May 15, 2018

RFID/NFC Basics - A Pentesters Perspective

I’ve did a presentation on the basics of RFID/NFC from my (a pentester) perspective. Since several parties were interested, I gave the presentation twice, once at the “Gulaschprogrammiernacht” in Karlsruhe and once at the “IT-Sicherheitskonferenz“ in Stralsund. The main goal was to explain how some of the RFID/NFC technologies work and what security issues there are. Read more

October 8, 2013

Development of the MifareClassicTool

In the process of making and improving the MifareClassicTool (MCT) I wrote two documentations about the development process. The first one covers the initial development until version 1.0.0 and also explains the basics of the MIFARE Classic technology and Android app development. It was created as part my internship semester. The second documentation covers the development process from version 1.0.0 to 1.5.2 and has some download and usage statistics. It was created as part of university project. Read more

September 24, 2013

RFID Security - Theory and Practice

This is a paper about RFID security. It was part of my university studies (sixth semester). The main focus is on the theory and feasibility of different attack vectors and their counter measures. Especially logical issues and physical attack vectors have been taken into account. Read more

June 2, 2013

Security Analysis of the Student Card

The “Gulaschprogrammiernacht” (GPN) is a congress organized by Entropia e.V. (CCC Karlsruhe). I presented my research about the security of the student card at this congress. The similar student card system is present at most German universities. At this point in time the system was very broken, mostly because of the usage of the insecure MIFARE Classic RFID tags. Read more

February 15, 2013

MifareClassicTool (MCT)

MifareClassicTool (MCT) is a Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags. It provides several features to interact with (and only with) MIFARE Classic RFID tags. It is designed for users who have at least basic familiarity with the MIFARE Classic technology. You also need an understanding of the hexadecimal number system, because all data input and output is in hexadecimal. A list of features can be taken from the readme. Read more

October 10, 2011

RFID Security

This is a paper about basic RFID security issues but with focus on the MIFARE Classic technology. It was part of my university studies (fourth semester). As part of this research, I had a closer look at the MIFARE Classic-based system of my university. Because of the multiple use cases (payment, access control, amount of free copies at the printers, etc.) there are plenty of attack vectors. Furthermore, I build an RFID zapper. This device can destroy RFID chips without leaving a trace (visible from the outside). Read more

© 2018 - Gerhard Klostermeier - Some rights reserved - Legal Notice