RFID number printed on card

[.Gex.]

I don't know too much about these RFID cards other than they are pretty easy to clone if you are close enough.

 

But they often have numbers printed on the cards, can anyone tell me what the numbers usually are and if they would be useful to an attacker in anyway?
From what i can tell they can't do much with these numbers and I assume they are generated via a one way algorithm?

[digininja]

It has been ages since I worked on RFID but from memory, low frequency cards often just contain short serial numbers and what is printed on the card is what it sends to the reader.

High frequency are smarter, for example MIFARE cards.

[.Gex.]

So basically if you have that number you could just make your own card?

I would have thought the numbers are not the actual code that is sent to the reader but rather the result of the cards code being run through some kind of one way hashing etc.

[digininja]

Again, from memory, the number printed on the card is the number it sends over. The assumption is security through obscurity, an attacker would have to see a number and then create a card.

The other attack I've seen here is where a company buys a large amount of cards, much more than they need. They enter the full range into the badge system but then try to recoup some cash by selling some of the remaining cards. If you can get one of those, your number is already in the system.

[icarus255]

On 3/8/2019 at 10:24 PM, .Gex. said:

So basically if you have that number you could just make your own card?

I would have thought the numbers are not the actual code that is sent to the reader but rather the result of the cards code being run through some kind of one way hashing etc.

I looked into this a while back as well but never got motivated enough to do it or to order a card cloner. I am talking about access cards that is.

Even if I was motivated enough, it's not as simple as just scanning a card and then having its digital fingerprint to use whenever you want. The cards are encrypted and I can't remember how the actual authentication works but the fact that you can't clone modern MIFARE cards suggests that the encryption is not some simple one way hash.

Sure there were some MIFARE encryption vulnerabilities discovered a few years back but not sure how easy it was to exploit them.

I thought this was an interesting article. The guy has no sources to back himself up or even quotes any facts but some of what he says makes sense.

https://www.csoonline.com/article/3199009/why-you-dont-need-an-rfid-blocking-wallet.html

Anyway let us know how you go because I'd be interested to see if there some real-world application.

[digininja]

Depends if you are looking at high or low frequency. The high frequency are the MIFARE style with encryption and stuff like that, the low frequency are the basic ones such as the ones used in stock control that only hand over a number.

It isn't a good idea to use the low frequency in badge systems but they often are because they are a lot cheaper.

[icarus255]

17 minutes ago, digininja said:

Depends if you are looking at high or low frequency. The high frequency are the MIFARE style with encryption and stuff like that, the low frequency are the basic ones such as the ones used in stock control that only hand over a number.

It isn't a good idea to use the low frequency in badge systems but they often are because they are a lot cheaper.

OK I might just have to look into this again. I'll order some readers/writers and let you know how I go 😉

[Bigbiz]

My guess would be model # of card to get a replacement of card as there are many variations of cards. High freq. Or low freq. Different brands ect

[digininja]

They are supposed to be unique so you don't get replacements, you just get new tags, disable the old ones and enable the new ones.

[Bigbiz]

Maybe each one is unique but also when cross refenced linked to a certain card reader. Like a keyway a schlage key will fit a schlage lock but also many other noname brands will to.

Edited March 15, 2019 by Bigbiz