lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <49A6A5C5.4060206@algroup.co.uk>
Date: Thu, 26 Feb 2009 14:23:01 +0000
From: Adam Laurie <adam@...roup.co.uk>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: ANNOUNCE: RFIDIOt-0.1x release - February 2009

Hi All,

Well, it's been a busy month... thanks to pytey, I came across TikiTags, 
which proved to be rather more interesting than they at first seemed...

http://hackerati.com/post/57314994/rfid-on-the-cheap-hacking-tikitag

These devices contain an NXP PN532 reader chip, which, it turns out, is 
also capable of running in emulator mode (it is the chip used in a lot 
of NFC mobile phones), and, after looking at documentation from NXP, I 
was able to get this functionality working, and I'm delighted that NXP 
have also agreed to allow me to release the code despite it being based 
on information that was provided under NDA, so massive props to NXP for 
supporting the open source security research community! :)

As a result, I'm able to release two new tools:

   pn532emulate.py - sets up the emulator and processes one command.

   pn532mitm.py - 'pn532 man-in-the-middle', which will drive two 
readers: one as an emulator and one as a reader, and will log all 
traffic that flows between them. Additionally, you can separate the 
reader and emulator onto two different machines, and relay the traffic 
via TCP.

As always, this is very much a work in progress, and I know the error 
handling is not perfect and needs tweaking. Low level command processing 
is also slightly wacky, and will probably be re-written now I understand 
what's going on a bit more... :)

I've also added a tool for reading HID ProxCard IDs - 'hidprox.py'

and I finally got around to writing some more detailed documentation, 
which you can find here:

   http://www.rfidiot.org/documentation.html

Homepage and download instructions etc. can be found here:

   http://www.rfidiot.org/

Enjoy!
Adam
-- 
Adam Laurie                         Tel: +44 (0) 20 7993 2690
Suite 117                           Fax: +44 (0) 1308 867 949
61 Victoria Road
Surbiton
Surrey                              mailto:adam@...roup.co.uk
KT6 4JX                             http://rfidiot.org

Powered by blists - more mailing lists