RFID

March 11, 2013 (at 9:30 a.m.)

Enter the world of the NFC technology (Near Field Communication), focusing on high frequency RFID. Also, the low frequency band will be reviewed because of its well-known use in individual physical access to buildings. From the use of traditional NFC 13.56Mhz readers, their API and proprietary software, to Proxmark3 hardware, open source software (LibNFC), known attacks and other uses and practical ideas. Part of the course will focus on NXP Mifare Classic technology, used worldwide for micropayments, building physical security and public transport. At the end, we will discuss some case studies, using different methodologies and lessons learned related to Reverse and Social Engineering.

Course Content

What is true about RFID? What is NOT true about RFID? Real Life Examples?

RFID Hardware

LibNFC

Proxmark3

Low Frequency Tags

High Frequency Tags

Mifare Classic

Use Cases

Prior Required Skills

No prior RFID technology knowledge is required. It is desirable to have a minimum knowledge of C language – debugging, compiling, and running – (during the course OSX Mountain Lion and a Microsoft Windows XP VM will be used). The teacher will conduct the demos with the help of the audience, so it is not a requirement to bring any laptop or other equipment.

Nahuel Grisolía

Nahuel Grisolía is the Founder and CEO of Cinta Infinita, an Information Security company based in Buenos Aires, Argentina.He is specialized in (Web) Application Penetration Testing and Hardware Hacking. He loves playing with Arduino’s, ARM based hardware devices, Tamagotchis, Quadcopters, Lasers, etc. He has delivered trainings and talks in conferences around the world: BugCON (Mexico), H2HC (Brazil), Ekoparty (Argentina), OWASP events (Argentina), TROOPERS (Germany), PHDays (Russia), Ground Zero Summit (India), etc. He has discovered vulnerabilities in software from McAfee, VMWare, Manage Engine, Oracle, Websense, Google, Twitter and also in free software projects like Achievo, Cacti, OSSIM, Dolibarr and osTicket.

More Info at: