14

I would like to get more knowledge around RFID-systems auditing.

Does anyone have a basic guide step-by-step which I can use to set up a lab with proper RFID "sniffing" equipment?

I would like to know:

  • What equipment I need and where to get it (ebay and so on)
  • What software I need and where to get it (websites, books and so on)

The reason for this RFID auditing is that I'm getting more and more paranoid about all the chips in my home, car and wallet. I would like to look into them, and see what they are all about.

Jeff Ferland
  • 38,090
  • 9
  • 93
  • 171
Chris Dale
  • 16,119
  • 10
  • 56
  • 97

5 Answers5

6

Have a look at Major Malfunction's (Adam Laurie) work in this area:

http://hackaday.com/2007/03/25/rfidiot-rfid-io-tools/

http://www.youtube.com/watch?v=3vAvesYoHeo

and many others - good fun stuff, not too expensive to get started

edit: Just spotted this post on Proxclone that you might also be interested in

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
5

The inherent problem I see is that different RFID tags respond to different frequency interrogators.

In other words, my work RFID tag needs a different reader than my car key.

I am unsure if there is a one-size fits all reader, but some places sell kits for tinkering, which may be insightful:

What I'm finding so far is that it seems most RFID tags only carry an ID, or serial number if you will, and nothing more.

Here's an interesting resource:

http://www.ioncannon.net/programming/551/rfid-reader-writer-usb-prototyping-kit/

I have never tinkered with RFID, but I do find it fascinating. +1 for the great question, and I'll add it as a favorite so I can follow the details and findings!

Purge
  • 1,996
  • 2
  • 14
  • 26
4

Once you have a reader, you can get a reading framework here :

www.rfidiot.org

This python framework was created by Adam Laurie and is compatible with most of the readers.

With this framework, you will be able to read most of the tags. For some of the tags, it is possible to carry various attacks on the tags itself.

Nicolas NOEL
  • 292
  • 1
  • 6
2

The steps depend on your goals. If your only goal is paranoia, then there are two big problems with your approach:

  1. You are worried about a very low probability attack vector. Your cell phone, credit card purchases, and online browsing are far more of a threat and much more valuable.
  2. All of the low cost kits people have been linking to are the frequency ranges with the least amount of range (inches). UHF RFID readers (915MHz) range will cost you. UHF EPC tags can be read at 30 feet in good conditions and FCC spec. If you violate FCC you can get a lot more range.
  3. Distance and simple faraday cages (tinfoil) easily defeat remote snooping. Jamming used to be the biggest problem (2004-2008), so if you are really concerned overkill would be to blast out noise in the 915 MHz range. Backscatter radiation from the tags is extremely low power.

That all assumes passive RFID and not active like EasyPass.

Links

Disclaimer: Years ago I was connected to the company in the links below. They just got acquired (asset sale) and unfortunately my fully vested shares are worthless. I get nothing for promoting them, but there are a number of informative pages and since I'm out of date they are all I know.

Bradley Kreider
  • 6,152
  • 2
  • 23
  • 36
1

There is an open hardware project called OpenPCD which has build an RFID Reader for some RFID standards. ( http://www.openpcd.org/)

They also had a shop where they were selling the reader, empty PCBs etc. but it seems to be temporarily shutdown. Maybe you can mail them and ask if they are currently selling stuff.

Even if you are not interested in the project: The page contains a nice introduction video to RFID.

free_easy
  • 169
  • 1
  • 4