12

I have an acccess/entry card chip I want to copy for demonstrational purposes. However I am not sure how I can find out what type of RFID reader I need to get a hold of.

Does anyone have a suggestion how I can figure out what type of chip it is and thus what type of reader I need to be able to copy it?

Possible use cases:

  • Social engineering the business who owns the card or the card issuer (ex. G4S) and try find out the manufacturer is.
  • Oscilloscope - Read the frequency and get a reader with the same scope.
  • Dissolving the card (ex. with nail polish remover) and try find out who the manufacturer is by looking for clues on the chip or on the plastic.
AviD
  • 72,138
  • 22
  • 136
  • 218
Chris Dale
  • 16,119
  • 10
  • 56
  • 97
  • 2
    I would inspect the hardware used for reading the cards. You are almost sure to find a vendor and model number written on it. – Dog eat cat world Jul 12 '11 at 15:56
  • Though I understand your security-purpose, it does sound like this part of the task would be better asked elsewhere, no? RFID is not an inherently "security" technology... – AviD Jul 13 '11 at 20:08
  • @Avid, Maybe I could've put it here: http://electronics.stackexchange.com/ – Chris Dale Jul 13 '11 at 21:00

2 Answers2

7

You only need one RFID device, its the Proxmark3. There are many protocols and frequencies used by RFID and the Proxmark3 tries to support all of them. It is open source hardware and software and breaks every commercial RFID card I know of. The real problem with RFID is that you have a very limited power usage so you are forced to use weak crypto systems. Often times they rely upon security though obscurity, and the Proxmark3 is designed to overcome this.

Umur Kontacı
  • 150
  • 6
rook
  • 46,916
  • 10
  • 92
  • 181
  • It breaks even cards of Mifare DESFire line? – domen Oct 16 '14 at 09:14
  • @domen DESFire I think you mean "30YearOldFire", no one should be using DES for anything. – rook Oct 16 '14 at 14:37
  • Myeah, that's the state of NFC cards, and those are often used for access controls and for fare payments. Can you list some references for breaking DES3 on DESFire EV1/2? – domen Oct 17 '14 at 07:57
  • 1
    @domen If you aren't using a NIST approved algorithm then the protocol is already broken. If you search for "DESfire proxmark" I'm sure you will find more than one exploit. – rook Oct 17 '14 at 16:10
3

Might sound glib, but often a quick Google gives information on which companies use which card providers. I would always use this first if the company won't tell you before the test.

Have a look at Major Malfunction's extensive back catalogue of rfid presentations, as he discusses issues such as this.

Try http://www.google.co.uk/m/search?q=major+malfunction+rfid

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320