25C3 -

25th Chaos Communication Congress
Nothing to hide

Boris Danev
Day Day 1 (2008-12-27)
Room Saal 3
Start time 16:00
Duration 01:00
ID 2845
Event type lecture
Track Hacking
Language used for presentation en

RF fingerprinting of RFID

In the lecture portion of this workshop we will present an overview of existing and our own novel methods for hacking electronic passports and driver's licenses including novel radio frequency fingerprinting techniques.

In the the hands-on section we will show participants entering with basic radio experience how to conduct experiments with RFID and reverse engineer proprietary protocols.

High frequency proximity transponders (RFID tags) are already present in most new passports, and will soon be in new generations of driver's licenses. In general the data on these tags is "protected by cryptography". In part 1 of this presentation (lecture) we will explore the wealth of information obtainable from electronic passports and driver's licenses without attacking the cryptography itself. We will ignore the application layer where this crypto resides, and focus on protocol and physical layer weaknesses. We will present related work by a variety of authors, as well as novel as-yet unpublished work of our own which promises to provide better fingerprinting of passports and driver's licenses than any previously demonstrated techniques.

In part 2 (workshop) we will examine in depth different options for RFID hacking and reverse engineering, both on the reader side and the card side, from the physical layer up to the application layer. We will show hands-on the process of data acquisition for RF fingerprinting. Participants in the workshop will come away with knowledge sufficient to begin their own RFID experiments including reverse engineering of proprietary protocols.