RFID security technology

Frequent RFID attacks

 

 

In recent years, there have been frequent RFID attacks at home and abroad. Some hackers have used RFID technology to crack various consumer cards, recharge cards, and then maliciously recharged consumer cards. Some of them have been sentenced. Currently, Iot is driving the development of mobile Internet. Many mobile terminals are also embedded with NFC functions for public transportation and mobile payment. many security problems are gradually exposed, more problems may be exposed in the future.


 

RFID attack simulation

 

1. card data sniffing

 

Most people generally carry various types of RF cards, which may contain personal information or verification information of the access control and monitoring system. Some attackers may use some devices to read the RF card information of the victim (whether the information can be read successfully depends on the communication distance between the RF Card ), then, by writing the data into a blank card or using other methods for replay attacks, you can obtain others' identity verification or other sensitive information.

2. Analog card data replay

 

Because the uid on the card cannot be written (except for special cards), for some card reading systems with uid recognition, it is sometimes necessary to simulate card data to bypass verification, which can be achieved through proxmark3. For example, it is used to simulate the UID value of a High-Frequency card:

The data signal sent by Proxmark3 is successfully read through the card reader:

 

3. Card Replication

 

In many access cards, the uid value in the memory header is often used as a judgment value. If we write it directly into a blank card, we can copy a card to access the door. However, because the uid of most cards is not writable, special cards that can be written by uid must be used. As for how to obtain such cards, you can use them on your own. Use the copy card to open the door:
 

Is to copy the meal card containing the consumption amount:
 

 

4. Card Data cracking and tampering

 

Some Mifare Classic cards (such as class A Cards) have been cracked for A long time, but they are still widely used, many companies, school access control, meal cards, card are still using such chip cards.

The following figure shows the data obtained after a canteen card is cracked. Only 1st slice has data. The following results are obtained through comparison of multiple recharge and consumption data:

 

1. The balance value has two bytes. The first byte represents a few corners, and the last byte represents a multiple of 256. The calculation unit is also an angle. For example, the balance before recharge is 64 00, that is, the balance is 0x64 = 100 = 10 yuan; after recharge, the balance is 58 02, that is, the balance is 0x58 + 2*256 = 60 yuan.

2. the test value is also composed of two bytes. For example, the above AE 01. Through data comparison, it is found that the value after recharge is irrelevant to the amount change, but is related to the consumption date, therefore, we can directly modify the balance below to achieve the purpose of recharge, because the consumption date above will not be changed during recharge, saving the steps to analyze the calculation principle of the test value.

 

For example, if we want to recharge the above 60 Meal cards to make the balance reach 256 yuan, we can directly58 02Change00 0A:
 

Test results:

What is RFID?

 

In academic terms, it is the "RFID (Radio Frequency IDentification) technology. It is a wireless communication technology that can identify specific targets and read and write relevant data through Radio signals, instead of identifying the mechanical or optical contact between the system and a specific target." This concept may not be easy to understand for most people, but if it is directly used for description, it should be more intuitive, that is, it is to help the user easily graph, map the trouble-free interaction technology. Common RFID products include traffic cards, access cards, debit cards, animal identity tags, and electronic tickets.

RFID consists of tags, readers, and antennas (sometimes middleware), as shown in figure (from the network ). The card reader sends radio signals of a certain frequency (including low frequency, high frequency, high frequency and microwave, and the high frequency 13.56MHz may be common in daily life) through a built-in antenna) after entering the magnetic field sensing range of the card reader, the card reader can obtain information about the tags.

What is the relationship between RFID and NFC?

 

I believe that many people cannot tell the relationship between RFID and NFC (short-range wireless communication technology). In Weibo or articles, we often see that the two are confused. The following points can be used to describe:

 

1. NFC itself evolved Based on RFID. RFID can barely be regarded as NFC's "dad ";

2. Frequency Band difference: NFC is limited to 13.56.MHz high-frequency segments. Unlike RFID, NFC is available in many frequencies;

3. Communication Distance Difference: NFC is mostly less than 10 cm, and RFID may be expanded to dozens of meters;

4. Differences in working modes: NFC can be used as RF cards, readers, or point-to-point modes because it integrates non-contact card readers, non-contact cards, and point-to-point functions into the same single-core chip, unlike RFID, which requires the combination of a reader and a tag, NFC is more lightweight and convenient, and focuses more on information interaction;

5. Differences in application scenarios: RFID is more widely used in production, logistics, and asset management. NFC is more suitable for manufacturers and enterprises, while NFC is more used in public transportation, access control, and mobile payment, it is more suitable for the masses.

 

Defense solution Discussion

 

Most of the time, we put all kinds of RF cards in our wallet, so a foreign manufacturer made a wallet that can defend against RFID hackers using stainless steel. The price is about 100 USD, it is said that thin as leather, touch as silk, local tyrants can try online. It uses the principle of "faradha Cage" to shield the interference of the external electric field, so as to prevent the RFID card in the wallet from being read by the outside world.

 
 

 

 

In addition, the following points may be used as a reference:

 

1. Avoid using Mfiare Classic Chip cards, and use chip cards with stronger encryption algorithms, such as CPU cards;

2. sensitive data such as the amount involved should be encrypted, and plaintext storage is prohibited;

3. online operations are performed between the card reader and the back-end host database, and system verification is performed through real-time connections;

4. Encrypt with uid and set the uid white list to increase the attacker's cracking cost, but may be bypassed by special cards;

5. non-default password encryption is adopted for the entire sector to increase the cracking cost, but brute-force cracking may be implemented through DarkSide.