Post

Scratching RFID Exploitation - 0x02

Posted
nil, "lqip"=>nil, "alt"=>nil}" class="preview-img" alt="Preview Image" w="1200" h="630" >
By 2 min read

Decided to build myself a RFID Reader/Writer using Arduino Uno and the RC522 RFID module.

Setting up the modules

Arduino is used for the whole computation and communicating with the RFID module. The stuff required to build one are:

  1. Arduino Uno - (Arduino Nano would probably do too)
  2. RFID RC522 module
  3. Jumper wires
  4. Breadboards and LED’s for later addition.

The schematics and instructions for making the same can be found here

Once the hardware is setup, the next thing to do is to install the Arduino IDE and import the libraries

Arduino IDE: https://www.arduino.cc/en/software

Import the libraries

Open the library manager in Arduino IDE and search for MFRC522. The same can be found in this GitHub Repo. You can import it either way, from the library manager or download the latest release from the repository and import it to the IDE.

drawing

Demonstration

Plug in the Arduino and confirm that the drivers are installed and is detected in the IDE.

drawing

Check if the Board and Port are selected as per the device model.

drawing

There are many sketches available in the imported RFID library. Interesting one seems to be RFID-Cloner.

drawing

Ran the firmware_check sketch from the imported RFID library to check if the hardware is working properly.

drawing

To test the basic functionality of the reader I ran the Dumpinfo which dumps the data contained in an RFID card in HEX format

drawing

This is a MIFARE 1KB card which has 16 sector blocks, having operating frequency 13.56MHz.

drawing

This is a blank card, the only info here is just for the sector headers and rest of the data is empty. Card UID is the identifying number of a RFID card.

Since the cards I have with me right now are all blank, and contains only the UID, cloning wouldn’t work as there’s no data to clone. In this case, tried out to change the UID of the card to that of a different one.

drawing

This didn’t workout unfortunately as the cards are not writable, in order to change the UID of a card sector 0 must be enabled as writable. Might need to buy in new cards which have write access enabled.

Another thing I learned is that you wouldn’t be able to dump data of all cards which have RFID enabled, for example I tried to dump the data of an expired Metro card - the card had PICC complaince implemented which doesn’t allow dumping of the data, you can only view the UID of the card which is pretty much useless for cloning. More info: https://www.nxp.com/docs/en/application-note/AN10834.pdf

drawing

Research
RFID Physical Security
This post is licensed under CC BY 4.0 by the author.