[<prev] [next>] [day] [month] [year] [list]
Message-ID: <49A6A5C5.4060206@algroup.co.uk>
Date: Thu, 26 Feb 2009 14:23:01 +0000
From: Adam Laurie <adam@...roup.co.uk>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: ANNOUNCE: RFIDIOt-0.1x release - February 2009
Hi All,
Well, it's been a busy month... thanks to pytey, I came across TikiTags,
which proved to be rather more interesting than they at first seemed...
http://hackerati.com/post/57314994/rfid-on-the-cheap-hacking-tikitag
These devices contain an NXP PN532 reader chip, which, it turns out, is
also capable of running in emulator mode (it is the chip used in a lot
of NFC mobile phones), and, after looking at documentation from NXP, I
was able to get this functionality working, and I'm delighted that NXP
have also agreed to allow me to release the code despite it being based
on information that was provided under NDA, so massive props to NXP for
supporting the open source security research community! :)
As a result, I'm able to release two new tools:
pn532emulate.py - sets up the emulator and processes one command.
pn532mitm.py - 'pn532 man-in-the-middle', which will drive two
readers: one as an emulator and one as a reader, and will log all
traffic that flows between them. Additionally, you can separate the
reader and emulator onto two different machines, and relay the traffic
via TCP.
As always, this is very much a work in progress, and I know the error
handling is not perfect and needs tweaking. Low level command processing
is also slightly wacky, and will probably be re-written now I understand
what's going on a bit more... :)
I've also added a tool for reading HID ProxCard IDs - 'hidprox.py'
and I finally got around to writing some more detailed documentation,
which you can find here:
http://www.rfidiot.org/documentation.html
Homepage and download instructions etc. can be found here:
http://www.rfidiot.org/
Enjoy!
Adam
--
Adam Laurie Tel: +44 (0) 20 7993 2690
Suite 117 Fax: +44 (0) 1308 867 949
61 Victoria Road
Surbiton
Surrey mailto:adam@...roup.co.uk
KT6 4JX http://rfidiot.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists