Categories

Analyzing a modern cryptographic RFID system

Posted on Wednesday, January 12th, 2011 in encryption, hacks, RFID by the machinegeek

Henryk Plötz and Milosch Meriac gave a presentation at the recent 27C3 Chaos Communications Congress in Berlin, Germany, in which they demystified the HID iClass. One of the challenges of breaking iCLASS RFID readers was to extract the firmware and the security keys of RW400 readers without leaving visible traces like breaking the case open. This challenge can be solved by exploiting a vulnerability in PIC18FXX2/XX8 microcontrollers that allows dumping the firmware by only accessing the ICSP pins. Check out their docs exploring the HID iClass security system.

This entry was posted on Wednesday, January 12th, 2011 at 4:13 pm and is filed under encryption, hacks, RFID. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • Pekka Akselin: This is ridiculous!? :-) We are back at 256(!) byte EPROMs that needed multiple, a handful, of voltages to run! :-(
  • KH: Let's try a back-of-envelope calc balancing energies. From MCP1700 datasheet, there are graphs for a 200mA load step. Estimate the energy shortfall as 12uJ. Say...
  • Daniel: It's been a week and my comment is still awaiting moderation. Apparently the CIA doesn't want their involvement known?
  • KH: Agree, so okay, I guess he must have learned from somewhere. 100nF and 1000uF is so far apart, that was jarring; it's more magic incantation...
  • Max: I have a suspicion the hefty electrolytic cap might be some sort of cargo cult carry-over from other RF-based projects - for instance, I've seen...