RFID / NFC Workshop for fun (and profit?;)

March 18, 2014 (at 9 a.m.)

Enter the world of the RFID technology (Radio Freq. ID), focusing on high frequency NFC standard. Also, the low frequency band will be reviewed because of its well-known use in individual physical access to buildings. From the use of traditional NFC 13.56Mhz readers, their API and proprietary software, to Proxmark3 hardware, open source software (LibNFC), known attacks and other uses and practical ideas. Part of the course will focus on NXP Mifare Classic technology and hacks, some of them very well known but not many others. Just if you don’t know, Mifare Classic is widely used for micropayments, building physical security and public transport in many countries and cities around the world. We will also learn to use the Arduino platform to manage both Low and Hi frequency cards and tokens. At the end, we will discuss some case studies, using different methodologies and lessons learned related to Reverse and Social Engineering.

Course Content

Real Life Examples?

RFID Hardware

LibNFC

Proxmark3

Low Frequency Tags

High Frequency Tags

Use Cases

OK, cool but I want to buy EVERYTHING…

Prior Required Skills

No prior RFID technology knowledge is required. It is desirable to have a minimum knowledge of C language – debugging, compiling, and running – (during the course we will use OSX, Microsoft Windows XP VM and a Kali Linux Distro). The teacher will conduct the demos with the help of the audience, so it is not a requirement to bring any laptop or other equipment. The attendees may bring their laptops and a compiled version of the latest LibNFC toolset or an updated Kali Linux to play with the teacher’s equipment. Any RFID / NFC card or device is very welcome to try some hacks on/with them.

Target Audience

The class is perfect for those seeking to enter the Radio Frequency Identification and NFC field, as well as those seeking to develop the skills and experience needed to understand the inner workings of some devices and cards or tokens using this technology and, of course, deal with them during an assessment or research. It will provide you with all the tools for further study.

Level

Serving to Introduce. Beginner to Intermediate.

Nahuel Grisolía

Nahuel Grisolía is the Founder and CEO of Cinta Infinita, an Information Security company based in Buenos Aires, Argentina.He is specialized in (Web) Application Penetration Testing and Hardware Hacking. He loves playing with Arduino’s, ARM based hardware devices, Tamagotchis, Quadcopters, Lasers, etc. He has delivered trainings and talks in conferences around the world: BugCON (Mexico), H2HC (Brazil), Ekoparty (Argentina), OWASP events (Argentina), TROOPERS (Germany), PHDays (Russia), Ground Zero Summit (India), etc. He has discovered vulnerabilities in software from McAfee, VMWare, Manage Engine, Oracle, Websense, Google, Twitter and also in free software projects like Achievo, Cacti, OSSIM, Dolibarr and osTicket.

More Info at: