Posted on by Baab

Another RFID reader on the way

Since I had success with both commercial and maker-level LF RFID readers, i decided to move forward in time another decade, and picked up a HID RP40 multiclass reader.

I’m still in the learning process with HF RFID, so bear with me in this little logic exercise, if you please…

  1. LF RFID is terrible because it’s just a tag ID and is easily cloned.
  2. HF RFID (MIFARE etc) offer enhanced security because it adds the capability of generating a nonce, and I won’t go into further detail here because math… In short, you can write the UID of a tag to a UID-writable tag and the UID will present, but it won’t generate that nonce, so depending on the security application, it may or may not be more secure.
  3. I have found at least one person providing a DIY HF RFID reading app for Arduino that simply validates the UID against a database. This defeats the entire purpose of the enhanced security of MIFARE-type tag protocols, and renders. It’s the equivalent of me being able to withdraw money from your checking account just by knowing your name.
  4. That said, the pm3 with Iceman’s firmware can quickly crack the passwords and dump tag data. The pm3 can also copy that dumped data to a “magic Chinese backdoor” tag and then set the tag to the same UID. At that point, the copied tag seems to read the same as the original. I’d love to test that, but until my next hotel stay, I don’t have access to test that copied tag against an HF reader in situ.
  5. If #4 is correct, given ~15 seconds of proximity to a users badge or fob, I can have a working cloned copy of it, rendering the HF tag literally no more secure than the UID-only LF tag.

I have pretty strong confidence that this will work after reading the following article, and I find the conclusion rather titillating. “While card cloning is a serious security risk, the main problem is not reading or copying the card itself, but being able to reverse engineer the card contents, which could lead to us making a “master key” that opens all the doors in a building.” By the way, I apologize for linking to a medium.com article. I hate everyone that implements paywalls in any form, even though theirs doesn’t kick in until after you’ve read a few articles.

https://medium.com/exc3l/cracking-mifare-classic-cards-with-proxmark3-e42121cd968b