Building a lab

Greetings everyone!
I’m new to the community and new to wireless pentesting. As a jr. pentester I sometimes get tasked with physical pentests. Obtaining access to restricted areas is one of the main reasons of our physical pentests, and most often all the “good stuff” is locked behind a door with a card reader. The Flipper zero seemed like a cool place to start so we purchased one to see if we could access areas locked behind RIFD bagdes/tags/cards etc. Yes - I know, a card still needs to be cloned, but that’s a future problem. Right now, our main focus is to understand and test how these device work. Hence, we want to build a small test lab.

We’d like to create a small lab, with different types of RFID cards (and readers) but not sure where to start.
I was hoping someone on the forum could fill me in on what what type of NFC (LF and FL) cards the flipper can successfully emulate, so that I could purchase said cards for testing. 401 labs sells different card variants, but I’m not sure which ones to purchase.
That leads me to my second question: card emulation verification - even if I’m able to emulate a card how will I know it works without the device the card is meant to unlock? Do we need to purchase card readers (how does one go about setting those up)? Are there readers that read different card types? I’d also need to be able to program the cards, would that be a separate device?
Then there’s devices like the iCopy-X (https://lab401.com/collections/icopy-x)… where does this device fit in to the picture (better functionality than Flipper)? Same questions apply here with card/reader types.

Any input on this matter would be greatly appreciated! I’m kind of lost on where to start with this project and any link/video would help me out a lot.

Thanks!

I’ve been buying cards and fobs to test with the Flipper. You can get a good feel for what’s going to work without purchasing the readers immediately. You’ll want to buy some readers eventually but the tokens(cards, fob, badges) are a good place to start. Then you can move on to readers. Check out Proxmark and Mifare because those will be important. Remember the Flipper is a “multi-tool”. Just like when you need a wrench and all you got is that pocket multi-tool. Dedicated tools are often better.

Here are a couple links you should check out.

Could you please point me to where you purchase your test cards? I’ve been looking around and many sellers sell by multiples of 100 per card type. Do you happen to have a link for individual purchase options?

Maybe your question is somewhat too generic?

I’ve bought my testing equipment for my Lab at lab401, but my usecase was much more specific and I doubt you try the same.

For example, take a look at the comment from Lan401 on this topic: https://lab401.com/blogs/academy/pentestips-rfid-theory-the-right-tool-for-your-rfid-job

One Card costs a few cent, if you’ll buy a batch of 3000. But when you only want 5 to 10, the price could go up to a few euros each.
Each card need a serialnumber, this needs to be tracked. A smaller amou t doesn’t makes sense. But you can get them in learning/lab bundles from different provider. But in the end you need to know what your goal is.

‘Everything’ and ‘just play around’ are not valid options here.
Everything is too much, you don’t pay me enough for this answer.
For just playing around, take your flipper and scan every tag you can get. Membership cards, building basses, time track token, Children toys (toy to life), … Some day you’ll find a Midfare 1k with known keys, maybe.

Just my opinion. Maybe another one can tell you more from this fey informations.

I mostly get them from Ebay. You can also order samples from some companies that sell bulk cards and fobs. I just received this for testing yesterday. It’s a pet implant.

Pet implant syringe1920×1440 297 KB

You want this thing under the skin, be honest
Perfect to access the lab. I need my dog with me to get in.

Further reading on this topic: https://dangerousthings.com/

NOPE! I don’t like regular needles and this one is huge! Even if i did want one of these implants I’m not sure this is the type I would want.