a nice large bottle of jack daniels, then he walks to the next store, and the next....and the next....
my bank has a £50 store / £200/$300 daily limit on nfc.... and by accepting the card, i accepted responsibility for ALL of its use..... most banks have that in the small print...
NFC-Smartcard. No wonder you can't read it out.
RFID-Token and NPC-Token are the dumbest version of data storage.
Btw: You can find NFC-token in Amiibo, too.
You're just using an app that can't speak the EMV protocol. Any NFC EMV payment card will produce its card number, expiry date and so on without any special authentication. It works just like a contact EMV payment card, because, well, it is. It's the same protocol for contact and contactless transactions. In the United States there is even something called “magnetic stripe emulation” which is as terrible as it sounds.
"It uses high frequency so a distance of a few centimeters is mandatory." Not wrong but not quite.
When a rx antenna comes too close to a TX antenna it can detune the network, decreasing its performance. That doesn't mean it's impossible to make nfc work well nearby, it just means the network needs to be tuned to it. It's possible to make a network which can be tuned in real time to a wide range of distances.
You also imply this is due to the high frequency. That's also not really true. Coupling is higher at high frequencies, but this same problem can also exist at lower frequencies. It's just that lower frequencies generally have a limited distance.
The main problem with contactless cards is that when a card is lost/stolen, whoever finds it will be able to make multiple small transactions (e.g. 25 euro limit) until the card is reported as lost/stolen.
Safe is zerro - use RF receicer-plifier and thief money from other cards in public areas... large magnetic antennas can detect 0,5...2m away...
RFID is not always the safest way to do things, it’s actually comically easy to steal RFID information, just take a look at Deviant Ollam who does it on the daily, he uses things like oversized 16 inch coils in a backpack, esp keys, and tons of other things.
Decent security is based on a combination of something you have (a card f.e.), something you know (a code or password) and/or something you are (figerprint, facial recognition, ...). If only one factor is used, or both can be cracked together (like writing your code on your card), it's not safe. NFC isn't safe, the risk is only limited to a small amount.
security is always at odds with convenience.
the safest option possible is also the most inconvenient.
different people have different thresholds of what they would consider "worth" the added security.
Why not cover the RDM880 which is a HF version of the RDM630. they can be piggybacked on a Freetronics Leostick
0:17 wow, that's card reader looks so real. Where did you get it?
Bruh
@@rumahhafidzahbekasi1354 it's a joke
the whole thing is crap ... Hold the card to very bright light .... you will se an antenna outline near the edge ... just take a punch and punch over that antenna line .... problem solved ..... not all cards are paywave therefore all machines ... will read the chip and use a pin ... use that ... dont compromise your money for the convenience of the merchant