No announcement yet.

DEFCON 27 Badge "No RF signature" SDR replay attack

  • Filter
  • Time
  • Show
Clear All
new posts

  • DEFCON 27 Badge "No RF signature" SDR replay attack

    Here's a quick write-up of our efforts to communicate with the badge using a HackRF One and magnetic loop antenna (RFEAN25).

    Rename GRC_and_PY_files.7z.pdf to GRC_and_PY_files.7z and extract using 7zip for GRC files.

    We also have a 966MB of capture files (all badge types) looking for hosting.

    Other useful information:
    Attached Files

  • #2
    Do you have that picture of the home brew antenna you showed me vs. what a real probe looks like?
    The Dark Tangent: Use PGP for email Key ID: 0x8B0B476D
    Fingerprint: EA2B 63F9 2219 9171 2AB1 0065 FC59 8B0B 476D


    • #3
      Would it be possible to drop the files into a google drive account? I'm interested in doing some analysis on that data you have. I also have some python code to generate messages (based on the original badge source code) and will be adding the modulation / demodulation scheme to your code that I'd like to test. I'm using a HackRF One and either the same sensor you used (RFEAN25), a whip antenna (not sure the model) or will make one to get better sensitivity in the right frequency range. The fact that the other group was able to get a good signal with a spool of what appears to be 30 AWG is pretty darn cool. The one you guys were using seems to suffer a bit in sensitivity at the lower frequency ranges (< 100 MHz) and I'm curious about what kind of distance I can get with the badge.

      P.S. - I'm that lady from Texas, super cool to see the work posted here. Hope your arm is getting better.