[TOOL] RFDump - RFID ISO-Reader

From: SecuriTeam (support_at_securiteam.com)
Date: 11/01/05

  • Next message: SecuriTeam: "[UNIX] up-imapproxy Format String Vulnerability" 
    To: list@securiteam.com
Date: 1 Nov 2005 16:14:24 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      RFDump - RFID ISO-Reader
    ------------------------------------------------------------------------

    SUMMARY

    DETAILS

    RFDump is a tool that can be used to detect RFID-Tags and show their meta
    information: Tag ID, Tag Type, manufacturer etc. The user data memory of a
    tag can be displayed and modified using either a Hex or an ASCII editor.
    In addition, the integrated cookie feature demonstrates how easy it is for
    a company to abuse RFID technology to spy on their customers. RFDump works
    with the ACG Multi-Tag Reader or similar card reader hardware.

    RF-Dump is a GPL based backend tool that can be used to directly
    interoperate with any RFID ISO-Reader to get the content stored on RFID
    Tags and make audits like:
     * Test robustness of data-structures on the reader and the
    backend-application
     * Proof-of-Concept Manipulations of RFID Content
     * Clone, Copy and Paste User-Data stored on RFID Tags
     * Audit Tag-Security Features

    RFDump is available in different versions:
     * As Gtk application for Linux/Unix with a GUI (NEW!)
     * As rudimentary Perl script for Linux (PC or PDA) with a console-based
    interface

    RFDump features (Perl Script):
     * Platform-indipendent Perl script
     * Runs on any Linux, OpenBSD, FreeBSD
     * Supports ACGs PCMCIA/CF Multi-Tag Readers
     * Decodes the tag type, tag ID and manufacturer

    RFDump features (Gtk Application):
     * Runs on Linux, Windows
     * Supports ACGs PCMCIA/CF Multi-Tag Readers
     * Decodes the tag type, tag ID and manufacturer
     * Displays tag memory in Hex and ASCII encoding
     * Allows to write memory using Hex or ASCII editor
     * NEW: Cookie feature using arbitrary cookie ID and automatically
    incrementing counter

    Supported Tag Types:
     * ISO 15693: Tag-it ISO, My-d, I-Code SLI, LRI512, TempSense
     * ISO 14443 A: Mifare Standard(1,2), Mifare UltraLight(1,2)
     * ISO 14443 B: SR176(1,2)
     * Tag-it
     * I-Code

    Recommended Hardware:
     * Linux/Windows PC or HP iPAQ PDA with Linux
     * ACG Multi-Tag Reader, in a CF-Flash Socket or PCMCIA Adapter
     * 13.56 MHz Tags for testing

    To download the Linux source <http://www.rfdump.org/dl/rfdump-1.3.tar.gz>
    http://www.rfdump.org/dl/rfdump-1.3.tar.gz.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:someone@nulldev.org>
    lgrunwald.
    To keep updated with the tool visit the project's homepage at:
    <http://www.rfdump.org/> http://www.rfdump.org/

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[UNIX] up-imapproxy Format String Vulnerability"

    Relevant Pages