Download - HZV 2013.1 RFID/NFC 'n' OpenHardware
@Majin_Boo HZV Meet, Jan. 2013 – First Meet after ApocalypseWE ARE CURRENTLY HERE
1 of 19
RFID / NFC(Avec des vrais morceaux d’open hardware dedans)
https://hackerzvoice.net
Small INTRO
HZV Meet, Jan. 2013 – First Meet after Apocalypse@Majin_Boo 2 of 19WE ARE CURRENTLY HERE
https://hackerzvoice.net
- RFID, NFC !?
- Matériel & Toolkits
- OpenPCD
- EMV NFC
RFID ?!
HZV Meet, Jan. 2013 – First Meet after Apocalypse@Majin_Boo 3 of 19WE ARE CURRENTLY HERE
https://hackerzvoice.net
- Technologie communication sans-contact
- Tags passifs (sauf UHF)
- LF 125khz : Q5, Hitag2 (Renault Laguna)
- HF 13.56mhz : Mifare, Passeport, Navigo, NFC
- UHF : peu utilisé
LF RFID
HZV Meet, Jan. 2013 – First Meet after Apocalypse@Majin_Boo 4 of 19WE ARE CURRENTLY HERE
https://hackerzvoice.net
- Encore très utilisé comme badge d’accès
- Souvent peu sécurisé
- Clonage via tags Q5
HF RFID
HZV Meet, Jan. 2013 – First Meet after Apocalypse@Majin_BooWE ARE CURRENTLY HERE
https://hackerzvoice.net
- Couche transport : ISO/IEC 14443
- SmartCards avec différents niveaux de spécifications :
- EMV => ISO/IEC 7816 (idem puces physiques)- Navigo => Calypso (Bon niveau crypto)- …
5 of 19
NFC RFID
HZV Meet, Jan. 2013 – First Meet after Apocalypse@Majin_Boo 6 of 19WE ARE CURRENTLY HERE
https://hackerzvoice.net
- Extension de ISO/IEC 14443 (rétrocompatible)
- Echange de données au format NDEF
- NFC-SEC pour le chiffrement (utilisé ?!)
Matériel LFQuick ‘n’ Dirty sniffer
HZV Meet, Jan. 2013 – First Meet after Apocalypse@Majin_Boo 7 of 19WE ARE CURRENTLY HERE
https://hackerzvoice.net
- Carte son avec port MIC
- Un peu de cuivre (antenne)
- 4 diodes, 2 condensateurs, 1 résistance
http://www.openpcd.org/File:LF-Sniffer-Napkin-Schematics.png
Matériel LFArduino FTW
HZV Meet, Jan. 2013 – First Meet after Apocalypse@Majin_Boo 8 of 19WE ARE CURRENTLY HERE
https://hackerzvoice.net
- Arduino ou TI LaunchPad
- Un peu de cuivre (antenne)
- Sensor board ( ~ 10€)
http://www.instructables.com/id/Arduino-and-RFID-from-seeedstudio/
Matériel HFOpenPCD
HZV Meet, Jan. 2013 – First Meet after Apocalypse@Majin_Boo 9 of 19WE ARE CURRENTLY HERE
https://hackerzvoice.net
- CPU ARM intégré
- PN532 RFID HF chipset
- Design hardware et firmware open-source
- Environ 50€ http://www.openpcd.org/
Matériel HFOpenPCD
HZV Meet, Jan. 2013 – First Meet after Apocalypse@Majin_Boo 10 of 19WE ARE CURRENTLY HERE
https://hackerzvoice.net
- Firmware libnfc :
- USB TTY pour accès direct au PN532- Compatible à 99.9% avec libnfc (Patch)- Devrait pouvoir marcher avec RFIDIOT
- Firmware standalone :
- Dump automatique des cartes à portée- Pas d’obstacle à l’émulation d’un tag (mais aucun code
disponible sur le repo officiel)
EMV NFCPour tout le reste, il y a mastercard
HZV Meet, Jan. 2013 – First Meet after Apocalypse@Majin_Boo 11 of 19WE ARE CURRENTLY HERE
https://hackerzvoice.net
- SmartCard NFC :
- ISO 14443 1 à 4 : couches transport standardisées du RFID HF
- ISO 7816-4 : même méthodes d’accès aux blocs de la carte qu’en mode contact
- Encodage des données en BER TLV
EMV NFC
HZV Meet, Jan. 2013 – First Meet after Apocalypse@Majin_Boo 12 of 19WE ARE CURRENTLY HERE
https://hackerzvoice.net
- Normes ISO « publiques »
- http://www.wrankl.de/SCTables/SCTables.html
- “Hacking the NFC credit cards for fun and debit ;)“ RenaudLifchitz
- Intéressante présentation- Nécessite bonne compréhension
ISO 7816 - PoC ReadNFCCC peu utilisable en
pratique
EMV (LIB)NFC
HZV Meet, Jan. 2013 – First Meet after Apocalypse@Majin_Boo 13 of 19WE ARE CURRENTLY HERE
https://hackerzvoice.net
- outils intéressants :
- nfc-list, lsnfc
- nfc-relay
- pn53x-tamashell
- http://www.emvlab.org/tlvutils/
- Ticket de caisse
EMV (LIB)NFC
HZV Meet, Jan. 2013 – First Meet after Apocalypse@Majin_Boo 14 of 19WE ARE CURRENTLY HERE
https://hackerzvoice.net
- Wake up de la carte :4a 01 00
- Choix de l’application :40 01 00 a4 04 00 07 a0 00 00 0
0 42 10 10 00
- Lecture du bloc 01 :40 01 00 b2 01 0c 00 00
EMV (LIB)NFC
HZV Meet, Jan. 2013 – First Meet after Apocalypse@Majin_Boo 15 of 19WE ARE CURRENTLY HERE
https://hackerzvoice.net
root@tobago:~# pn53x-tamashell
NFC reader: pn532_uart:/dev/ttyACM0 opened
> 4a 01 00
4a 01 00
Tx: 4a 01 00
Rx: 01 01 00 04 20 04 c8 ca 3c 70 0a 78 80 82 02 20 63 cb a3 20
EMV (LIB)NFC
HZV Meet, Jan. 2013 – First Meet after Apocalypse@Majin_Boo 16 of 19WE ARE CURRENTLY HERE
https://hackerzvoice.net
> 40 01 00 a4 04 00 07 a0 00 00 00 42 10 10 00
40 01 00 a4 04 00 07 a0 00 00 00 42 10 10 00
Tx: 40 01 00 a4 04 00 07 a0 00 00 00 42 10 10 00
Rx: 00 6f 5a 84 07 a0 00 00 00 42 10 10 a5 4f 50 02 43 42 87 01 01
5f 2d 04 66 72 65 6e 9f 11 01 01 9f 12 0e 54 72 61 6e 73 61 63 74
69 6f 6e 20 43 42 9f 38 18 9f 66 04 9f 02 06 9f 03 06 9f 1a 02 95
05 5f 2a 02 9a 03 9c 01 9f 37 04 bf 0c 0e df 60 02 0b 14 9f 4d 02
0b 14 df 61 01 03 90 00
EMV YUMMY
HZV Meet, Jan. 2013 – First Meet after Apocalypse@Majin_Boo 17 of 19WE ARE CURRENTLY HERE
https://hackerzvoice.net
EMV DAFUQ?!
HZV Meet, Jan. 2013 – First Meet after Apocalypse@Majin_Boo 18 of 19WE ARE CURRENTLY HERE
https://hackerzvoice.net
> 40 01 00 b2 01 0c 00 00
40 01 00 b2 01 0c 00 00
Tx: 40 01 00 b2 01 0c 00 00
Rx: 00 70 3b 57 13 49 79 ....
QUESTIONS ?!
HZV Meet, Jan. 2013 – First Meet after Apocalypse@Majin_Boo 19 of 19WE ARE CURRENTLY HERE
https://hackerzvoice.net
Sponsored by http://www.sexygeeks.net