The workshop covers RFID from the Low Frequency band (mainly used for individual physical access to buildings, garages, hotels, etc.) to the High Frequency band, where NFC is the main term we are going to discuss about. We will provide you with all the tools, materials and references for further study and research.
You will understand which type of access cards can be emulated or even cloned; then we are going to use traditional NFC USB readers, we will compile and execute the famous LibNFC, and play with some special hardware like the Proxmark3 and HydraNFC. Arduino examples will be shown to deal with both Low and High frequency cards and tokens. You will learn how to deal with the most common LF and HF transponders.
HID iClass vulnerabilities will be discussed as well as the NXP MIFARE Classic (and Plus) technology along with its public hacks.
We will also discuss some case studies, practical hacks and lessons learned from working systems the can be found in the wild, including ePassports, RFID Toys, Credit Cards and Host-based Card Emulation.
No prior RFID / NFC technology knowledge is required. We will start from the very beginning.
It is desirable to have a minimum knowledge of C language – debugging, compiling, and running.
The speakers will conduct all the demos (yup! real hardware) with the help of the audience, so it is not a requirement to bring any laptop or other equipment. However, the attendees are encouraged to bring their laptops and a compiled version of the latest LibNFC toolset or an updated Kali Linux to play with the teacher’s equipment.
Any RFID / NFC transponder or device is very welcome to share experiences and try some hacks on/with them.
This class is perfect for information security enthusiasts and professionals, seeking to enter the Radio Frequency Identification + NFC world. Penetration Testers running Physical access engagements will love this intro course.
From Beginners to Intermediate.
Nahuel Grisolía is the Founder and CEO of Cinta Infinita, an Information Security company based in Buenos Aires, Argentina.He is specialized in (Web) Application Penetration Testing and Hardware Hacking. He loves playing with Arduino’s, ARM based hardware devices, Tamagotchis, Quadcopters, Lasers, etc. He has delivered trainings and talks in conferences around the world: BugCON (Mexico), H2HC (Brazil), Ekoparty (Argentina), OWASP events (Argentina), TROOPERS (Germany), PHDays (Russia), Ground Zero Summit (India), etc. He has discovered vulnerabilities in software from McAfee, VMWare, Manage Engine, Oracle, Websense, Google, Twitter and also in free software projects like Achievo, Cacti, OSSIM, Dolibarr and osTicket.
More Info at:
Philippe Teuwen (@doegox) is Security Researcher at Quarkslab, France. He's one of the libnfc maintainers and gave about 16 workshops on RFID & NFC security and privacy issues at Troopers, Hack.lu, Brucon, RFIDsec, Hackito Ergo Sum, RMLL, etc. along with talks on other security topics such as Wi-Fi Protected Setup, EMV-CAP for eBanking, eVoting, reverse-engineering, Smartcard fault injection simulation, White-Box cryptanalysis etc. He's in the editorial team of the International Journal of PoC||GTFO and loves playing CTFs.