Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2013-07-31 17:07:08

robertpalmerjr
Contributor
Registered: 2010-04-30
Posts: 23

Defcon anyone?

Is anyone from the proxmark community going to be at Defcon?  I will be there if anyone would be interested in meeting.

Offline

#2 2013-08-08 19:02:09

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Defcon anyone?

Crap, I was there, but didn't read this post in time... Did you see the presentation by Francis Brown ? That was the only rfid-talk I noticed, and basically the 'core stuff' was the same as this : http://proxclone.com/Long_Range_Cloner.html

Offline

#3 2013-08-08 19:51:21

robertpalmerjr
Contributor
Registered: 2010-04-30
Posts: 23

Re: Defcon anyone?

Yes, I saw the presentation.  Hmm, I hadn't seen that web site.  That looks almost exactly like his project.  Is it possible that he was the one that created that web site?  Even the pictures look the same.

The interesting thing to note here is that there is really very little that is novel.  Primarily it's pulling all the information together and packaging to make it portable.  Also, what this points out is that HID's use of ONE key for all readers means that buying any reader gets you a valid key and the reader already does the decryption for you, BONUS!  It screams at you that any RFID system, that you have any hope of securing, should have programmable keys for the reader as well as for the tags.  Now I believe that HID has begun offering that option, on a site by site basis, but then you can fall back to brute-force cracking the keys.  I don't remember which algorithm they used.

From a practical standpoint, he made it very clear to any facility manager watching that they're pretty much wide open, and I think that was the point.  The access control systems NEED to be upgraded.  There are newer approaches that are much more secure.

Offline

#4 2013-08-13 09:52:46

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Defcon anyone?

robertpalmerjr wrote:

Yes, I saw the presentation.  Hmm, I hadn't seen that web site.  That looks almost exactly like his project.  Is it possible that he was the one that created that web site?  Even the pictures look the same.

Nope, not him, I asked him about it after the talk.

Offline

#5 2013-08-13 15:17:09

robertpalmerjr
Contributor
Registered: 2010-04-30
Posts: 23

Re: Defcon anyone?

I looked closer at the design and realized it wasn't him.  The one posted is based on a Parallax processor and includes the cloning feature as part of the overall package.  The Francis Brown presentation used the Proxmark for cloning separately and used an Arduino for the controller.  I'm curious, did he know about the Long_Range_Cloner project?  If so, did he indicate why he chose the route he did?

Offline

#6 2013-08-13 20:16:48

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Defcon anyone?

When I asked him about it, he didn't seem to be aware about it, so I didn't pursue it...

Offline

#7 2013-08-17 22:51:09

KovakKnight
Member
Registered: 2013-08-17
Posts: 2

Re: Defcon anyone?

Francis Brown most certainly did know about the proxclone.com site as he included pictures from the site (complete with web address watermark) in his Blackhat slides. Slides that he later deleted from his Defcon talk.

At his Defcon talk (along with prior PR from Bishop Fox) he went out of his way to portray his device as being new and innovative when it clearly was heavily influenced by the prior research of ProxClone.com. Him claiming not to have heard of the site is completely ridiculous. He is quickly trending  towards an attrition.org level of plagiarism.

Offline

#8 2013-08-18 09:35:42

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Defcon anyone?

I wouldn't go so far; when I wrote "he didn't seem to be aware about it" - it was not that he explicitly said so, that was just *my* impression. Also, I didn't mention 'proxclone' by name, since I didn't remember the name of it at that moment. So don't go accusing him of something on account of what I wrote...

Offline

#9 2013-08-18 15:35:07

KovakKnight
Member
Registered: 2013-08-17
Posts: 2

Re: Defcon anyone?

Fair enough. My opinion of it being plagiarized was formed while sitting in the talk and hearing him describe the exact solution provided by proxclone for long range cloning  without giving even a hint of credit to the original researcher who did most of the work to make it happen.

I just believe in giving credit where credit is due.

Offline

#10 2013-08-19 08:58:56

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Defcon anyone?

KovakKnight wrote:

I just believe in giving credit where credit is due.

Sure, I agree, he should have mentioned proxclone.

However, even if it has been done before, the proxclone author (who I believe is a member of this forum) hasn't released the full schematics and/or source code, and Francis Brown obviously did it his own way, using arduino, and also released the schematics and sourcecode.

Offline

#11 2013-08-30 00:41:09

tastic
Member
Registered: 2012-07-01
Posts: 5

Re: Defcon anyone?

Man oh man, the Google Alerts I set to track RFID hacking related discussions are blowing up -- with entries on multiple comments, made in multiple discussion boards, found across multiple sites … all of KovakKnight badmouthing my RFID Hacking presentation.  I suppose I should address this.

KovakKnight wrote:

Francis Brown most certainly did know about the proxclone.com site as he included pictures from the site (complete with web address watermark) in his Blackhat slides. Slides that he later deleted from his Defcon talk.

At his Defcon talk (along with prior PR from Bishop Fox) he went out of his way to portray his device as being new and innovative when it clearly was heavily influenced by the prior research of ProxClone.com. Him claiming not to have heard of the site is completely ridiculous. He is quickly trending  towards an attrition.org level of plagiarism.

To answer your question, yes I had seen the ProxClone website before.  I had also seen the Wired magazine article (http://www.wired.com/threatlevel/2009/08/fed-rfid/) describing something similar as well.  In both cases, neither tool was actually released.

In interviews related to the Black Hat / DEF CON talks (e.g. ThreatPost, Dark Reading, eWeek), I told reporters that I had seen examples of custom solutions that people had discussed and posted photos of, but that had never actually ended up releasing the tools, schematics, code, guidance, or anything that would remotely be useful in replicating what they had done.  This holds especially true for your average Fortune 1000 security professional trying to get setup for an RFID penetration test.

I also addressed this in the presentation slide notes (slide 21 – Tastic Solution).  See screenshot of the PowerPoint notes here, which are also embedded in PDF version notes on Black Hat’s website. I made a point in both presentations to let the audience know that I had detailed notes, references, and resource URLs in the presentation slides notes for anyone who wanted additional information on the material.  So I guess you can say “plagiarism” is a bit strong of description – ya know, since it’s not plagiarism…

At the start, I needed to break into a building, plain and simple.  In preparing for my first RFID penetration test, I poured through article after article, and presentation after presentation.  I constantly had to read about things like the ProxClone, ProxPick, and other custom tools such as the one described in the Wired article.  Those are great for the people who invented them and had copies of them. But as far as I am concerned, they are worthless to me.  They were never released, and provided absolutely zero value to me for my purposes of trying to perform a successful RFID pentest.

My frustration over the lack of viable tools and straightforward guidance amid the overwhelming noise is what initially led to the idea for the RFID Hacking: Live Free or RFID Hard presentation.  I wanted something akin to a Hacking Exposed: RFID  – with just the best tools and techniques I’d need to know in order to pull off a successful pentest.  It just didn’t exist.  My expressed goal for the talk was to provide that PRACTICAL guidance on RFID hacking tools and techniques, something security professionals could actually use in penetration testing. 

The tool discussed in the Wired magazine said they’d be releasing a $50 kit you could use to recreate it at h4rdw4re.com.  It never happened.  On the ProxClone contact page (http://proxclone.com/contact.html), he specifically says he will not be releasing his code and not to ask.  Ultimately he posted some pictures and an electrical diagram.  Neither of these are practical or useful to your average security professional trying to get up and running for an RFID pentest.

By contrast, I actually released what I built.  I released the parts list, Fritzing diagram (also Extended Gerber format), and Arduino code.  After ordering and receiving parts, you have all you need to get up and running in a couple hours.  I’ve been getting lots of emails from people excited because they were able to get a version of their own up and running in an afternoon, most with photos of their new tool.  I’m going to re-state that because it bears repeating.  They got up and running in an afternoon.  I would have killed for something that got me up and running in an afternoon before.  Instead, I had to code, design, build, and lord knows troubleshoot my own device from scratch over the course of several weeks.  I am more than happy to have released the results as to save others the time and trouble.  If you don’t see value in that, then I don’t know what to tell you.

The presentation slides and updated tool files are up on our website.  In the near future I’m going to provide further guidance on building the tool and RFID hacking via blog posts.  I’ll also be releasing a educational short video series called RFID Hacking: 60 Seconds or Less in the next week or so as well.  I hope you all enjoy:

http://www.bishopfox.com/resources/tools/rfid-hacking/attack-tools/

slide21

Offline

#12 2013-08-30 01:42:23

robertpalmerjr
Contributor
Registered: 2010-04-30
Posts: 23

Re: Defcon anyone?

tastic,

I absolutely see significant value in that - 'that' being your contribution of sources, instructions, etc.  I guess I missed that as the main point of your talk at Defcon.  I came away with the impression that the main point was the capability, not that the main point was to create something that was easy for someone else to recreate for their own use.  Sometimes as experts, we forget how complex some things can be for those that aren't experts.

Thank you again for your contribution.

Offline

#13 2013-08-30 05:21:20

vivat
Contributor
Registered: 2010-10-26
Posts: 332

Re: Defcon anyone?

tastic
How much money do I need to build your project?
Can you add support for EM4100 thin 0.8 mm cards?

Offline

#14 2013-08-30 07:57:31

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Defcon anyone?

@tastic, I'll second @robertpalmerjr's post. Since proxclone is a member here (carl55, if I recall correctly) and I'd read about it some time before, I had kind of assumed that the proxclone thingy was open source and old news, and so I was not very impressed by the talk at the time. After this discussion started, I went back and saw that it wasn't.

An open source implementation is definitely very valuable, so kudos for doing that!
I'm sorry to hear you getting badmouthed on the net.

Also, now that you're here, I namedropped you in another topic, regarding hf snooping. Have you looked anything into that area? (http://www.proxmark.org/forum/viewtopic.php?id=1732)

Offline

#15 2013-09-01 01:14:58

Bugman1400
Contributor
Registered: 2010-12-20
Posts: 132

Re: Defcon anyone?

I honestly thought you plagarized Carl55's photos but, as holiman did, I took a closer look at the photos and I can see the difference. Carl55 has contributed a lot to this forum and has helped me with any question I ever had. I do not blame him for not releasing the hard work that he put into coding involved with his experiments. I don't see anything wrong with trying to reproduce what others have done. I tried to reproduce his Reader/Cloner but, reached a stopping point with the coding. At least, I learned about the 44780 display, PCB design and software, and how to order custom PCBs. Perhaps with your open coding, I can finish what I started.

Nice contribution!

Offline

#16 2013-10-02 13:28:19

tastic
Member
Registered: 2012-07-01
Posts: 5

Re: Defcon anyone?

vivat wrote:

tastic
How much money do I need to build your project?
Can you add support for EM4100 thin 0.8 mm cards?

Hey vivat, sorry for taking so long to respond.

It can support pretty much any card type if you can find a reader that handles that card type and has a standard Wiegand data0/data1 output (see: https://en.wikipedia.org/wiki/Wiegand_interface)

The general cost breakdown to recreate the PCB that gets inserted into commcercial RFID readers is:
~$89 for pcb + parts = PCB printed cost (~$33) + PCB parts cost (~$56)

That gives you a PCB that looks like:
pcbwparts

The parts list with prices is on our site at:
http://www.bishopfox.com/resources/tools/rfid-hacking/attack-tools/

Note, that ~$89 only gets you the PCB that you can plugin into commercial RFID readers, but not the actual long range reader I am using.  The actual reader (if you get a good one) is the most expensive part.  I got the one in the screenshots (i.e. the HID MaxiProx 5375AGN00) on eBay for ~$472.

Hope this helps.

Offline

#17 2013-10-02 13:48:21

tastic
Member
Registered: 2012-07-01
Posts: 5

Re: Defcon anyone?

KovakKnight wrote:

Francis Brown most certainly did know about the proxclone.com site as he included pictures from the site (complete with web address watermark) in his Blackhat slides. Slides that he later deleted from his Defcon talk.

At his Defcon talk (along with prior PR from Bishop Fox) he went out of his way to portray his device as being new and innovative when it clearly was heavily influenced by the prior research of ProxClone.com. Him claiming not to have heard of the site is completely ridiculous. He is quickly trending  towards an attrition.org level of plagiarism.

To follow-up on this, I realized that I did actually discuss the Proxclone and other related custom solutions in the Black Hat talk (in which I had considerably more time than the DEF CON version).  It's at 7min47sec in, which this YouTube link should take you directly to:
http://www.youtube.com/watch?v=1fszkxcJt7U#t=467

Also, fyi, for those interested both the Black Hat USA 2013 and DEF CON 21 (2013) talk videos for RFID Hacking: Live Free or RFID Hard are up on our site.  They can be found at:
http://www.bishopfox.com/resources/tools/rfid-hacking/media-gallery/

Also, I've started to release videos on that same page for a new series: RFID Hacking - 60 Seconds or Less.  These are educational video shorts on the subject of RFID Hacking for penetration testers.  All videos are 60 seconds or less in length.

Offline

Board footer

Powered by FluxBB