 So welcome to NFC hacking the easy way. My name is Eddie Lee. I'm finding a cold right now so I got a sore throat and if I start hacking or if you hear me sniffling, bear with me, please. Louder. All right. I'll get closer to the mic. All right. So I'm a researcher at Blackwing Intelligence. We recently rebranded ourselves from Praetorian Global. We're pretty small boutique security firm right now and we just relaunched our website this week. So it's at BlackwingHQ.com. We're always looking for interesting security projects so if you guys want to contact us and have us break stuff for you, feel free to contact us. So I'm also a member of Digital Revelation. We are a two-time DEF CON CTF championship team. We won one of the first black badges at DEF CON X. I don't know if DT remembers this or not but I think it was me that gave him the idea of giving free membership, lifetime membership to anyone with a black badge. So if anyone out there that has a black badge, you can thank me for that. And then finally, I am not an RFID or NFC expert. One of the reasons for me writing this tool is for me to actually learn about this stuff. If you want to talk about waveform analysis or ISO protocols and things like that, I'm not the person to talk to. So just a little primer information before we get started. So RFID, it operates in a broad range of frequencies from the low kilohertz range all the way to the high gigahertz range. NFC in particular, it runs in the 13.56 megahertz range. The applications that typically you find running in this spectrum are payment cards, library systems, e-passports, smart cards, things like that. Now the standard read distance range is about three to ten centimeters. Of course, there's been research out there where people have been able to increase the range. RFID works on magnetic induction so the reader will power a passive tag. So there actually is a finite distance probably in terms of a read distance. Probably limited to something about 50, 60 feet. I don't know. Other people have done research on that. There are a lot of new Android phones coming out with NFC. So NFC isn't as abundant over here in the U.S. but you can find it in places like Japan. It's a lot more common over there. Now RFID tag basically consists of a transceiver which is a transmitter and receiver, an antenna, and memory or a chip processor. So when you scan an RFID tag, it'll either spit out with memory or do some processing and then spit out some information. Now for this talk, the RFID tags that were interested in particular are the RFID tags that are in credit cards. Visa, MasterCard, all these credit card companies, they have their own proprietary name for the technology they use but really the underlying technology is all the same. It's the same basic RFID stuff. Some terminology here. Proximity coupling devices is another name just for credit card readers or RFID reader. The credit card one is in particular called point of sale terminals. I'll be randomly using these terms interchangeably throughout the talk. Now the communication protocol that's used to communicate between a credit card and a credit card reader is called the EMV standard. This is basically a MasterCard, EuroPay, Visa, they got together in Europe and decided they wanted to come up with a standard for smart credit cards. So this standard is used for both contact based chip and pin credit cards and RFID based credit cards. The protocol is based on ISO 14443 and 7816. The EMV books themselves are about 750 pages long. It's consists of four separate books. Book three is probably the most interesting one in terms of protocol. And then the technical term that's used for the communication that happens between the RFID tag and the reader is APDU. So they pass back basically these bite level commands and responses and those are called APDUs. Okay. So why create NFC proxy? Well, first and foremost it's because I'm lazy. I don't like to read specs and I didn't want to learn this EMV protocol by reading 750 pages or 150 pages of book three. So really I just wanted to get into NFC hacking and RFID hacking and I just wanted to jump in right away without reading the spec. So NFC proxy will have, so what it's designed to do is help with protocol analysis. So we're proxy communication between an RFID tag and a reader. So we're able to capture the communication, the bite level communication between those two devices. And you can go back after the fact after you scan something and look at the protocol. In doing the research for this project I realized there wasn't really all that much information out there in terms of Android and card emulation. We'll talk about that later. And in terms of abusing RFID enabled credit cards, there wasn't all that information out there either. We've known for years where it's pretty trivial to skim an RFID credit card. But to actually abuse the information after you skimmed it, there really aren't good tools out there to abuse that and to actually spend those credit cards. So hopefully in the spirit of freeing information and getting stuff out there, people will start using this tool and maybe they'll give the credit card companies an incentive to fix the stuff that's in my wallet. So previous work. So you guys here probably know a major malfunction in his work with RFID. It's basically a Swiss Army tool kit that allows you to explore RFID tags and devices and things like that. In particular, the script that would be pertinent to this stuff here would be the chip and pin, the CHAP.py script in his tool kit. Now there's Pablo's Holdman as well. He's just famous for having his Boing Boing video out there on the web where he's talking to a reporter and showing how easy it is to skim an RFID credit card just by tapping a reader to somebody's wallet. And then there's Eric Johansson's Pone Pass. This is basically the Python script that interfaces with a credit card reader and lets you read off that information through a serial port. And then Kristen Padgett. Kristen Padgett has done a lot of work in the RFID space. Most recently she presented that SMUCon and showed how after skimming an RFID credit card, she took that data and encoded it to a MagStrep card, basically a swipeable card, and used that swipeable card in a real transaction. And then there's all these tag readings and apps out there in the marketplace. They'll read random RFID tags. Though there really hasn't been credit card reading apps out there until recently. I think I saw a couple months ago that in the news there was a headline where they actually had a credit card reading app in the marketplace. So I guess it's relatively new. But really that type of thing is pretty trivial to do. Now, in order to use some of the scripts and software on that previous slide, here's some of the hardware that you would need. Contactless credit card reader, popular brands are VivoPay and Verifone. If you want to buy retail, they start probably around 150 bucks. You can get them off eBay for about 10 to 30 bucks if you find them at the right time. There aren't actually that many on eBay. You can get a card reader, like an Omni-key. There's a good list of different credit card readers on the RFID site. Then there's Proxmark. I've never actually used the Proxmark tool. But supposedly it's pretty sophisticated and allows you to do sniffing and things like that. But it's a little bit more expensive. And then the Magstrup encoder about 200 to 300 bucks. I've never used that myself either. So what exactly is NFC proxy? Well, it's an open source tool. It's a tool that I created to basically allow people to get into NFC and RFID and just try to figure out how that stuff works. So this tool should hopefully make it easy for you to start learning about the protocols and things like that that happen in between an RFID tag and a reader. And that's done through protocol analysis. The hardware that's required to use NFC proxy are two NFC capable phones. My favorite would be the Nexus S. You can get one relatively cheaply off eBay for about 70 to 90 bucks. There's the LG Optimus. If you're for some reason against getting a used phone, you can get an LG Optimus Elite that just came out. You can get one for 130 bucks without a contract. But that phone is relatively new and there's no custom ROMs for it. So you can only use that on one side of the NFC proxy tool. And it's really not that interesting. So I wouldn't recommend that phone if you want to use NFC proxy. The Nexus S is the one to get. And then Galaxy Nexus, Galaxy S, there's a lot of new phones that are coming out. You can go to that website to see if, to see any new phones that are available. So the software that's required, one phone can be just running stock Android. Either gingerbread, anything that supports NFC or ice cream sandwich and above. I've only tested on gingerbread and ice cream sandwich. Haven't tested jelly bean yet so I don't know how that's going to respond. It should work just fine though. And then at least one phone needs a specific build of signage in mod. Specifically signage in mod 9 and the nightly build between January 20th and March 22nd of this year. Okay. So you're probably wondering why do I need such a specific version of signage in mod. So if you take a look at this GitHub code commit, you'll see on January 20th Doug Yeager checking some code to signage in mod. It says added NFC reader support for two new tag types. I saw PCDA type A and type B. So what that did is it actually enabled the Android phone to detect a credit card reader. So out of the box the Android SDK doesn't allow you to, doesn't get provided a simple way or even, I don't know if it's even possible to do card emulation mode. So you can't detect a reader. You can't pretend to be a credit card out of the box. So Doug added some custom code to signage in mod to enable this card reading ability. However on February 25th you see there that AP, so the code that he added also included a Java API. And on February 25th that Java API was hidden. And if you wanted to write an app for it, it was much harder to kind of use that API. You could still work around it but basically it wasn't that straightforward. And all this stuff is found in the ice cream sandwich ICS branch of signage in mod. Then on March 22nd Doug submitted another commit which said enable Google wallet secure emulation. So Google wallet needs to detect a card reader as well, right? But the code that Doug submitted detects card readers in a different method that Google wallet does. And that was incompatible. So in enabling Google wallet secure element emulation he disabled his prior code commits. So that's why anything after March 22nd any version of signage in mod won't be able to detect a credit card reader. And that's in the NFC.APK package. Let me just step back a little bit though. So when I started to get into this project it was about beginning of February I figured oh I want to do some NFC research. So I bought the Nexus S off of eBay. And the first thing I did was root it and install the latest nightly build of signage in mod. So right away I had that code on my phone. But then I got busy with work and I put the phone down, didn't touch it at all. And then three months later I had some free time and this was sometime in May. I came back and I'm like okay let's start my NFC research. So one of the first things I did was to write a quick app to see what kind of RFID tags I could detect. I held the phone up to NFC card reader or to a credit card reader and it actually beeped. And then I'm like okay I can go ahead and start creating this NFC proxy tool that I had in mind. So when I wrote that app the type of tag that popped up on my phone was ISOPCDA. So I went and Google ISOPCDA trying to look for the API docs and things like that. But all I found was an obscure code commit into the code name Android signage in mod or the code name Android custom ROM which wasn't even in the signage in mod code tree. So it was pretty serendipitous in that I was able to get this stuff working on my phone and if I had installed the software any time outside of this one to two month window I wouldn't be here talking to you and presenting my stuff on NFC proxy. So all of my work relies on this underlying code. So all credit goes should go to Doug Yeager as well. So a lot of you guys that are out there that are familiar with NFC and card emulation and stuff like that. Here are the actual code commits for the stuff that Doug submitted. The first one is basically the Java API frameworks.jar. The second one is in the native library. This is all the C code and stuff like that. Basically lib NFC and most of that was contributed by the company NXP. And then the NFC service. This is basically NFC.APK. So if you want to see how Doug actually implemented his card emulation stuff you can take a look at these code commits. Now if you want the latest signage in mod code and you're willing to build your own custom ROM you can just revert this last commit right here and recompile everything and you should be able to have ISOPCDA tag support. If you're not willing to do compile your own custom ROM you can check out the goo.im site that's basically a repository for old nightly builds of signage in mod. That one here is specifically for the NXSS. All right. So here is a picture of NFC architecture. At least conceptually I don't necessarily know if this is entirely accurate. From my understanding it looks something like this. So you have the host which is basically the Android phone OS and hardware. The way that Google wallet works is it communicates with a secure element and the secure element supposedly encrypts all your account information and then the secure element communicates directly with the credit card reader. And the host never actually needs to see the credit card information. So what Doug's code does I believe it follows the green path here and uses the host controller interface to actually communicate directly with the NSC chip and communicate with the reader. So in doing so we're able to capture the entire byte level transaction between NFC phone and reader. So here is just a pretty basic example of how an RFID transaction will work with a credit card. You have a credit card, communicates over RFID between the reader. The reader sends an APDU to the credit card. The credit card responds and this goes back and forth a few times. So what NFC proxy allows you to do is it allows you to proxy that transaction. It allows you to save that transaction. It allows you to export that transaction. You can replay all of the requests that the PCD made and then you can replay all of the responses that the credit card gave. Now that feature requires that special signage code. One thing to note, if you're saving and exporting data none of that stuff is encrypted so store credit card information at your own risk. So right away what this tool allows you to do is it allows you to query RFID tags without needing to know the right APDU. So as a new getting into RFID all you need to do is have a reader and a tag and you're able to kind of do a reverse engineer the protocol and figure out what's going on by looking at the transaction after it's been stored. So replaying is easy. That's why I think this is the easy way of getting into NFC. So here is a visual representation of how NFC proxy works in the proxy mode. So we have a phone on the left here and a credit card that communicates via NFC and then over and then it communicates with the other phone via Wi-Fi or IP if you could set it up somehow. And then that phone what you do is swipe it across the reader and the reader will start sending an APDU back through the chain. So it sends an APDU to the phones, a phone is forwarded to the credit card. The credit card forwards it back in like fashion and it goes back to the reader. Pretty simple, straightforward stuff. I think everyone here at DEF CON is pretty familiar with what a proxy is and this is pretty standard stuff. So what this, what proxying allows you to do is it allows you to do protocol analysis because we're sitting in between the transaction we can record all that stuff and then go back after the fact and look at that, look at all the bite level, bites that were sent between the reader and the card. And what this also facilitates is immediate skim and use. So if you set this up properly you can take a phone, put it next to someone's credit card and then somewhere, across the world even, if the phones are communicating over IP, you can take that phone and swipe it across the reader and you'll be able to skim their credit card. Completely just right over IP in another part of the world. So just some terminology before going on. The phone on the left that sits on the credit card, I call that a phone in relay mode. I say that's in relay mode. The phone on the right I say that is in proxy mode and that's the phone that needs the Synergy Mod code because it needs to detect the credit card reader. Alright so start up mode. So when you start up the NFC proxy for the first time it'll ask you which mode you want to be in. You can choose either relay mode or proxy mode. In relay mode again you place the phone next to a credit card and what that phone does it opens up a network socket and waits for a connection from the proxy. So with a proxy phone you take that and swipe it across the reader and what that does is it forwards all the APDs from the reader to the relay phone. All of the transactions, all of those APDs are displayed on the screen of the proxy mode phone. If you long click on those transactions you can actually export, save, replay and delete those transactions. Now by default the communication between the two phones is encrypted so if you're on an unencrypted wireless network for some reason you'll be somewhat safe there. However when you're encrypting communications it slows down the transaction between the entire NFC transaction. So you can disable that. I typically disable that because I run on a private encrypted Wi-Fi network. So if you disable encryption it will speed up the transaction but you'll also lose authentication so that phone that's running in relay mode anyone can connect to it and query that credit card. So replay mode. So replay mode doesn't require that whole proxy setup. So if you want to replay a PCD and you have a store transaction on the phone you can just take all those APDs and replay them against a credit card. So if you have all of those APD requests that are needed to query a credit card you just replay that next to a credit card and you'll get all the credit card data out of the RFID enabled credit card. Again nothing special going on here. This is what would be called skimming mode. It's been known for several years that you can skim RFID credit cards easily. Hopefully in the future I can add a special RFID or a special skimming mode that allows you to skim credit cards without needing to replay specific transactions. That's because when you actually scan different credit card types, Visa, Mastercard, Amex Discover, they'll elicit different responses from the credit card reader. So if you replay the PCD responses or requests from a Visa scan they won't work against a Mastercard. You won't be able to extract the credit card information from a Mastercard. Now there's Tag Replay mode. This is probably the most exciting feature of the tool. This is also called spending mode. So you take the phone, you swipe it across to a reader and basically you can start spending someone's credit card. You use it just the same way you use Google Wallet. This one again is the phone that requires a signage and lock code. So you can use this basically as a virtual wallet. So if you scan your own credit card several times you can use your own credit card and replay it at a real live point of sale terminal. However there's one caveat though. Every time you scan a credit card that credit card has an internal counter and every time you scan a credit card that counter plus a couple random bytes of data will be sent along to the reader and then the reader will forward that information to the central processing station, whatever that's called, whoever processes the credit cards. And they keep track of that counter. So if that central processing station ever sees a counter that's lower, less than or equal to a counter that's already seen, it's going to lock your credit card. So if you're skimming credit cards you need to replay them in the order in which they were scanned. Personally I've tested the replay of credit cards at live point of sale terminals. I've tested Visa and MasterCard. I haven't tested the Discover or Amex but I think they should work. Just a word about NFC antennas before moving on. The different phones respond differently and they'll read NFC tags differently. The antenna on the Galaxy Nexus is just pure shit. It takes ten minutes or so or five to ten minutes for me to get it to read the credit card depending on the credit card type as well. So I would not recommend the Galaxy Nexus for this tool. The Nexus S is actually pretty good. The Optimus Elite is good as well. So you may try a bunch of different phones and try to figure out which phone works best for you. So this brings me to the next point. NFC proxy or communication is often incomplete. So when you're using this tool or if you've ever used the NFC feature on your phone to try to scan a tag, you'll find out that you'll get a lot of partial transactions. So all you need to do is just kind of take the phone and try to re-scan the tag or try to get the reader to re-acquire your credit card or your phone. So here's a screenshot of the actual tool. What we have here is the data tab, the status tab and the save tab. The data tab basically contains all your live transactions. All those hex bytes you see there are the actual APD used that were sent from the tag to the PCD and the responses from the PCD and stuff like that. At the bottom there, there's a human readable format of the credit card information. That human readable format is kind of a hack in the tool right now so if it's not working for your credit card, don't worry, it's just a visual representation. The replay stuff should work decently well. So this contains things like the service code and ICDV. So the service code basically tells, indicates how the credit card can be used, can it be used internationally, does it require a pin, stuff like that. The ICDV basically, so on the back of your credit card there is a CVV and that's a fixed CVV number. When you scan with RFID-enabled credit cards, you'll get a dynamic CVV. So basically in this case for this Visa card, it will consist of the counter which is the last two bytes there and the first two bytes are just random bytes. It's probably only a thousand decimal worth of random data though. It's not all that random. If you want to learn more about the actual communication protocols between credit cards and readers, you can check out the EMV Book 3 specifically. RFID also that you can check out the chip and pin script and you can check out HomePass to see how that kind of APDs are used to query credit card readers. If you want to check out more, find out more information about the service code and ICDV, you can check out ISO 7813 2006 or you can check out the blog at Open Security Research. I think that's sponsored by Found Stone. That has some good information on the service code as well. So let's take a look at it in action. Let's see a demo. It's part of this relies on Wi-Fi so it may not work if someone's messing with my Wi-Fi. So bear with me. Start up NFC proxy here. So the first thing I'm going to show you is the replay mode. So if I go to the Save tab, I can see there's actually a bunch of built in card reader transactions. So I'm going to select the VivoPay 4000 MasterCard transaction right here. Just click on it. And then at the top there you'll see that there's a P. And that indicates that we're in PCD replay mode. So now the phone is pretending that it's going to be a credit card reader. So if I take my credit card and I hold it near the phone, hopefully it'll read the information right off of it. So as you can see, it's all the same information you saw on that slide before, name, car holder, etc. The stuff at the bottom, the CVV Track 3 stuff, that is MasterCard specific. So now, so what I've just done now is I've skimmed someone's credit card. As you saw, it was really easy. So I mean, so that's pretty trivial. Everyone, like that's been done before. So now let's take a look at how you can actually abuse that information. So if I long click on this transaction, okay, and then I select Replay Tag. You'll see at the top here now it says T. This indicates we're in tag replay mode. So we're going to replay the actual credit card for this reader now. So everyone, if you look up front here, hopefully this will, the LEDs on this reader will light up and it'll beep. There. So now I've just skimmed and thank you. So I've just skimmed and abused and spent someone's credit card within a couple minutes right there. So it's really simple to do. And all I'm doing is replaying transactions. I don't need to know the protocol whatsoever. However, if I want to learn about the protocol, I can go back and look at the actual bytes here and you can export all this stuff to a file or the local database for later analysis. So let's set this up now in replay mode. So let's say you come across a reader or a credit card type that doesn't quite work for you. The built in transactions aren't working for you. You can't skim a credit card. So what you want to do is set up your phones in relay mode. So you take the relay phone and you put it on the credit card. It detects the credit card. Really nothing much goes on on that phone. And then we put the, let me exit out of here. And we go back and we take the phone. Well, hopefully my, let me double check my network communication is working. Yeah, good thing at you. Oh, there we go. So now if we take the phone and place it near the reader, not connected. So we lost connection there. There we go. So it beeped. So if we go back to the actual data screen, we'll see that we got the transaction. So basically that transaction was proxy through Wi-Fi and it saved to the screen here. So all the data that's on the screen here, this is transitory. If you hit the back button, the data disappears. You need to actually explicitly save this data to database or file in order for you to keep it around. So let me just show you some more features. Again, if you long click on the transaction, you'll see that you can delete, save, or export the files. Again, saving this stuff is not encrypted. So save credit card information at your own risk. Let's see. There's some settings that you can take a look at. So you can choose relay mode. You'll need to set the IP of the relay phone, set the port, password. So you'll, to use encryption, you need to set a password on both phones. You can keep the screen on and debug logging. So debug logging will actually log credit card numbers to the log cat feature of Android. So just be aware of that as well. Okay. So what's next? Well, hopefully I can turn this into a generic framework. And this will work with other technologies, not just credit cards. Hopefully it can work with other things like metro payment systems, like the clipper card in the bay area, or access cards and other cards like RFID and technology like that. So in the RFID space, there's actually not much standardization between verticals. So access cards and payment systems versus metro systems, they'll use different communication protocols, which really means, which means that a tool like NFC proxy would be really useful in being able to analyze the different protocols if you don't have access to the specs. And also, hopefully I can add pluggable modules in the future. Because we are being a proxy, we're sitting in the middle and it might be possible to launch men in the middle of the tax. And again, since we are in the middle, it should facilitate protocol fuzzing. It should make it pretty easy to do protocol fuzzing. And it is now available for download and contribution. You can find it at SourceForge. I believe it's public right now, and you should be able to download the code and install it on your phones. Though, again, you will need the signage in mod to do tag replay. And, oh, that went quick. So I am done. Any questions? No, so the question was, can I read Google Wallet credit cards? So Google Wallet, when you put place to Android phones together, they actually go into peer-to-peer mode. So that is actually right now with the code that Doug Yeager submitted. It doesn't detect that as a reader or credit card. They won't detect each other correctly, right?