Announcement

**theprez98** · October 3, 2009, 07:53

Re: Learning about RFID

Holy run-on sentences Batman!

**Thorn** · October 3, 2009, 08:50

Re: Learning about RFID

Originally posted by lunchb0x View Post

... from what I could get out of the Abloy sales reps was that Cliq can use different levels of Mifare encryption but for some reason we are going to be using the less secure one for our locks, ...

In most cases, it amounts to how much encrypting/computing power can be stuffed into a tag. For example, Ford ignition keys have a built-in TI tag, with 40-bit encryption. The TI encryption was broken in the lab by a team from Johns Hopkins a few years back, but as far as we know the exploit hasn't been used in the wild.

Originally posted by lunchb0x View Post

... I am thinking about getting the book RFID Security as it looks like it would give be a goos baisic understanding on it ...

<blatant plug by the author>

Yeah, you should definitely by that book!

</blatant plug by the author>

Originally posted by lunchb0x;109355... also I would like to build my own sniffer like [URL="http://www.openpcd.org/rfiddump.0.html"

this one[/URL] as it looks like I would be able to try it on the Salto tags.

So what I want to know is will this be a good way to get a better understanding on RFID tags and better ways to protect uses from getting their cards sniffed such as using RFID shielding wallets and card holders.

It looks like that device would require you to make you own PCB, obtain the components, construct it, and then interface it to some sort of processor. (Plus, it also has been depreciated.) That's fine if your that much of a hardcore hardware guy, but if you're not and you just want to learn the basics, Parallax makes a nice little RFID reader for $43USD, that can be used for basic experiments. (Besides, it was designed by our very own Joe Grand/Kingpin. So it's just, uh, grand!

)

The Parallax unit may or may not read the Salto tags. It's 13.56Mhz, but what tags are read by what reader depends on which standards and encryption methods are used by both the reader and the tags.

I've built prototype and demonstration reader stations using the Parallax RFID reader in less than an hour. You will still need to deal with some hardware, as you need to attach it to a processor of some type, and the Parallax Basic Stamp II works well. However, it would a be a step up from all the work of a custom PCB and construction of the sniffer, and this would help you learn the basics of things like RF shielding.

**renderman** · October 3, 2009, 16:16

Re: Learning about RFID

For the most part RFID failing is due to the implementation rather than the technology itself. Most of the practical attacks I've seen against the 'blended' locks (electronics mixed with mechanical locks like the Cliq) are where they figure because it's got electronics it's better.

Obligatory Muppet Labs video to illustrate: http://www.youtube.com/watch?v=L-bYwopBnXA

I remember the WinkHaus Blue chip lock from a few years ago that was defeated by a big ass magnet because the pin that kept the bolt from retracting was free floating and could be sucked out of the way by a $50 magnet.

I agree with Thorn, get the book (blatent plug since I'm and author too) as well as some simple gear to understand the technology. Also look at rfidiot.org, Major Malfunction has some amazingly cool readers if you want to start programming your own systems and playing with higher level chips with crypto and the such.

Render

**lunchb0x** · October 5, 2009, 05:37

Re: Learning about RFID

Thanks for the suggestions, I ordered the book so I should have that in a couple of weeks now which is something I have been meaning to do for a while now. As for the reader the one from Parallax only ready and I would like to be able to write aswell though I do think that I am aiming a little to high to early wanting to get the one I posted so I will look into the read only one till I can atleast understand what it is I'm looking at.

Thanks again, can't wait till the book arrives.

**starski** · October 27, 2009, 21:11

Re: Learning about RFID

the government here in the Philippines were tried to implement RFID System for every vehicle in the whole archipelago, ofcourse their are oppositions for that. mainly those in the far left and those people who tested it from other nations. the one they want to use is not fool proof and can be made by everyone who has passion for radio frequencies..

**AgentDarkApple** · October 28, 2009, 08:43

Re: Learning about RFID

I have a couple questions about RFID - is it true that you can disable the RFID chip in a passport, and if you do (without it being obvious), is the passport still valid?

**Thorn** · October 28, 2009, 09:19

Re: Learning about RFID

Originally posted by AgentDarkApple View Post

I have a couple questions about RFID - is it true that you can disable the RFID chip in a passport,

Yes. You can EMP it with a microwave. 10-30 seconds on high should do it. As to whether this is legal or not, I will leave you to the advice of your attorney.

There are also some reports that just sitting down on a hard surface with the passport in a back pocket will do it.

Originally posted by AgentDarkApple View Post

and if you do (without it being obvious), is the passport still valid?

Technically, yes. The name, ID number, DOB, picture,, etc. are all still within the passport itself, it would just no longer respond to a query by the ICE agent's reader. Having said that, said ICE officer may feel that you -as the holder of a passport which is dead to the reader- are worthy of further examination and may require anything from a couple of extra questions to a full body cavity search. Remember, as the RFID passports become the norm, those who stand out from that norm will be those who are seen as needing further review. This is one of my problems with RFID in ID papers or any sort, but it has more to do with officer training and human nature than the purely technical discussion. Suffice to say, if you want to make a small statement about your government and are willing to put up with the possible inconvenience, this may work for you. Ditto, if you have fears pertaining to possible identity theft.

On the other hand, if you're planning to do something illegal at a border crossing, then understand that you'll stand out like the proverbial sore thumb.

**AgentDarkApple** · October 28, 2009, 10:26

Re: Learning about RFID

Thorn, thanks. Lol I'm not up to anything illegal. It's actually a safety concern because of some of my family connections. I just don't trust random people at the airport (or even some airport employees).

**Thorn** · October 28, 2009, 10:39

Re: Learning about RFID

Originally posted by AgentDarkApple View Post

Thorn, thanks. Lol I'm not up to anything illegal. It's actually a safety concern because of some of my family connections. I just don't trust random people at the airport (or even some airport employees).

Believe me, I understand.

Don't forget, there are RF-shielded passport wallets available for purchase. A wrap of aluminum foil will also work as an RF shield, as will a Mylar-coated anti-static bag; those are the kind of bag that HDs and other PC components are in when shipped.

**renderman** · October 28, 2009, 13:36

Re: Learning about RFID

Originally posted by AgentDarkApple View Post

I have a couple questions about RFID - is it true that you can disable the RFID chip in a passport, and if you do (without it being obvious), is the passport still valid?

What Thorn said was very correct. I even went so far as to ask the #2 man in charge of the enhanced passports at the State Department about that and he said exactly that. Since there are a variety of valid reasons that the tag would stop working, it does not negate the legality of the document, however it may lead to extra scrutiny.

The Tine Foil hat that they have in the cover does work to block the signal, however it's rigidity makes it want to pop open about an inch that negates the property of blocking the signal, so an elastic band around the passport is necessary at the minimum

As for legalities of 'disabling' the tag, that's again, something for the lawyers, however I would add that it's not illegal to accidentally wash your passport and wreck it, so if you accidentally drop an anvil on the back cover of the passport from a great height, it's not your fault. I actually have video of one of these 'accidents' happening.

At most, it's an 'opt out' that will get you more scrutiny, but not much else, particularly if your passport gets a work out. That said, should the full plan ever be implemented where they include other biometrics to compare against at the border (fingerprint on the passport much match the hand in front of them), the integrity of the tag will suddenly be alot more important.

**AgentDarkApple** · October 28, 2009, 15:24

Re: Learning about RFID

Thanks guys! I may just buy one of the cases from thinkgeek.com or make a sickeningly girly one with a foil layer in between (I'm handy with sewing). I don't want to disable the RFID if it means the possibility of extra searches, esp if they searched my laptop - it probably could get me into some trouble

**Thorn** · October 28, 2009, 16:18

Re: Learning about RFID

Originally posted by AgentDarkApple View Post

Thanks guys! I may just buy one of the cases from thinkgeek.com or make a sickeningly girly one with a foil layer in between (I'm handy with sewing).

You're welcome.

Originally posted by AgentDarkApple View Post

I don't want to disable the RFID if it means the possibility of extra searches, esp if they searched my laptop - it probably could get me into some trouble

Be careful if you do have any data that might be considered contraband; the current laws governing border control allow for seizure and search of any electronic device without a warrant. Worse, under current case law, you can be compelled to give up a password used for any encryption.

**valkyrie** · October 28, 2009, 19:59

Re: Learning about RFID

Originally posted by Thorn View Post

You're welcome.
Be careful if you do have any data that might be considered contraband; the current laws governing border control allow for seizure and search of any electronic device without a warrant. Worse, under current case law, you can be compelled to give up a password used for any encryption.

Since just about anything can be considered contraband now days you may wish to consider traveling with a completely clean system and shipping your data on a USB or CD, or pre-shipping your system(s) going and coming. A bit of a hassle but definitely worth it when you are yanked out of the herd for "special handling" which seems to be happening to me on an ever escalating basis. :-) YMMV.

Regards,

valkyrie
________________________________
sapere aude

**lunchb0x** · October 29, 2009, 06:53

Re: Learning about RFID

Book arrived the other day but havent had any time to read much of it yet and wont have any money to buy a reader yet ( Just bought a key machine to play with)

Originally posted by AgentDarkApple View Post

Thanks guys! I may just buy one of the cases from thinkgeek.com or make a sickeningly girly one with a foil layer in between (I'm handy with sewing). I don't want to disable the RFID if it means the possibility of extra searches, esp if they searched my laptop - it probably could get me into some trouble

I got my wallet from http://www.difrwear.com which was cheap and made pretty well, also it does work pretty good as I had a small chance to play around with it.

Announcement

Learning about RFID

Learning about RFID

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment