Close enough? Prox Cards 101 - DerbyCon2012
39
Prox Cards 101 Stephen Heath (@dilisnya) DerbyCon 2012
-
Upload
dilisnya -
Category
Technology
-
view
815 -
download
2
description
Talk by Stephen Heath (@dilisnya) from the DerbyCon2012 Wireless Village. I make no claims on copyright on the images contained within.
Transcript of Close enough? Prox Cards 101 - DerbyCon2012
Prox Cards 101
Stephen Heath (@dilisnya) DerbyCon 2012
About me…
Stephen Heath Director of Security Services Intrinium Networks / IT Security Twitter: @dilisnya
• The Basics of Access Control
• Legacy
• 125 kHz Proximity
• Demo Proxmark3
• 13.56 MHz (iClass, MiFARE)
• Attacks elsewhere…
30,000 foot view…
Courtesy of Google maps
Whoa!
Wiegand Cards
Data One
Data Zero
0-255 0-65535
125kHz Proximity Cards
125kHz Proximity Cards
Swiping Proximity Cards…
James Bond © MGM
Location, location, location…
Hiding the antenna…
Choosing a target…
42%
33%
11%
10%
4%
82%
11%
7%
The moral?
Sniff a dude’s ass…
13.56 MHz Smart Cards
Challenge
Response
Encrypted data
Wire attacks
• Gecko • Zac Franken • DefCon 15 (2007)
• Arduino-based Wiegand attacks • Brad Antoniewicz • ShmooCon 2012
• MIFARE Classic 1K
• Crypto-1 broken
• HID iClass “Standard Security Mode”
• Shared crypto key
Still card flaws…
Easy stuff…
Easier stuff …
• Brad Antoniewicz of Foundstone
• “Attacking Proximity Access Card Systems” (ShmooCon 2012)
• ProxBrute
• http://nosedookie.blogspot.com
• OpenPCD.org
• HID iClass Demystified
• Zac Franken
• Physical Access Control Systems: Are you protected by two screws and a plastic cover?
• N00bz and the rest of the wireless village team!
Acknowledgements…
Stephen Heath (@dilisnya)
