guy in the middle looks like mark zuccerberg

Is this shit for real? And legal?

WOW. amazin.g i really want to learn how to do this.... looks like fun =p

And against Reader+keypad? Reader+biometric. Back to the library I guess.

What is the software called at 1:18?

@DeeJayBounce It is called: "Omnikey CardMan 5121 Contact-Less Demo Application Programming" search google for: "contactlessdemovc".

@1O67 Nice, thanks.

The guy "sniffing" the card at that distance and speed is a joke. This is total rubbish.

@mifareman Agreed, I would tail the guy and try to sit next to him on a train or in a restaurant etc.

Geniaal gewoon.

Ga zo door!

What software program is used to read and write data to and from the card?

@florianvandillen... Maybe is Crapto 1 but, I'm not sure, because in the video show the name card Mifare in the program, if u know, you let me know plz

why not just use a big fuckin brick?

Great video - thanks for posting it. Whilst we can appreciate that the technology has moved on since this was filmed, it nonetheless demonstrates how RFID 'contactless' systems are less than 100% secure, and also the modus operandi for gaining unauthorised access. It's crazy to think that for a tiny sum of money we can RFID protect Mr.Garcia's card - and in doing so , the potential to intercept data is removed, therefore there's no more problem. Whaddya think?

How do you gather data from an RFID reader? RFID is passive, so a serial attack is out of the question, because there's no "authenticated" signal to detect.

as if someone would try that... probly a terrorist would

duct tape can hack computers.

@Epeated With the proper amount of duct tape you can hack anything.

Any specs for building a GHOST?

Problems arise when Mr Garcia is already in the building and they try to enter using the same Mr Garcia Card...

Hey, your not Mr. Garcia!

@gregtestagent Hey! You're not spelling 'you're' correctly!

Hi,

I liked very much what you' ve done!

I' m trying hacking rfid ski pass, could you just tell me which software did you use to copy the data on the cards?

Thanks in advance

You are so epically stupid, how do you even feed yourself?

PRO :0

nope you are "bullshitting"

I dont get how the system works. What the point of cracking it if supposedly all you need to do is copy what ever is in the RFID. No?

Yep, but to copy it you need first to read it ! That's why you need to crack the "read" key , to read it and then copy it.

anyone knows how to make mta cards.. please tell me.. tired of paying 225 a ride..lol

If you are serious, you have a lot of learning to do my friend.

This is like something out of a heist movie...now they just need the vault code and they're rich!

iemand buiten de uni die die proxmark3 al in bezit heeft? Ik ben al een tijdje bezig om dit zelf eens te proberen.. maarja 350 euro voor een proxmark3 is toch een aardig bedrag :(

Key of all tag is F9AB23456432?

If each tag have a different key, can't hack ?

fuckin geniuses how do they know that?

Mr. Garcia would be entering that building about 500 times a day lmfao xD

the signnature created is never the same on two transaction with the use of CDA, it uses unique number, amount etc. on the signure. the use of a static signature is rare, and can only be done so often by a card.

I work with contacless cards, and the only weak link here is the program implemented in the card, not the card itself. The use of CDA protocol makes this impossible to replicate, unless you discover the private key, but good luck with that (this with an asymetric key protocol).

It is useful to notice that an exact duplicate of a signature created by for example a 4096 bit key is still a valid signature.

The protocol could be as strong as you could make it, but if the data stored on the medium could be copied from a distance, there is no sense of security.

How did you get started in RFID hacking? And where/how did you get the sniffer? It looked pretty DIY. Very interesting! I see our little green sea is pretty far in this technology, and hacking it. lol. A friend of mine has a system in his school that's pretty similar. I wanna try to clone his card. Any tips where I can start?

The eavesdropper that is used here is the proxmark.

I'm going to do some research on that.

Thanks a lot!

lol thanks netbooks for making things like this sooo much easier

䋏䌜䋰䋋䊹䊻䌇䊸䊤䉿䊢䉿䊖䊽䋐 this is crap XD

jsommerlad: I agree with you, but what many people who view this video fail to realize is that RFID itself is not to blame here. The "implementation" is flawed. As you point out, the system SHOULD only let one person through but it's obviously not doing that.

wats the point of giving multiple people the cards? only one person can be in the building at once

Security guard seems as useless as the key card.

it's obviously a demonstration, or did you think he wouldn't notice all the camera equipment sitting behind his head pointing right at the monitor?

Is this the MIFARE Classic version? What about the DES, 3DES version - is it secure?

Yes, this is about the Mifare Classic. We have no information on the DESFire.

NICE

hahahah fuck you governmend cunts looks like u'll have to come up with something else to keep track of us, u little bastards :@

very interesting...

as a user of oyster PrePay in London I (and family members) have had problems too - not from hacking, but from the system not always reading cards properly and then charging the default 'maximum fare'. On complaining to the Oyster helpline (by telephone) I was told that sometimes there are problems with card readers at the ticket gates, but these are always corrected 'quickly'.

Simon

There is also someone being taken to court for failing to pay a bus fare - his card had enough money on it and he says that he did swipe it - so its not his fault if the system did not work correctly.

The first part is stupid ! The attacker can't connect data unless there's a card in the field. Reader gets data (from card) only after a succesful request+anticollision+select loop.

The device that is used in the first part emulates a Mifare card and that is how the data gets collected.

@noeglups The first part is ok, it can be used to get crypto key, but it is not so easy to read the card just "meeting" the person on the street. You have to be really near the card (few centimeters) and it takes time to read all sectors and blocks, at least 2-3 seconds. Possible but not so easy like it looks in this video.

Why no technical detail HERE?

Q:

#1 website says cost of hack was under $10K. This was no easy hack.

#2 Does RFID reader support Silent Tree Walking?

#3 Software should notice duplicate Entries without Exits - this would be an EASY red flag.

My office has similar solution but displays your Photo to the guard. Two factor authentication is always a good idea.

If I were asked to hack the system what would I do? ... slip a student $20 to borrow his card (much cheaper than $10K. fools).

That depends on who is going to do what with it. Russian mafia copying millions of Oyster cards in London and selling them at busstops would make it worth it...

My point is not whether or not it's worth it (of course it is). The point is that RFID is NOT the culprit, it's poor IMPLEMENTATIONS that give the technology a bad rap.

So Flavio's key is really F9AB23456432?

haha, good catch

Yeah they are Clinton , Obama , and MCcain all got their passports hack in to today. Now everyone has control over you . CNN Look it up 3-21-2008

It's true about RFID chips being insecure.

Getting unauthorized access in a office building is one thing, BUT the really frightening thing is RFID is now being used for credit /Debit cards, and other financial accounts accessing as well.

A lot of key cards still require a personal number to be punched in. It's impossible to find that number unless you can hack the main security server.

... unless you use a camera (ATM skimming), or UV-sensitive ink, or heck, replace/alter the pinpad.

which SW was used to record data on the Scard?

what do we have here? a comedian hahaha

I did a thesis on this particular activity a year ago after recent RF emplacements were undergone. It's a difficult method to counter, so expect to see this happen more often.

Great work!

These guys are really pro :P