How Hackers Hacked the RFID

  • July 27, 2012

    The prototype of modern RFID tags is an identification friend or foe (IFF) system developed by the Naval Forces of the USA in 1937. It was used to identify aircrafts as friends or foes during World War II. Nowadays the radio-frequency identification technology is widely used in offices (employees access), trading (tags on goods), transporting (subway entrance), and a lot of other spheres. What will happen, if a hacker needs to 'bypass' an RFID lock? You can learn the answer from the overview of the competition Hack the RFID, taken place at Positive Hack Days 2012.

    The participants were to open stationary boxes (at least one of two) under locks controlled by RFID readers. The corresponding RFID tags were attached at a distance from the readers so that it was impossible to unlock the boxes directly with these tags.

    To access the box's content, the participants were to copy an RFID tag and open the corresponding lock. The distance between the contestant and the tag at the moment of cloning was of the decisive importance as well.

    Both low-frequency (125 kHz) and high-frequency (13.56 MHz) RFID tags were used in the course of the competition.

    The participants were not allowed:

    · to perform any actions aimed at disabling the locks controlled by RFID readers;

    · to attempt destroying the boxes;

    · to prevent other competitors from solving the task.

    The participants used their own software and hardware.

    To work with the low-frequency tags, the participants used very popular USB reader ACR-122U, duplicator KeyMaster PRO 4 RF and T5557-based rewritable tags.

    High-frequency identification was based on comparison of the zero sector of the card Mifare Classic 1K containing a unique factory-programmed RFID tag unavailable for writing by an end user. Not so long ago vendors from China developed and released specific tags, identical to Mifare, but allowing rewriting UID cards. Such a tag was used by one of the participants allowing him to open the lock with the high-frequency reader.

    Finally, both boxes were opened. Nikoly Chernykh and Victor Alyushin were the winners. Our congratulations!

    P.S. For sure Hack the RFID will be further developed at Positive Hack Days next year.

Back to the list