RFID for Beginners++ presented at BlackHatDC 2007

by Chris Paget,

URL : https://www.blackhat.com/presentations/bh-usa-07/Paget/Presentation/bh-usa-07-paget.pdf

Summary : Black Hat DC 2007 was supposed to be the venue for "RFID For Beginners", a talk on the basic mechanisms of operation used by RFID tags. Legal pressure forced the talk to be curtailed, with only 25% of the material being presented. The remainder was replaced with a Panel debate involving IOActive, US-CERT, ACLU, Blackhat, and Grand Idea Studio. After spending far too much time and money dealing with lawyers and consulting with some strategic allies, IOActive has made some relatively minor tweaks to the original presentation, which will be presented as the first part of this talk.
The second part of the talk introduces Cloner 2.0. The first Cloner was designed to be as simplistic as possible, and succeeded at the cost of read range, flexibility, and overall sophistication. Cloner 2.0 aims to address these concerns with a significantly enhanced read range, a "passive" mode to sniff the exchange between tags and legitimate readers, multitag storage capability, multiple RF frontends and an enhanced software backend to support many different type of Proximity tags, and overall improvements in reliability and flexibility.
While we won't be able to give you full schematics or the names of any vendors whose tags can be cloned, we will be including significant information (including useful snippets of source and circuit diagram fragments) that will allow you to more deeply understand the significant flaws in older RFID technologies. This talk will give you th information you need to make informed decisions about the use and mis-use of the most common RFID implementations available today.
Abstract for the original "RFID for Beginners" talk: RFID tags are becoming more and more prevalent. From access badges to implantable Verichips, RFID tags are finding more and more uses. Few people in the security world actually understand RFID though; the "radio" stuff gets in the way. This presentation aims to bridge that gap, by delivering sufficient information to design and build a working RFID cloner based around a single chipthe PIC16F628A. Assuming no initial knowledge of electronics, I'll explain everything you need to know in order to build a working cloner, understand how it works, and see exactly why RFID is so insecure and untrustworthy. Covering everything from Magnetic Fields to Manchester Encoding, this presentation is suitable for anyone who is considering implementing an RFID system, considering hacking an RFID system, or who just wants to know a little more about the inductively coupled, ASK modulated, backscattering system known as RFID.