Proximity Card Spoofer: Proxmarkii

proximity card spoofer

I had seen the link for Jonathan Westhues’s original proximity card spoofer floating around recently and decided to check out the site to see if anything had changed since we originally covered the story. Well, he’s got a brand new version. This one has far more features than the original, mostly because of the extra processing power provided by an Atmel AT91. The new spoofer can handle multiple modulation schemes; which means it is capable of copying almost any 125kHz or 13.56GHz ID-only card. Although it can’t clone cryptographic cards, it does have a full feature set for communicating with them. By connecting the USB port to a computer you can see an “oscilloscope view” of the signal from the card to assist in writing demodulation code. If you are serious about doing RFID research this hardware is a must-have. You could buy a standard reader, but that would tell you nothing about the protocol. This is definitely a clever tool and certainly impressive for something smaller than a business card.

UPDATE: Jonathan Westhue’s work was mentioned in a CNN story Feb 14th. You can watch the video here. [thanks David]

9 thoughts on “Proximity Card Spoofer: Proxmarkii

  1. This one scares me abit – I’m in charge of my companies security, and I can see how this could be mis-used as a concealed proximity card “recorder”, if you will. Something this small could be integrated into a small device that could be concealed in or around the intended proximty reader; Readers at door entrances and exits, parking lot or parking garage entrances or exits, electronic highway toll readers, the new RFID credit card chip readers, the EZPass “wands” at some gas stations… Or maybe I’m just paranoid.

  2. working for a company that sells access control systems, this isn’t the first time I’ve heard of devices like these. if you are really paranoid about security you should think about upgrading to a product like HID’s iCLASS readers. These readers use mutual authentication and are encrypted. they also support des and triple des encryption for card data for the extremely paranoid.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.