Announcing Lock401.com 🔑 Lock Picking tools for pentesters!

#pentestips RFID theory - the right tool for your RFID job

Posted by Lab401 Lee on

Lab401 PTT - Which tools do I need?


When starting out with RFID, most people often have a specific task: 

duplicate a specific type of badge, sniff reader communications etc.

There are multiple tools, but which is the right one? 

Everyone's heard of a Proxmark, but is there another tool that could be easier for the job at hand? Or, do you need a combination of tools?

 

In this PTT, we'll walk through finding the right tool for your job.


  1. Determine the card frequency.

There are three main types of RFID tags: Low Frequency, High Frequency, and Ultrahigh Frequency.

The most common in access control are Low Frequency (LF) and High Frequency (HF) tags.

 

If you've got access to the card's reader, you can determine the frequency by placing the Lab401 RF Field Detector on the device. A LED will indicate the type of frequency we have to work with. 

 

  1. Define your goal.

Next, you need to have a clear idea of the task you need to accomplish. 

 

What Do you need to do exactly:

 - Read / Write the tag?

 - Analyse an unknown tag type?

 - Sniff commands between the reader and the tag?

 - Emulate the tag you have      or variations of the tag?

 - Crack/decrypt the tag?

 

  1. Narrowing it down

There is a lot of functionality cross-over between RFID tools - but most tools have a core functionality.

- Standard Operations: Read / Write / Clone / Basic Cracking

- Emulation: Emulate / Simulate a tag electronically

- Advanced Operations: Demodulate, Low-Level read / write / interaction

 

  1. Putting it all together

With this information, finding the right tool is much easier:

For low-frequency tags,

If you need basic operations: Read / Write / Clone / Emulate -  Your best choice is the Keysy

If you need more advanced operations: Demodulate, Sniff, Analyse, and Low-Level Operations (Byte by byte read/write, etc) - Your best choice is the Proxmark 3.

Unsurprisingly, the tools that cater for more simple operations are easier to learn and use, and are also less expensive

For high-frequency tags,

If you need basic operations: Read / Write / Clone -  Your best choice is the DL533N.

If you need to emulate tags: Your best choice is the ChameleonTiny

If you need more advanced operations: Demodulate, Sniff, Analyse, and Low-Level Operations (Byte by byte read/write, etc) - Your best choice is the Proxmark 3.

As with LF Tools, the devices that cater for more simple operations are easier to learn and use, and are also less expensive.

  1. Summing up

Many of the devices shown have extra functionality: The ChameleonTiny can also perform limited sniffing, the DL533N can perform basic emulation - however, their core functionalities and use cases are quite different.

 

Likewise - the most powerful and expensive tool may not necessarily be the most efficient tool for your use case or learning curve.

 

This is why Lab401 designed the RFID Pentester Packs - to give pentesters everything they need to handle almost every situation.

 

If you need specific advice, you can contact us via our awesome customer support: support@lab401.com

 


Share this post



← Older Post Newer Post →


0 comments

Leave a comment

Please note, comments must be approved before they are published.