Cyclic redundancy codes (CRC) are a type of checksum commonly used to detect errors in data transmission. For instance, every Ethernet packet that brought you the web page you’re reading now carried with it a frame check sequence that was calculated using a CRC algorithm. Any corrupted packets that failed the check were discarded, and the missing data was detected and re-sent by higher-level protocols. While Ethernet uses a particularly common CRC, there are many, many different possibilities. When you’re reverse-engineering a protocol that contains a CRC, although it’s not intended as a security mechanism, it can throw a wrench in your plans. Luckily, if you know the right tool, you can figure it out from just a few sample messages.
A case in point was discussed recently on the hackaday.io Hack Chat, where [Thomas Flayols] came for help reverse engineering the protocol for some RFID tags used for race timing. Let’s have a look at the CRC, how it is commonly used, and how you can reverse-engineer a protocol that includes one, using [Thomas’] application as an example.
Continue reading “Reverse Engineering Cyclic Redundancy Codes”
Security researcher [Fran Brown] sent us this tip about his Tastic RFID Thief, which can stealthily snag the information off an RFID card at long range. If you’ve worked with passive RFID before, you know that most readers only work within inches of the card. In [Fran’s] DEFCON talk this summer he calls it the “ass-grabbing method” of trying to get a hidden antenna close enough to a target’s wallet.
His solution takes an off-the-shelf high-powered reader, (such as the HID MaxiProx 5375), and makes it amazingly portable by embedding 12 AA batteries and a custom PCB using an Arduino Nano to interpret the reader’s output. When the reader sees a nearby card, the information is parsed through the Nano and the data is both sent to an LCD screen and stored to a .txt file on a removable microSD card for later retrieval.
There are two short videos after the break: a demonstration of the Tastic RFID Thief and a quick look at its guts. If you’re considering reproducing this tool and you’re picking your jaw off the floor over the price of the reader, you can always try building your own…
Continue reading “RFID Reader Snoops Cards From 3 Feet Away”
[Eliot] and I hit [Major Malfunction]’s talk about RFID hacking. He’s put together a set of python scripts to read – and write RFID tags. He demo’d cloning a few tags – along with someone’s implanted RFID that’s used to lock and unlock a laptop. (It looked like the reader in the kit from ThinkGeek.) He’s kind enough to offer a selection of hardware on his site. (The usb RFID reader is pretty cheap.) His work has made plenty of headlines, including slashdot, but you can get the actual details, code and hardware on his site.