Hacking Wireless World, RFID hacking

26

Click here to load reader

TAGS:

Transcript of Hacking Wireless World, RFID hacking

Page 1: Hacking Wireless World, RFID hacking

Preview:

Hacking the Wireless World with Software Defined Radio – 2.0

Balint  SeeberApplications Specialist & SDR Evangelist [email protected]@spench.net          @spenchdotnet

Page 2: Hacking Wireless World, RFID hacking

USRP B210

USB 3.056 MHz bandwidth

70 MHz – 6 GHz2x2 MIMO

SDR Hardware

Presenter
Presentation Notes
http://b200.ettus.com/ http://b210.ettus.com/
Page 3: Hacking Wireless World, RFID hacking

Aviation RADAR

RADAR

Page 4: Hacking Wireless World, RFID hacking

Secondary Surveillance: ADS‐B/Mode S

RADAR

Presenter
Presentation Notes
ACARS messages shown spatially
Page 5: Hacking Wireless World, RFID hacking

Primary Surveillance RADAR

RADAR

Presenter
Presentation Notes
https://github.com/balint256/gr-baz
Page 6: Hacking Wireless World, RFID hacking

Raw RADAR Return Plot

Each scanline is synchronised to an emitted pulse

Scanline is amplitude of samples over time (also range of the return)

RADAR

Page 7: Hacking Wireless World, RFID hacking

Virtual RADAR Scope

RADAR

RADAR

Page 8: Hacking Wireless World, RFID hacking

Restaurant Pagers

Pagers

Page 9: Hacking Wireless World, RFID hacking

Pager Waterfall SpectrumTime

Frequency

Pagers

Page 10: Hacking Wireless World, RFID hacking

Making sense of raw bits

Pagers

Page 11: Hacking Wireless World, RFID hacking

Modulator Output

Pagers

Page 12: Hacking Wireless World, RFID hacking

Pager Spoofing

Pagers

Page 13: Hacking Wireless World, RFID hacking

RDS Traffic Message Channel

RDS TMC

Presenter
Presentation Notes
https://github.com/balint256/gr-rds
Page 14: Hacking Wireless World, RFID hacking

Compare Against Trusted Source

RDS TMC

Page 15: Hacking Wireless World, RFID hacking

Brute Force Search

RDS TMC

Page 16: Hacking Wireless World, RFID hacking

Reading a FasTrak Toll Tag 

RFID

Presenter
Presentation Notes
http://en.wikipedia.org/wiki/Circulator
Page 17: Hacking Wireless World, RFID hacking

Received Signal

Response

RFID

Presenter
Presentation Notes
Received signal while tag is replying
Page 18: Hacking Wireless World, RFID hacking

Reading a Tag Outside

RFID

Page 19: Hacking Wireless World, RFID hacking

RFID

Page 20: Hacking Wireless World, RFID hacking

Toyota Prius Keyless Entry Auth

RFID

Page 21: Hacking Wireless World, RFID hacking

Building Security Badge Auth

RFID

Reader Badge

Page 22: Hacking Wireless World, RFID hacking

ISEE‐3 Reboot Project

• International Sun/Earth Explorer 3

• Launched: August 12, 1978

• Heliocentric Orbit

• Study interaction between solar wind  and Earth’s magnetic field

ISEE‐3

Presenter
Presentation Notes
http://en.wikipedia.org/wiki/International_Cometary_Explorer
Page 23: Hacking Wireless World, RFID hacking

ISEE‐3

Presenter
Presentation Notes
http://en.wikipedia.org/wiki/Arecibo_Observatory http://www.naic.edu/
Page 24: Hacking Wireless World, RFID hacking

Moment of First Contact

Happy Dance

ISEE‐3

Presenter
Presentation Notes
Happy Dance GIF: http://imgur.com/oIDnVxs Happy Dance video: https://www.youtube.com/watch?v=CLPG15HXkv8&list=PLPmwwVknVIiUlPbkfBUY1ebP_8hA_4q8j&index=11
Page 25: Hacking Wireless World, RFID hacking

Telemetry During Thruster Firing

ISEE‐3

Page 26: Hacking Wireless World, RFID hacking

[email protected] @spenchdotnet

http://wiki.spench.net/wiki/RF

http://spench.net/

GitHub: balint256

[email protected]


Hacking Wireless Networks

Hacking Wireless Networks

RFID Hacking: Live Free or RFID Hard - DEF CON...RFID Hacking Live Free or RFID Hard 03 Aug 2013 – DEF CON 21 (2013) – Las Vegas, NV Presented by: Francis Brown Bishop Fox RFID

RFID Hacking: Live Free or RFID Hard - DEF CON...RFID Hacking Live Free or RFID Hard 03 Aug 2013 – DEF CON 21 (2013) – Las Vegas, NV Presented by: Francis Brown Bishop Fox RFID

Mobile Security - Wireless hacking

Mobile Security - Wireless hacking

Wireless hacking 1

Wireless hacking 1

eGov Wireless/RFID Conference

eGov Wireless/RFID Conference

Hacking Wireless bajo Windows

Hacking Wireless bajo Windows

Wireless Hacking & Wireless Security - Exploit Database

Wireless Hacking & Wireless Security - Exploit Database

New Wireless Hacking Talk

New Wireless Hacking Talk

wireless linux hacking

wireless linux hacking

Wireless Hacking Presentasi (2)

Wireless Hacking Presentasi (2)

Web & Wireless Hacking

Web & Wireless Hacking

RFID Hacking: Live Free or RFID Hard

RFID Hacking: Live Free or RFID Hard

Hacking RFID Hakin9!08!2011 Teasers

Hacking RFID Hakin9!08!2011 Teasers

Hacking Wireless Windows

Hacking Wireless Windows

Hacking Wireless Networks8-PDF... · Module 15 - Hacking Wireless Networks Hacking Wireless Networks IVi-Fi is developed on IEEE 802.11 standa i ds and is widely used in wireless

Hacking Wireless Networks8-PDF... · Module 15 - Hacking Wireless Networks Hacking Wireless Networks IVi-Fi is developed on IEEE 802.11 standa i ds and is widely used in wireless

Hacking 802.11 Wireless

Hacking 802.11 Wireless

SEC617 (GAWN): SANS Wireless Ethical Hacking, … SANS Wireless Ethical Hacking, Penetration Testing and Defenses – Index Page 1 of 38 SANS SEC617 (GAWN) Wireless Ethical Hacking,

SEC617 (GAWN): SANS Wireless Ethical Hacking, … SANS Wireless Ethical Hacking, Penetration Testing and Defenses – Index Page 1 of 38 SANS SEC617 (GAWN) Wireless Ethical Hacking,

DefCon 2012 - Near-Field Communication / RFID Hacking - Miller

DefCon 2012 - Near-Field Communication / RFID Hacking - Miller

Protecting wireless networks aka wireless hacking

Protecting wireless networks aka wireless hacking

Hacking Smartcards & RFID

Hacking Smartcards & RFID