Journals

CodeBreakers Journal
Assembly Programming Journal

Journal Issues

Vol.5, No.1, 2008
Vol.4, No.2, 2007
Vol.4, No.1, 2007
Vol.3, No.2, 2006
RECON2006 Conf. Proc.
Vol.3, No.1, 2006
RECON2005 Conf. Proc.
Vol.2, No.1, 2005
Vol.1, No.2, 2004
Vol.1, No.1, 2004

Statistics

Members: 1925
News: 292
Web Links: 1
Visitors: 3645484

Who's Online

Damn Vulnerable LinuxDamn Vulnerable Linux (DVL) is a Linux-based (modified Damn Small Linux) tool for IT-Security & IT-Anti- Security and Attack & Defense. [CLICK HERE FOR MORE INFOS! ]

Featured Conference Video

T16-Recon2006-Joe_Stewart-OllyBonE.gif OllyBone - Semi-Automatic Unpacking on IA-32. View the conference video here!
Home
Practical Attacks on a Proximity Card
User Rating: / 0
PoorBest 
Written by Jonathan Westhues   
Side Story
Process Stalking - Run-Time Visual Reverse Engineering

Process Stalking® is a term coined to describe the combined process of run-time profiling, state mapping and tracing. Consisting of a series of tools and scripts the goal of a successful stalk is to provide the reverse engineer with a intuitive interface to run-time block-level trace data.

The Process Stalking suite is broken into three main components; an IDA Pro plug-in, a stand alone tracing tool and a series of Python scripts for instrumenting intermediary and GML graph files. The generated GML graph definitions were designed for usage with a freely available interactive graph visualization tool.

Read More >>



Proximity cards' are commonly used as high-tech replacements for magstripe cards or metal keys: you hold the card within a few inches of the reader, and the door clicks open. They are interesting because they are routinely used to control access to property or services. These cards contain electronic circuitry that authenticates them to the reader using a radio link.

Many such systems are designed with no security at all. This means that the only barrier to entry is the complexity of the protocol spoken over the air. Commercial prox cards use full-custom ICs that represent millions of dollars in development costs. I will describe the protocol used by the Motorola Flexpass cards, and then I will explain how to build a device capable of `cloning' such a card for under a hundred dollars. This is the same idea as taking a wax impression of a key, but you can do it over a distance of inches or feet, without removing the card from its owner's wallet.

Techniques to fix this are obvious and will only be mentioned briefly. A proximity card is really just a particular type of passive RFID tag. applications of these attacks to other kinds of RFID tags will also be discussed. Some knowledge of communications theory would be useful but is not required.
Download: pdf Practical Attacks on a Proximity Card

Download: pdf Practical Attacks on a Proximity Card