Cracking HiTag2 Crypto - Weaponising Academic Attacks for Breaking and Entering
Offered By: 44CON Information Security Conference via YouTube
Course Description
Overview
Explore the intricacies of cracking HiTag2 crypto in this 45-minute conference talk from 44CON 2017. Delve into the world of RFID technology as Kevin Sheldrake weaponizes academic attacks for breaking and entering. Learn about HiTag2's unique features, including 2-way authentication and encryption, and its widespread use in secure building access and car immobilizers. Discover the implementation of three attacks on RFIDler, based on the 2012 research by Verdult, Garcia, and Balasch. Understand the nonce replay attack that exploits integrity protection, allowing access to readable RFID tag pages without knowing the key. Gain insights into HiTag2 RFID functionality, encryption methods, and the challenges faced during implementation. Witness live demonstrations of weaponized attacks enabling tag cloning. Explore topics such as data modulation, encoding, HiTag2 password mode, crypto overview, encryption techniques, and various commands. Enhance your knowledge of RFID security and learn practical applications for ethical hacking and penetration testing.
Syllabus
Intro
Why copy 125KHz RFID tags?
Simple 125KHz RFID tag
How simple 125KHz RFID works
Data modulation and encoding
HiTag2 password mode
HiTag2 crypto overview Tag
HiTag2 encryption
Feedback function, LO
HiTag2 commands
Emulate reader START AUTH
Nonce replay attack
Find encrypted 'read po' command
Find one encrypted 'read' command
Find all encrypted 'read' commands
Flip 'page' bit
Read page data
New RFIDler commands
Demo
Tag cloning
Closing remarks
Taught by
44CON Information Security Conference
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network