Skip to content

Scroll Indicator

#pentestips RFID theory - the right tool for your RFID job

#pentestips RFID theory - the right tool for your RFID job

Lab401 PTT - Which tools do I need?


When starting out with RFID, most people often have a specific task: 

duplicate a specific type of badge, sniff reader communications etc.

There are multiple tools, but which is the right one? 

Everyone's heard of a Proxmark, but is there another tool that could be easier for the job at hand? Or, do you need a combination of tools?

 

In this PTT, we'll walk through finding the right tool for your job.


  1. Determine the card frequency.

There are three main types of RFID tags: Low Frequency, High Frequency, and Ultrahigh Frequency.

The most common in access control are Low Frequency (LF) and High Frequency (HF) tags.

 

If you've got access to the card's reader, you can determine the frequency by placing the Lab401 RF Field Detector on the device. A LED will indicate the type of frequency we have to work with. 

 

  1. Define your goal.

Next, you need to have a clear idea of the task you need to accomplish. 

 

What Do you need to do exactly:

 - Read / Write the tag?

 - Analyse an unknown tag type?

 - Sniff commands between the reader and the tag?

 - Emulate the tag you have      or variations of the tag?

 - Crack/decrypt the tag?

 

  1. Narrowing it down

There is a lot of functionality cross-over between RFID tools - but most tools have a core functionality.

- Standard Operations: Read / Write / Clone / Basic Cracking

- Emulation: Emulate / Simulate a tag electronically

- Advanced Operations: Demodulate, Low-Level read / write / interaction

 

  1. Putting it all together

With this information, finding the right tool is much easier:

For low-frequency tags,

If you need basic operations: Read / Write / Clone / Emulate -  Your best choice is the Keysy

If you need more advanced operations: Demodulate, Sniff, Analyse, and Low-Level Operations (Byte by byte read/write, etc) - Your best choice is the Proxmark 3.

Unsurprisingly, the tools that cater for more simple operations are easier to learn and use, and are also less expensive

For high-frequency tags,

If you need basic operations: Read / Write / Clone -  Your best choice is the DL533N.

If you need to emulate tags: Your best choice is the ChameleonTiny

If you need more advanced operations: Demodulate, Sniff, Analyse, and Low-Level Operations (Byte by byte read/write, etc) - Your best choice is the Proxmark 3.

As with LF Tools, the devices that cater for more simple operations are easier to learn and use, and are also less expensive.

  1. Summing up

Many of the devices shown have extra functionality: The ChameleonTiny can also perform limited sniffing, the DL533N can perform basic emulation - however, their core functionalities and use cases are quite different.

 

Likewise - the most powerful and expensive tool may not necessarily be the most efficient tool for your use case or learning curve.

 

This is why Lab401 designed the RFID Pentester Packs - to give pentesters everything they need to handle almost every situation.

 

If you need specific advice, you can contact us via our awesome customer support: support@lab401.com

 

Previous article #pentestips installing libnfc on Kali linux.
Next article #pentestips: Chameleontiny pro -Standalone clone of a MIFARE 1K UID

Leave a comment

Comments must be approved before appearing

* Required fields