Re: RFID descreatly stopped

Interesting...

I think this needs to be tracked down. RFIDANALYSIS.ORG is down for unknown reasons.

Inquiries are in progress...

Emailed Avi Rubin (away for RSA probably)
DNS looks good, domain is current

Re: RFID descreatly stopped

It needs to be tracked down because that's the only publicized research on those type of RFID systems. Everyone else is doing whatever the flavor of the month news sites are doing articles on.

Re: RFID descreatly stopped

There's still a fair amount of the research still around since I was also perusing the same goal along the same path at the same time.

For now, archive.org has a mirror of the pages, oddly, they stop mirroring in April 06:

http://web.archive.org/web/200502030...danalysis.org/

http://www.renderlab.net/temp/DSTbreak.pdf

Re: RFID descreatly stopped

i remember some of the people from this site were at dc14. im still VERRY interested in building a prototype of my own :D

http://www.rfidguardian.org/

Re: RFID descreatly stopped

RFID Guardian focuses on simple protocols like the ones that are implemented in Inventory tracking tags at retail outlets. They use a simple challenge response protocol compared to the systems in automobiles, and gas pump fobs which use pseudo random generated bit streams usually in 30bit length on most applications.

Information on those have been well publicized since the early nineties over the Internet.

With the systems in cars, and gas pump fobs you have to use some floating point gate arrays to respond correctly in time. Unless someone implemented something in code that cuts a corner in the processing time. A new dual core laptop with 2GB of RAM couldn't do the floating point operations before the internal counter reaches its end.

Most people who are still doing text's, and articles on auto theft(like the code catcher articles) discredit there material by not mentioning the transponder systems implemented in nearly every car manufactured(~82%) since the mid nineties. With the exception of a resistor based contact system implemented by GM for a few years no car thief if gonna bypass the system with jumper wires, or by popping the ignition.

The infamous car thief's in California just use cloned keys which if you have the VIN are readily available from any low paid desk clerk at a licensed garage. They can get the transponder stamp for the cloner machine, and the key blade type, and cut depths from a internal database, and make the key on the spot. Of course this is a weakness if hiring practices, and not the system itself.

Re: RFID descreatly stopped

Note, the TI system was not time dependent

The use of a rainbow lookup table might be fast enough to respond to such requests in a reasonable amount of time.

It's an arms race, pure and simple.

Re: RFID descreatly stopped

It would have to have some form of functions based on clock cycles because that's how you reset, and program some features in the ECM, and BCM.


From what I've seen with the TI systems is if you don't respond with the right sum after maybe 7 clock cycles which is ~.5 seconds it goes into a lock down mode, and you have to use a valid transponder, and do a certain switch rotation sequence to activate the system again.


Also another human based flaw in the system is the fact dealerships put a valid key in the glove department in the owners manual case. Most thief's just hop in, and use that key to start the car. It's the equivelant to leaving default login credentials in a server.