23C3 - 1.5

23rd Chaos Communication Congress
Who can you trust?

Speakers
Melanie Rieback
Schedule
Day 2
Room Saal 1
Start time 16:00
Duration 01:00
Info
ID 1597
Event type Lecture
Track Hacking
Language English
Feedback

A Hacker's Toolkit for RFID Emulation and Jamming

Radio Frequency Identification (RFID) tags are remotely-powered data carriers, that are often touted as a "computer of the future", bringing intelligence to our homes and offices, optimizing our supply chains, and keeping a watchful eye on our pets, livestock, and kids.

However, many RFID systems rely upon the integrity of RFID tag data for their correct functioning. It has never been so easy to interfere with RFID systems; we have built a handheld device that performs RFID tag emulation and selective RFID tag jamming (sortof like a personal RFID firewall). Our device is compatible with the ISO 15693/14443A (13.56 MHz) standards, and fits into a shirt pocket. This presentation will explain the "nuts and bolts" of how tag spoofing and selective RFID jamming work, and will conclude by demonstrating this functionality.

Detailed Outline:

Part I - Introduction to RFID Technology (25 minutes)

- What is Radio Frequency Identification? (How it works, types of RFID, read ranges, etc..) - Typical RFID applications (Supply chain management, automated payment, access control, animal tagging, etc..) - RFID security/privacy threats (Unauthorized tag reading, tag spoofing / cloning, denial of Service)

Part II - RFID Emulation and Jamming (25 minutes)

- Overall architecture - Describe the HW architecture - XScale processor, Melexis RFID reader-on-a-chip, custom "tag" receiver/transmitter - Describe the SW architecture - E-Cos RTOS, ISO 14443/15693 stacks, high-level tasks, application-level code

- RFID Tag Emulation - Decoding incoming RFID queries - RFID tag "spoofing" - Describe how we produce the correct sideband frequencies

- Selective RFID jamming - Describe the Slotted-Aloha anticollision algorithm - Describe our selective (timeslot-specific) jamming method

- Live demonstration of RFID Guardian - RFID tag spoofing demo - Selective RFID jamming demo