Live RFID Hacking System

= Bootable RFID Live Hacking System =

The bootable Live RFID Hacking System contains a ready-to-use set of hacking tools for breaking and analyzing MIFARE Classic RFID cards and other well known card formats. It is built around PCSC-lite, the CCID free software driver and libnfc that gives you access to some of the most common RFID readers. See our tutorial video for a quick introduction on how to break MIFARE Classic RFID card keys using our Live RFID Hacking System.

"This RFID Live Hacking System is superseded by our OpenPCD 2 reader with libnfc support - you can download the latest ISO image here. This page is only kept for historical reasons."

The MFOC/MFCUK tools of the Live system won't work inside virtualization software like VMware as virtualization seems to break the timing requirements of the MIFARE Classic attack tools - please boot from the CD/DVD instead.

Suggested RFID Reader for MIFARE Classic key recovery for this live system


Please use the ACR122U102 Tikitag RFID reader for MIFARE key extraction (v1.02) - later versions or compatible models could work, but some later firmware revisions (ACR122U207) seem to be crash while breaking MIFARE Classic with mfcuk/mfoc. For normal use and known keys the other compatible readers should be fine though. Please send me [mailto:meriac@openpcd.de a note] if you successfully used another reader for key extraction using our Live CD. The Firmware version is shown when using mfoc.

Note for touchatag reader users
If the pcsd daemon bails out on a touchatag reader with:

00000012 ccid_usb.c:901:ccid_check_firmware Firmware (1.00) is bogus! Upgrade the reader firmware or get a new reader. 00000039 ifdhandler.c:101:IFDHCreateChannelByName failed 00000015 readerfactory.c:990:RFInitializeReader Open Port 200000 Failed

just edit /usr/local/openpcd/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist - ifdDriverOptions and set key from 0x0000 to 0x0005 to disable version checking.

Checksums
Fedora-15-x86_64-Live-RFID-v02.iso SHA256: 79373eaef0accbcf348dda456356b7f22dd7c06653dbdf2d968fce4654db2daa MD5  : c8ef5ec1fcba012cd3b30f0c9e7579de SHA1 : da54d9a0959dc8aa7668e37610a665a957f51ae2

Tools Installed
The most important tools are highlighted. The Fedora 15 based Live Destop system runs Gnome 3 Desktop - just move your mouse cursor in the upper left corner to get a list of installed applications.

General Purpose Tools



 * pcscd - you need to run this daemon in a separate terminal before running any RFID reader related tools in this bootable Live distribution . We use a wrapper script which callls pcscd in superuser-mode with the correct parameters.
 * baudline FFT signal analyzer for sniffing LF RFID tags using our sound card based RFID sniffer/emulator (more information soon!).
 * hexdump & od for converting binary dumps into hexfiles for easier editing and kdiff3 difference analysis.
 * kdiff3 - for displaying differences between card hexdump text files
 * vbindiff - for displaying difference between card dump binary files
 * 'bsdiff/bspatch - binary diff/patch tool
 * lsnfc (for guessing the card type)
 * gtkterm serial console utility.
 * nfc-anticol (runs full ISO14443A anticollision)
 * nfc-list
 * pn53x-diagnose
 * pn53x-sam
 * pn53x-tamashell
 * RSA_SecurID_getpasswd

MIFARE Classic Tools

 * mfoc (Recovery of MIFARE Classic Card Keys if at least one sector has a know key - run this tool first)
 * mfcuk (MFCUK - MiFare Classic Universal toolKit - Recovery of MIFARE Classic Card Keys if no sector key is known. This wrapper script changes to the fingerprint directory automatically)
 * mfcuk_keyrecovery_darkside (same as above)
 * nfc-mfclassic (use this tool to read from cards with known card keys retrieved by mfoc/mfcuk or copy card dumps from the tools above to new cards)
 * mifare-classic-format
 * mifare-classic-write-ndef

MIFARE Ultralight Tools

 * nfc-mfultralight

MIFARE Desfire Tools

 * mifare-desfire-access
 * mifare-desfire-ev1-configure-ats
 * mifare-desfire-ev1-configure-default-key
 * mifare-desfire-ev1-configure-random-uid
 * mifare-desfire-format
 * mifare-desfire-info
 * mifare-desfire-write-ndef

Near Field Communication Tools

 * nfc-dep-initiator
 * nfc-dep-target
 * nfc-emulate-forum-tag2
 * nfc-emulate-forum-tag4
 * nfc-emulate-tag
 * nfc-emulate-uid
 * nfc-poll
 * nfc-relay
 * nfc-relay-picc

= Other open RFID hardware projects on this site =