Categories

Analyzing a modern cryptographic RFID system

Posted on Wednesday, January 12th, 2011 in encryption, hacks, RFID by the machinegeek

Henryk Plötz and Milosch Meriac gave a presentation at the recent 27C3 Chaos Communications Congress in Berlin, Germany, in which they demystified the HID iClass. One of the challenges of breaking iCLASS RFID readers was to extract the firmware and the security keys of RW400 readers without leaving visible traces like breaking the case open. This challenge can be solved by exploiting a vulnerability in PIC18FXX2/XX8 microcontrollers that allows dumping the firmware by only accessing the ICSP pins. Check out their docs exploring the HID iClass security system.

This entry was posted on Wednesday, January 12th, 2011 at 4:13 pm and is filed under encryption, hacks, RFID. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • Sjaak: In theory the buspirate can also do SWD or JTAG as it just wiggling some pins. I dunno if the speed and memory is sufficient...
  • Drone: Aw, how-come Bus-Pirate can't do all this too?
  • Siddharth: Grate
  • jeanmarc78: hello
  • KH: So I guess, don't mind us dinosaurs too much. Someone like me will get triggered by some of the things Arduino folks do. There's just...