iClass Is Not Enough

Hacking iClass for Fun, Door-Entry and a Free Lunch.  iClass has been broken in the public domain since approximately 2010 when Meriac published his findings at the 27th CCC in Berlin with the Heart of Darkness White-paper.  But why does there appear to be limited support for hacking these cards within the community? The cards have been in the industry since 2001, boasting stronger security then the original Mifare.  Since…

RFID Wallets/Sleeves. How much Security do they provide?

With the increasing amount of RFID technology creeping into everyday life.  Just how much data can be obtained from your wallet?  At Pentura we undertook a small experiment where using standard off-the-shelf products, we would attempt to obtain personal information leaked from RFID enabled devices: UK Passport UK Bank Cards Debit/Credit Access Control Tokens Our experiment used standard unmodified off-the-shelf RFID equipment: 13.56MHz ACR-122U Reader Proxmark3 with LF antenna Proxmark3…

Proxmark3 Client Native on Android | InteliSecure

Proxmark3 Client Native on Android A member of the Proxmark3 community known as Asper has managed to cross-compile the proxmark3 client for the Android platform.  Depending on the model of your phone (it needs to be rooted), and so long as you have (or can install) the cdc-acm kernel module.  This eliminates the need for custom ROMs or even a chrooted environment (such as a chrooted Kali install). You can…

Proxmark3 RFID Hacking / Research | Access Control Part 3

Introduction Or rather miniature guns, that pack a powerful punch… Our previous posting on Access Control Part 2: Mifare Attacks, we demonstrated a weakness in some Mifare implementations. Our previous attack relied on the use of a single default key, and using the nested attack to eventually recover all keys for the card.  Additionally, we used a rather cheap and affordable ACR-122U reader that costs approximately $40(USD), and the attack process…