Reversing an entry card - How to find out what type of RFID hardware I need to read the chip?

  • I have an acccess/entry card chip I want to copy for demonstrational purposes. However I am not sure how I can find out what type of RFID reader I need to get a hold of.

    Does anyone have a suggestion how I can figure out what type of chip it is and thus what type of reader I need to be able to copy it?

    Possible use cases:

    • Social engineering the business who owns the card or the card issuer (ex. G4S) and try find out the manufacturer is.
    • Oscilloscope - Read the frequency and get a reader with the same scope.
    • Dissolving the card (ex. with nail polish remover) and try find out who the manufacturer is by looking for clues on the chip or on the plastic.

    I would inspect the hardware used for reading the cards. You are almost sure to find a vendor and model number written on it.

    Though I understand your security-purpose, it does sound like this part of the task would be better asked elsewhere, no? RFID is not an inherently "security" technology...

    @Karrax, might be worth a shot - unless you already got here what you needed...

    Rook's answer seems like exactly what I want :) thank you.

  • rook

    rook Correct answer

    10 years ago

    You only need one RFID device, its the Proxmark3. There are many protocols and frequencies used by RFID and the Proxmark3 tries to support all of them. It is open source hardware and software and breaks every commercial RFID card I know of. The real problem with RFID is that you have a very limited power usage so you are forced to use weak crypto systems. Often times they rely upon security though obscurity, and the Proxmark3 is designed to overcome this.

    It breaks even cards of Mifare DESFire line?

    @domen DESFire I think you mean "30YearOldFire", no one should be using DES for anything.

    Myeah, that's the state of NFC cards, and those are often used for access controls and for fare payments. Can you list some references for breaking DES3 on DESFire EV1/2?

    @domen If you aren't using a NIST approved algorithm then the protocol is already broken. If you search for "DESfire proxmark" I'm sure you will find more than one exploit.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM