Bootable RFID Live Hacking System
The bootable Live RFID Hacking System contains a ready-to-use set of hacking tools for breaking and analyzing MIFARE Classic RFID cards and other well known card formats. It is built around PCSC-lite, the CCID free software driver and libnfc that gives you access to some of the most common RFID readers. See our tutorial video for a quick introduction on how to break MIFARE Classic RFID card keys using our Live RFID Hacking System.
The MFOC/MFCUK tools of the Live system won't work inside virtualization software like VMware as virtualization seems to break the timing requirements of the MIFARE Classic attack tools - please boot from the CD/DVD instead.
Our RFID hardware projects for RFID Security Analysis
Suggested RFID Reader for MIFARE Classic key recovery for this live system
Please use the ACR122U102 Tikitag RFID reader for MIFARE key extraction (v1.02) - later versions or compatible models could work, but some later firmware revisions (ACR122U207) seem to be crash while breaking MIFARE Classic with mfcuk/mfoc. For normal use and known keys the other compatible readers should be fine though. Please send me a note if you successfully used another reader for key extraction using our Live CD. The Firmware version is shown when using mfoc.
Note for touchatag reader users
If the pcsd daemon bails out on a touchatag reader with:
00000012 ccid_usb.c:901:ccid_check_firmware() Firmware (1.00) is bogus! Upgrade the reader firmware or get a new reader. 00000039 ifdhandler.c:101:IFDHCreateChannelByName() failed 00000015 readerfactory.c:990:RFInitializeReader() Open Port 200000 Failed
just edit /usr/local/openpcd/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist - ifdDriverOptions and set key from 0x0000 to 0x0005 to disable version checking.
Fedora-15-x86_64-Live-RFID-v02.iso SHA256: 79373eaef0accbcf348dda456356b7f22dd7c06653dbdf2d968fce4654db2daa MD5 : c8ef5ec1fcba012cd3b30f0c9e7579de SHA1 : da54d9a0959dc8aa7668e37610a665a957f51ae2
General Purpose Tools
- pcscd - you need to run this daemon in a separate terminal before running any RFID reader related tools in this bootable Live distribution. We use a wrapper script which callls pcscd in superuser-mode with the correct parameters.
- baudline FFT signal analyzer for sniffing LF RFID tags using our sound card based RFID sniffer/emulator (more information soon!).
- hexdump & od for converting binary dumps into hexfiles for easier editing and kdiff3 difference analysis.
- kdiff3 - for displaying differences between card hexdump text files
- vbindiff - for displaying difference between card dump binary files
- 'bsdiff/bspatch - binary diff/patch tool
- lsnfc (for guessing the card type)
- gtkterm serial console utility.
- nfc-anticol (runs full ISO14443A anticollision)
MIFARE Classic Tools
- mfoc (Recovery of MIFARE Classic Card Keys if at least one sector has a know key - run this tool first)
- mfcuk (MFCUK - MiFare Classic Universal toolKit - Recovery of MIFARE Classic Card Keys if no sector key is known. This wrapper script changes to the fingerprint directory automatically)
- mfcuk_keyrecovery_darkside (same as above)
- nfc-mfclassic (use this tool to read from cards with known card keys retrieved by mfoc/mfcuk or copy card dumps from the tools above to new cards)
MIFARE Ultralight Tools
MIFARE Desfire Tools
Near Field Communication Tools