[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <447EAE71.1090002@thebunker.net>
Date: Thu Jun 1 14:39:11 2006
From: adam.laurie at thebunker.net (Adam Laurie)
Subject: RFID used at Olympics in Germany
Josh L. Perrymon wrote:
> Yeah.. I suppose their would be limitations on the amount of data that
> would be on the chip..
>
> Maybe the will just use an ID number that refrences the user info in the
> DB....
>
> Has anyone successfully performed SQL injections usinf RFID tags? I
> looked at a few papers but know it's not widespread.
> I'm thinking about getting an IPAQ and an RFID reader/writer to play
> around w/ this stuff.
It's certainly do-able if the target RFID reading system isn't doing the
proper checks... for playing, I can recommend the ACG reader - should
work fine in a Compaq as it's a CF card:
http://www.acg.de/synformation/servlet/PageServlet/corporate/RFIDProducts/Start?show=RFID_Basics
and if you've got python, you can drive it with RFIDIOt:
http://rfidiot.org/
BTW, if anyone's got access to these tickets I'd love to have a look at
one...
cheers,
Adam
--
Adam Laurie Tel: +44 (0) 1304 814800
The Bunker Secure Hosting Ltd. Fax: +44 (0) 1304 814899
Ash Radar Station http://www.thebunker.net
Marshborough Road
Sandwich mailto:adam@...bunker.net
Kent
CT13 0PL
UNITED KINGDOM PGP key on keyservers
Powered by blists - more mailing lists