 Now, it's my pleasure for the last presentation tonight. Just to get you informed, who attended my presentation two years ago with a demonstration on iF Dump? Who was in the audience? Who is using iF Dump? Only a few. So let's get started. Our agenda for tonight is, what is RFID? How to exploit and attack RFID systems? We have done some stuff like Melanie does with attacks against the middleware. We added a new feature to iF Dump. It's called Vida Emulation or Soft Tax. Some words about the unexpected risks in the middleware. And some new ways to exploit the system. But our main focus for tonight will be encrypted RFID tax, like the ISO 14443 tax. So a short overview, what is RFID? It stands for Radio Frequency Identification. And it's, in fact, wireless transmission of information between transponders and readers without visibility. And that's it. And most of the times, we have redirectional transfers. So it's able to read and write. Even if they only call it readers, the most of them can write to the text as well. And we have a transponder or tech. And this can be attached, embedded, or implanted. And the main feature of RFID is the automatic correlation between object and safe data. This can be a garage door or something like this, a human in a bar or a passport or something like this. So in most times, there are a lot of generic terms. And RFID is often used as a generic term for complete infrastructures. For example, a transponder, also known as RFID ship, tech label, wireless label, or simple ship. We have the reader. We have some middleware. This connects the reader with the server. Most of the times, you have communication infrastructure. And all this stuff is integrated with server farms, data warehouses, services, and supporting systems. Let's give you a short overview. For our work, we are working on standardized RFID, like ISO 14443, A&B, like mid-range, short-range, and long-range. And I've divided the RFID classes into the reading distance. There are the 1356 megahertz and the 125 to 146. This frequency is quite popular if you need to go deep into the material, like taking humans or animals. The 13 megahertz is popular for win city cards, for access control, passports. And the 15693 is most used for normal memory tags used in the supply chain or stuff like that. And what different types of transponders do exist? And there are different types of transponders. Some of them are only transmitting a unique ID, something like a serial number. They are only passive. That means they don't need a battery to get powered. They are useful for identification, tracking, like the fast-track system. And most of them are only using clear-text communication. Then we have transponders that actually act as a data storage. You can compare this type of transponders like USB sticks, pretty small USB sticks. Most of them are passive. Some of them are active. Electronic product code transponders are an example for this. We have the smart labels. Most of them are also using most time clear-text communication. And some of them are using encrypted communication. And we have the smart card interfaces. Most of them are active, some passive. Best example is the IKO MRTD, machine readable travel document. It's a biometric passport. Some access control systems, like the My Fair Desk Fire. The features of this tag is encryption, identification, and encrypted communication. And this will be our main topic for tonight. Some generic attacks to RFID. First, you can sniffing the communication between the transponder and the reader. So you can counter-fine the communication. You can try to obtain the user ID, the user data, or the meta data. You can do basic attacks with this type of attack, like attacks on structures, the data structure that's saved on the tag directly. You can do a replay attack to fool the access control system. Then we can try to counter-fine the identity of the reader and trying to unauthorized writing to the text, like changing the UID via manipulation of the administrative block. They're able to declare false identity. And unfortunately, the UID must be readable in clear-text because the whole system, the whole anti-collision, depends on this. You can do a manipulation on product groups and prices, for instance. We have presented this two years ago. And you can try to manipulate the data stored on the transponder, like the manipulation of data, the manipulation of meta data, like swapping objects or logical duplication of objects. So if you're going to the store, if you want to buy a new computer, you just walk a pair of spare minutes or bubblegum, swap the objects, and now you can buy a new box with the optimized checkout at the price of a bubblegum. There are some other generic attacks, like the deactivation of the transponder. This disables the traceability of objects and the visibility of objects. And you can do it with specific attacks, your famous home appliances, like microwaves. And you can attack the structures in the middleware, the back-ends, and the manipulation of the structures, like injecting malware into back-ends and middleware systems. For instance, database worms. You can try to use this injection for manipulation of back-end systems. And you can try to run a DOS attack against the infrastructure. We have seen it, the talk before, jamming of RFID frequencies. Some of these attacks are known as anti-collision attacks, this type of theoretical paper from Ari Jules from RSA. In fact, the block attack was never implemented and never demonstrated. It was only an academic paper on it. You can buy out of the box police jammer. These are available over internet or buy it on eBay. And these types of jammers are used to block frequencies where suspects can communicate with their colleagues or doing communication or opening the garage to escape. So the police has pretty handy boxes. And this one finger snip, this is box. They can block your DSM frequency. They can block your mobile phone frequency, the frequency for your laser, or for your free wireless phone, and as well for RFID frequencies. And all this attacks preventing reading of the attacks, it's a simple denial of service against RFID systems. But imagine if someone brings a jammer or something like this into a company or into a plant that's organizing their complete production process, this type of text. So you can shut down production sales or even block someone to get into the data center. Two years ago, as we presented RFDump, I got a lot of quotes. Oh, okay, but all the texts are unencrypted. The normal EPC is using standard unencrypted communication. The data is not encrypted on top of the RFID tech. And the spokesman from the RFID lobby is telling us, oh, Lucas is not true. We will use encrypted text. We will secure it, and with encryption, everything will work fine. So no attacker has a chance to change anything on an RFID tech. So we did some research on MyFair. MyFair is the most used RFID transponders featuring encryption. This is a technology, it's owned by Philips Austria. They actually bought this company. And the technology is based on ISO 14443, like passports or some different other texts. And they're operated on the 13.56 megahertz frequency. We have two different families of MyFair texts. The MyFair standard family is operating a priority high-level protocol and proprietary security protocols for authentication and cyphering. We haven't spent so much time on this proprietary stuff because it will be changed to standardised stuff. But I'm pretty sure this proprietary cyphering, if they are not going to release the cypher algorithm so someone can do a crypto analysis, will be some less or more type of soaring with the standard secrets, like all other proprietary cyphers. They are also MyFair ultralight, the same tech without any encryption. And we have the MyFair Pro Pro X or SmartMX tech. This family of texts is fully complied to the ISO 14443 standard. And there are different types of texts offering memory protection. And each sector, each memory block of this tech is protected with two different keys, the A and the B key. And each sector of the text can be protected with one of these keys. First, we have written a small Perl tool, a small Perl script, trying to make a bootforce attack and trying to figure out how long it would take to break it with a bootforce. In the worst case, we end up with 22,000 years. Because you need 25 milliseconds per key, you must reset, you must set the answer to reset back to the key, and it will not work that way. The second chance was, oh, what happened if we just clustering it and run 1,000 alpha D readers? So these texts are quite popular in cafeteria, at universities and stuff like that. So it should be not a problem. They have all one shared secret, one shared key to get 1,000 of these keys. Every student wants an alpha D reader, but we have still 226 years. So let's find a different way to get this information. Unfortunately, Phillips put all information under NDA and you know, if you are doing security research, NDAs are not good. For instance, if I would sign a NDA and give a presentation like this, they consume me. So we are not at all interested to sign any type of NDA. Instead, we get some software that's really available and we need some point to start. So we run the Unix tool strings on it. You know what strings is doing? Yeah. So actually it's extracting from executable binaries all zero terminated strings. And after we got some strings, we start some Google hacking and looking what other results with strings that could fit as a sector key. And Google helps a lot. It seems like Google desktop search is very popular at SmartCard developers PCs. Look at the results. So without signing NDA, we got all necessary information. We got keys. We got data sheets. We got descriptions and even sample applications. So we found the following default keys. This are the keys where the new cards could be shipped with and we found about 60 keys for my sample applications. And also there's one specific key that turns off all encryption features. Also we found a nice document. It's called Mat and it is really Mat. It calls my fair application directory. And this helps if you're doing some investigation and reverse engineering on this stuff because Philips wants to organize the multiple type of use for their crypto RFID chips. So they introduced a directory where each developer can sign up and write into a sector what type of application and what type of data layout he is using for his specific my fair application. So in this Google data sheets and documentation we found huge amount of examples. So we found examples including different keys, different tech memory layouts as well as data structures for ticketing, access control and online payment. And you know developers are really lazy. So we checked a couple of these cards and we succeeded with more than 75% use the default keys. So something like, oh, it's compiled, let's ship it. And even I cannot believe that the programmers don't understand anything at all. So they are not only using the example layouts from the data sheet, they're also using the keys. By the way, are smart cut developers here in this room? No one. You know, how can we bring this notice to a smart cut developer? It's pretty good if you understand what you are doing and not only putting the example layouts from the render and oh, it runs. Okay, let's ship it. So we figured out directory attacks are the best way to get into encrypted RFID, attacks are possible with default and example keys. The new RF dump version will have a huge dictionary and we are right now working on, you know, John the Ripper with features like John. So you can mutate and apply rules to the dictionary we found. So it's much easier to boot for us or to do a smart boot for us attack to the RFID tech. And we found some security flaw in the general design. I've never seen something like a lockout or false login counter. So you can try unlimited twice and they're also missing a delay for false key. Just does not exist. Okay, and this part I want to give you a short demonstration. I run this wonderful operating system in the VMWare here. This is a new version of the RF dump. It's actually on the CVS. We add support for the MyFair stuff. I feel a couple of cards like cafeteria from the University of Wunswick. Cafeteria from the University of Berlin and some examples. And we changed our dump a little bit. So now you can start to scan and it will read the tech at home completely. It's now scanning for attack and starts reading the page. You can stop it. And you got the famous known version of AF dump with a pretty nice ASCII and Hacks editor. So if you know the layout, you can just change the amount and doing stuff like this. And we added support for much more readers and much more frequencies. And we introduced this nice new feature. Crack key A and crack key B. So this crack key A, we are running a brute force or smart brute force attack like presented on the cart. And it takes a couple of hours to break the sector keys, to get on the content we are all interested in. And we got the application layout. We know what byte has to stand at what position on my sector. What byte is presenting my day for validity for my ski pass or my amount on my cafeteria cart or something like this or even my access level for my data center. And most of the times, if you're pretty smart, you get two or three of these cards and you can look and you know your access level for your colleague, your access level and try to diff them and figure out how the privilege are organized inside of your organization. Now let's come to the second part of my talk. Just let's attack the backend. Now we got the alpha detect, we got access to the also encrypted sectors. Now we have something like normal storage. And we can use this storage to transport malware, SQL injections, buffer over ones and stuff like that directly into the backend. We have to know if attack is read only and we need to change something on the attack. We just need to clone it. This can be done with I've done. So you can go and you can load and save the content into a XML file and this help of this XML file, it contains the payload of the alpha detect. You can load this file into an alpha D emulator and change any sector like the unique idea and stuff like that. And the new version of I've done can emulate the complete structure. So it can emulate the payload the administrative block like the unique ID that's normally not changeable in this way and it also emulates the reader. So if you want to break in the access control system, you just rip off the reader and put your serial it's most of the times are us 448 or something like serial TTL level connection. And you can just connect it with an adapter to your notebook and emulate everything. As well you can load this saved value and just dump it back into an empty new alpha D tech. So we are able to deal as well with read only alpha D. So just write the manipulated data into an empty one. We found out that some of the really clever smart card guys check some of the tax. They are just mowing the unique idea into the user data fields. And if the block is encrypted once again, the sector team must be broken like presented. Now let's have a look to the new pretty new version supply chain. We have a central data warehouse at production time. The product get registered at the data warehouse. They are tracking the distribution. They have a pretty new feature called life cycle management. Something like, oh, your Rolex needs a new battery. Please come to the store at the point of sales. The data could be correlated with a customer data like your credit card, your customer record, your loyalty card and stuff like that. And they're able to operate customer care. This means all the systems must be connected in a network, must communicate with within and must have some type of relations. So what's possible? This is brave new world. We can take some of this malware. The most systems have a tool that's called event manager. So if an RFID tech gets scanned, it's coming to the event manager, going to the information server or the middleware and ended in your ERP or CRP system and in your back ends. One problem with this design is they just want to make the techs as cheap as possible. So they just ignored some functions on some RFID techs that give you an information if you read up to the end of the RFID tech. Instead, what's happened? The page just get flipped and you get a multiplier of the page beginning business address. So you can utilize this feature. Now we have unlimited space on the tech. So you can use the RF dump and the tech database. And we need to use this tech database to avoid reading over the boundary. Let's have a look to this. Oops. And this is tech database. It's necessary to know the actual size of the RFID tech. If you don't know how many memory sizes or how many memory pages you have and the memory size of the tech, the most readers will just read above them and the most techs gives you a multiply for the original content back. I don't know it's bug or a feature. So normally the reading is even driven like a barcode. The barcode starts reading. You get normally a introducing sequence and end of field sequence. And all this EPC guys are only thinking in barcodes. So why expand more into one of these features? Let's give you an hour back if you're reading after the end of the tech. We are just implementing an end of field. And like the most new systems, the input is always unchecked in all implementations we have seen. So this is an example. We have here RFID tech with the C structure. And we have this nice feature with the C end of string. So imagine what's possible. Any ideas? Yes, to remove the end of string. And if you remove it, we got unlimited memory. So if the input is even driven and we got unlimited memory, what's happened? You get a buffer over one and that's it. By the way, I killed my office physical intrusion detection system by this way because they are using a pretty cheap TMS microcontroller. And after I've killed this and the service company was unable to repair it, I just disassembled it and found out they're using a TMS Ti controller and this controller is not dividing code pages and memory pages. So I got an access card for enabling or disabling the alarm and I clone this card. We moved something and unfortunately, it gives the error like error on that and that was it. So I called the vendor, oh, they have a problem. Our alarm system does not work anymore. I tried to deactivate this. I got the error on Zept. No alarm sounds and all doors are open right now. Oh, we don't know this error. Probably something must get wrong. And I found out I just overwritten the actually programming of this microcontroller and the result was I just destroyed the programming. No alarm sounds and the door opens. Unfortunately, the system was tested and approved by the insurance company and the insurance company telling you, oh, if you buy this specific system, your insurance will go down because it will raise your level of security. Instead, you have the ultimate tool just as door opener. And I don't know what's going on because the service company came and changed the microcontroller and I just want to test the cleverness. So I just put after the guy from the company came, my tech informed and that was it. And he told me, oh, we have a problem with this series. It must be something like your electrical power or something like this. I'm not sure that pretty even don't know that they're using RFID. They're using some type of transponders. Okay, so now there are some patterns. They are now starting to put direct XML into the RFID text. Oh, we can do the same like with C structure. Just put opening text and some level, it will crash. The next idea that's coming to I've done with soft text. So the readers are pretty expansive and no one is interested just to use a reader. So if some of your hardware guys is interested, you can use a small microcontroller with an interface and this can act as a battery powered RFID tech and reader. So we can emulate the whole system and put any testing data into the back end or the middle there. Our version can read the backups, the XML files from I've done and we are able to manipulate everything because we have the full control over the complete system. Okay, now is anybody interested to come to the podium with some of his favorite RFID iso techs like access control? We can have a nice demonstration. No one? Okay, we can shift to the question hour. Oh, we have one. I'm not sure is it ISO. So let's check it. No, it's not 14443. Okay, I'm not sure what that is. Okay, thank you. Okay, so I cannot get it. It's probably not in my tech database but I have a backup tool with me. Let's check the second one. No, it's not 14443. Perhaps the range is not, I cannot select it. It looks like, yeah, but if it's a TI ship, it's probably, oh, we got it. You have to put it on the opposite side. The range is not really huge. Okay, let's try it with RFDump once more and look what's on it. By the way, as soon as I got reliable internet back, you can go to our site and download this version as a Vmware player. So there's no longer need to install Linux on your box and to handle and to have this stuff. You can just use Vmware and run it on a CD or doing a live demonstration with this. We're using the ACG reader. And yes, it's unsecure. I'm using an autologon as a root and I'm just starting RFDump. So please don't complain about, okay. Now I have to get avoid this trash in my queue. Okay, we got it. Now I have to hold it directly under. It's hard to get. Oh, we got an unexpected page size. You know the page size of this? Okay, now I got some, I got the ID, yeah. I need to investigate something about more of the page size. Okay, so I need to apply for American Express card to get unlimited credit. Okay, thank you. Let's have a look to this access card and then we can release you from your pain. No, it's not. If you come to the podium after this, I have a couple of different RFD readers with me so we can check it out. Okay, let's start with the question session. First question. There's a microphone in the middle. It would help a lot. No questions. We have support for ACG reader. This is a standard Phillips chip and the nice feature for the ACG readers is modems with the AT command set, it's a Hages command set. So you can communicate with these readers with an ASCII command set and you can just open something like a mini-com or a terminal program to punch in commands and try something out if you are doubt. The most of these RFD readers are designed by the same stupid guys that are designing smart cards. So you have, yeah, you have something like, you know what nibbling is? Bit nibbling and stupid binary commands to send to them. And ACG got so much pressure from the smart card guys, they are now supporting two versions of this. So you can switch into a complete brain-damaged binary protocol and still use a nice ASCII protocol. And if you're interested to get one of this ACG stuff, you can now order it over the RFDump page. We don't make any money with it. You can just check the price and we do also ship to the US, like somewhere else. As well, we have an open API. So if you want to put in your reader into RFDump, there's a C structure, you can put in what type of commands you are sending, what type of feedback you are getting via regular expression and can use our reader API to put new readers into RFDump. Okay, next question, please. You know, I'm just curious, have you ever done any work with the military cat card in their RFID system? What type of card? CAC, a cat card, common access card. I wish I had one to scan for you, but I don't. The problem with all this US military stuff and Popeye's arbitrary US stuff is I feel not comfortable to checking one of these cards here in the podium at the DEF CON. You know, my lawyer told me what I can say in the US and what I should not say. And if some fat is interested that we are going to do an audit on the software or something like this, we can organize something, but I'm not feeling comfortable to speak about it. But I do know that my NASA is using my fare as access control. And this is one of the biggest customers. So they were like, you wanna come back for DEF CON 15, right? You know, they were, I understand that, but have you been directly threatened then or? Have you been directly threatened then or you just prefer to kind of keep quiet? I just want to avoid some situations. That's cool. I appreciate that. Yeah. The next question. You mentioned that a lot of companies use the default key. When a company deploys in general, will they use a single fixed key or will different RFID tags have different keys? Like for a single company's deployment of a given product? Normally you have one chat key. So the reader needs to know the key to communicate with the company cards. And some of the companies are clever. There are other solutions that set up one key per card. And this is normally not possible. So most companies using one chat key this one fits all. And this chat key is possible for all sectors that are used by the company. But the My Fair standards allows you to put different sectors. So you can put up to 16 applications. Each application is using a different sector and each application could be protected by his own key. So the application for ticketing does not interfere with the application for access control or for paying your cafeteria. This is the main idea behind this My Fair application directory. Thank you. Yes, 16. Yes? No. Every card has a different unique ID. And this unique ID is used for authentication and for anti-collision. But the application that's run on top of the My Fair is normally used one chat key for the complete sector. It is true that some My Fair cards can use a desk. So I can use unique keys for the communication and they can change the key for the communication and for a secure channel. But to access to the sectors, they have one chat key. Okay? So if you have some additional questions, feel free and just send me a short email. My email address is lucaswithk at wheatwithph.de. Okay, and enjoy this evening.