• Goa'17
  • Training
  • Practical RFID/NFC Hacking Training

Practical RFID/NFC Hacking Training

Adam Laurie

Trainer Name: Adam Laurie
Title: Practical RFID/NFC Hacking Training
Duration: 2 Days
Dates: 1st - 2nd March

Objective

RFID and NFC are now ever present in our daily lives. As well as using it for new services such as Apple Pay and keyless car entry, we are now quite used to getting in and out of hotel rooms, offices, clubs and even rental cars using the simplicity and convenience of contactless cards. But how secure are they? Have the vendors kept up with the hackers in the security arms race? In this course you'll learn how to determine if the access control system you or your customer is using to protect the data centre or office space is actually secure, or should you have simply hung a key on the door with a sign saying "please don't use me" on it?

Course outline

Day 1

LF (125/134 kHz) theory & practice:

  • Modulation schemes
  • Tag types
  • Reading/Writing
  • Emulation
  • Cracking
  • Access Control back-end (Wiegand / Clock & Data)
Day 2

HF (13.56 MHz) theory & practice:

  • Modulation schemes
  • Tag types
  • Reading/Writing
  • Emulation
  • Cracking
  • Payment systems (EMV)

Who Should Take this Course ?

  • Pentesters/security professional
  • Embedded security enthusiast
  • Red Teams

Pre-requisites

  • Basic knowledge of access control and payment systems
  • Basic knowledge of Linux OS
  • Basic knowledge of programming (C, python) would be a plus
  • Basic knowledge of signal processing would be a plus

What attendees should bring ?

  • Laptop with working USB and a DVD drive
  • Linux is preferred but most tools can be run under Windows or Mac
  • Students should be prepared to install drivers and/or software, or to run a pre-packaged distribution such as Kali

What attendees will be provided With ?

  • RFID readers, example cards and other devices Slides (PDF)

What to expect ?

  • Hands-on Labs
  • Reading, writing, cracking and cloning popular access control formats
  • Understanding back-end access control protocols
  • Understanding EMV card formats and protocols

What not to expect ?

  • Learning the magic trick to effortlessly open all doors!

About the Trainer

Adam Laurie is a security consultant working the in the field of electronic communications, and a Director of Aperture Labs Ltd. (http://aperturelabs.com) who specialise in reverse engineering of secure embedded systems. He started in the computer industry in the late Seventies, working as a computer programmer on PDP-8 and other mini computers, and then on various Unix, Dos and CP/M based micro computers as they emerged in the Eighties. He quickly became interested in the underlying network and data protocols, and moved his attention to those areas and away from programming, starting a data conversion company which rapidly grew to become Europe's largest specialist in that field (A.L. Downloading Services). During this period, he successfully disproved the industry lie that music CDs could not be read by computers, and wrote the world's first CD ripper, 'CDGRAB'. At this point, he became interested in the newly emerging concept of 'The Internet', and was involved in various early open source projects, the most well known of which is probably 'Apache-SSL', which went on to become the de-facto standard secure web server. Since the late Nineties he has focused his attention on security, and has been the author of various papers exposing flaws in Internet services and/or software, as well as pioneering the concept of re-using military data centres housed in underground nuclear bunkers as secure hosting facilities.

Adam aka "Major Malfunction" has been a senior member of staff at DEFCON since 1997 and is the POC for the London DEFCON chapter DC4420. Over the years has given presentations on forensics, magnetic stripe, EMV, InfraRed, RF, RFID, Terrestrial and Satellite TV hacking, and, of course, Magic Moonbeams. He is the author and maintainer of the open source python RFID exploration library 'RFIDIOt', which can be found at http://rfidiot.org.

blog:http://adamsblog.aperturelabs.com/

github:https://github.com/AdamLaurie

            https://github.com/ApertureLabsLtd/

twitter: @rfidiot

Copyright © 2023 | Nullcon India | International Security Conference | All Rights Reserved