Fake Your ID Photos – The 3D Way

Photographs for identification purposes have strict requirements. Lighting, expression, and framing are all controlled to enable authorities to quickly and effectively use them to identify individuals reliably. But what if you created an entirely fake photograph from scratch? That’s exactly what [Raphael Fabre] set out to do.

With today’s 3D modelling tools, human faces can be created in extreme detail. Using these, [Raphael] set out to create a 3D model of himself, which was then used to render images simulating a passport photograph. Not content to end the project there, [Raphael] put his digital doppelgänger to the test – applying for a French identification card. He succeeded.

While the technology to create and render high-quality human faces has existed for a while, it’s impressive that [Raphael]’s work passed for genuine human. Obviously there’s something to be said for the likelihood of an overworked civil servant catching this sort of ruse, but the simple fact is, the images made it through the process, and [Raphael] has his ID. Theoretically, this leaves open the possibility of creating entirely fictitious characters and registering them as real citizens with the state, for all manner of nefarious purposes. If you do this, particularly on a grand scale, be sure to submit it to the tip line.

We’ve seen other concerning ID hacks before, such as this attempt at hacking RFIDs in Passport Cards.

Making a Hackerspace Passport Stamp

How To Make A Hackerspace Passport Stamp

A few years ago, [Mitch Altman] from Noisebridge came up with the idea of a Hackerspace Passport. The idea behind it was not to hinder or monitor travels but to encourage visiting other hackerspaces. These passports can be purchased for just a few dollars or, in true open source fashion, be made with nothing more than a computer printer… the Hackerspace Passport design files are totally free and available here.

So next time you’re visiting a new hackerspace, bring your passport and get it stamped to document the trip…. and that brings us to the point of this post: The Stamp. At around $25, having a custom ink stamp made at an office supply store isn’t that much money, but buying a stamp is not as fun as making one! That is what we are going to do today; make a stamp… or more specifically, several stamps using different techniques. Then we’ll compare the performance of each method.

DESIGN

Since this is Hackaday, we will be making a Hackaday Logo stamp. Back a couple years ago we ran a contest asking folks to make unique things with the Hackaday logo. To make it easy for the entrants, the Hackaday logo was made available in SVG format. We’ll start with that, since it is available, and make a minor change by adding some lettering, as most soon-to-be stamp makers will probably want letters on their stamps too. This is easily done in the FOSS vector graphic editor software: Inkscape.

The stamp size is important. A Hackerspace Passport page has room for 4 stamps up to 41 x 47mm and we’ll try to keep our stamp within those limits.

Continue reading “How To Make A Hackerspace Passport Stamp”

Terminate RFID Tags

This gun hunts only RFID tags.[mnt], who brought us laser gesture control, built this RFID Zapper but included so much more. Any good weapon has to sound mean, a feat he’s accomplished by incorporating an MP3 player into the rifle. The coil that zaps the RFID tag is powered by a photo-flash unit, but for visual feedback he’s got a second unit that flashes light to signal the demise of your German passport (see the video after the break).

It’s hard to believe we haven’t covered RFID Zappers yet. The concept came out of the Chaos Communication Congress a few years back. This method works by sending a very strong electromagnetic field through the RFID tag that causes it to burn out. There’s a wiki post on RFID Zappers but Firefox threw a certificate warning when we loaded it up; read at your own risk.

Continue reading “Terminate RFID Tags”

ShmooCon 2009: Chris Paget’s RFID Cloning Talk

[googlevideo=http://video.google.com/videoplay?docid=-282861825889939203]

When we first saw [Chris Paget]’s cloning video, our reaction was pretty ‘meh’. We’d seen RFID cloning before and the Mifare crack was probably the last time RFID was actually interesting. His ShmooCon presentation, embedded above, caught us completely off-guard. It’s very informative; we highly recommend it.

The hardest part about selling this talk is that it has to use two overloaded words: ‘RFID’ and ‘passport’. The Passport Card, which is part the the Western Hemisphere Travel Initiative (WHTI), is not like the passport book that you’re familiar with. It has the form factor of a driver’s license and can only be used for land and sea travel between the USA, Canada, the Caribbean region, Bermuda, and Mexico. They’ve only started issuing them this year.

Continue reading “ShmooCon 2009: Chris Paget’s RFID Cloning Talk”

Mobile RFID Scanning

[youtube=http://www.youtube.com/watch?v=9isKnDiJNPk]

[Chris Paget] is going to be presenting at ShmooCon 2009 in Washington D.C. this week. He gave a preview of his RFID talk to The Register. The video above demos reading and logging unique IDs of random tags and Passport Cards while cruising around San Francisco. He’s using a Symbol XR400 RFID reader and a Motorola AN400 patch antenna mounted inside of his car. This is industrial gear usually used to track the movement of packages or livestock. It’s a generation newer than what Flexilis used to set their distance reading records in 2005.

The unique ID number on Passport Cards doesn’t divulge the owners private details, but it’s still unique to them. It can be used to track the owner and when combined with other details, like their RFID credit card, a profile of that person can be built. This is why the ACLU opposes Passport Cards in their current form. The US does provide a shielding sleeve for the card… of course it’s mailed to you with the card placed outside of the sleeve.

Technology exists to generate a random ID every time an RFID card is being read. The RFIDIOt tools were recently updated for RANDOM_UID support.

[Thanks Zort]