Brought to you by the Chaos Computer Club. Listed for informational and research purposes only.

RFID hacking

A Hacker's Toolkit for RFID Emulation and Jamming

OpenPCD / OpenPICC

RFID - overview of protocols, librfid implementation and passive sniffing

For complete list click here.




  1. Likes2LOL says:

    If ignorance is bliss, I know too much.

    From Katherine Albrecht’s http://www.spychips.com/

    Includes IBM’s patent application, “Identification and Tracking of Persons Using RFID-Tagged Items”

    Abstract
    “A method and system for identifying and tracking persons using RFID-tagged items carried on the persons. Previous purchase records for each person who shops at a retail store are collected by POS terminals and stored in a transaction database. When a person carrying or wearing items having RFID tags enters the store or other designated area, a RFID tag scanner located therein scans the RFID tags on that person and reads the RFID tag information. The RFID tag information collected from the person is correlated with transaction records stored in the transaction database according to known correlation algorithms. Based on the results of the correlation, the exact identity of the person or certain characteristics about the person can be determined. This information is used to monitor the movement of the person through the store or other areas.”

  2. LDA says:

    Re: #1 Likes2LOL

    If only IBM had these 70 years ago they would not have needed those clunky punch cards in the camps.

  3. Universal says:

    haha great next time i hope people turning their nose up when i give a link to chaos communication conference.

    i seem to remember a lighting talk about rfid too.

    Also check out Cambridge talks at 25 and 26 c3 all about the flaws in epvm payment systems.

    the titles are

    26c3 Optimised to fail
    25c3 Security Failures in Smart Card Payment Systems

    about a hour long each good stuff too

  4. GregAllen says:

    I clicked on several of the links and lost patience. WAY too geeky for me before my first cup of coffee.

    My guess is that a lead-lined film bag would probably block RFID.

  5. RSweeney says:

    This is why the EPC standard for tagging retail items has an explicit KILL command so that consumers can either opt in or opt out of being tracked by their tagged purchases.

    Identification of consumers by businesses is not a bad thing, as long as it’s by consent and the control is in the hands of the consumer.

  6. RSweeney says:

    GregAllen… As for shielding… aluminum foil is your best bet for home use. Lead is for ionizing radiation.

    Conductivity is the killer of far-field RF.

  7. GregAllen says:

    RSweeny,

    Thanks for the tip. My understanding of radio frequency is fairly rudimentary but I think I understand your point.

    I remember learning that the sheet metal of the roof of your car is good protection from high RF from your ham antenna because it dissipates it.

    Good to know. if my charge cards or driver’s license start coming with RDIF, I’ll get an aluminium foil wallet. (seriously! Sounds like an entrepreneurial opportunity.)

    On another point — is RDIF directional?

    The ones I see are so flat, it seems like they would be highly directional and maybe you could beat the scanners by holding them the right direction. (not that I shoplift, I don’t and never have.)

  8. The DON says:

    #5
    “Identification of consumers by businesses is not a bad thing, as long as it’s by consent and the control is in the hands of the consumer.”

    Have you tried running a browser without scripting and denying cookies?
    We all have the option to opt out. If the option were to opt in as a default, then we wouldn’t have the problems we have now.

    Paranoia is a wonderful thing, just damned inconvenient.

    P.S. not a flame at you personally, just that I feel the difference between opt in and opt out is of paramount importance.


0

Bad Behavior has blocked 10609 access attempts in the last 7 days.