Hello
I would like to ask if anyone have any turitorial or explanation for building a lab to show the student how the nfc could be catched with the flipper or any other dcenario with the RFID
I appreciate your suggestions
This is a very deep rabbit hole.
I suggest some basic knowledge about Linux and compiling programs. You can get everything as windows port or cross compile …
To get a NFC file it is enough to download an example from internet.
In my opinion one of the hardest parts is the meaningful visualization. There is a good beginning at Flipper Lab → pulse plotter. But if you really want to know you ma switch to pulseview from the sigrok project → PulseView - sigrok … Here youl get some predefined decoders.
Okay, we’ve got a dump and a signal analysis.
Now we want to present the findings.
If we’ve read a bank card, there is no way to demonstrate. Good to show off, but pretty useless. If we have a IKEA Rothult, we could copy the dump to a blank T5577 and show how the copy opens the lock.
Of course we also could emulate the card on the Flipper, but is this magic enough?
Just some ideas how I would start in general. The details depends on what the students should see/learn.
This Answer was nonsense. I really confused somewhere between the Flippers IR and the Proxmark3 capabilities.
But the question remains, what do you want to show.
As said before, the IKEA Rothult lock is a great toy to play around. But a NFC vCard is okay, too. I would not try to present ISO15 or SLIX (Amiibo). Popular, but this ones are a rocky road.
In one company, I saw sticker on the table. QR Codes with NFC symbol on each table. I was informed they are used to book a switch-workplace via mobile app.
Just scan it, move the file to a computer. Import the data onto any spreadsheet (Excel, LibreOffice, …), take the data sheet and compare. Define the header, the Option switches and the data part.
Check what happens if you change the data part, easy with flippers emulation. And in last step try to writhe this data to a Blank card. It may works, maybe not.
In a lab environment, you even could overwrite the in place data… But make sure the students don’t move the flipper on the card. You will get many corrupt chips.
It is maybe useful to mention the Secure Element, within any bank card. This one will cause you can read a bank card, but not use the data. Every transaction will send a string, the SE will do some number crunching, and give a value back. The bank can verify if the calculations are correct and in time. Else the transaction will be blocked… Nobody known can copy/clone/rebuild this SE.
In my opinion the signal analysis part is more fun. But this needs another device.
yeah before being a jerk about it , i was also a bit in doubt,check the older defcon talks that include the proxmark and mifare cards, just cloning or simple card is not really magic, but understanding some more about the way data is transfered. then not every card or way of implementation is the same so just cloning the uid of a card does not prove much but the fact that most places using them still refuse any of the security features on them to prevent or make cloning harder and detect duped keys. also getting some defcon talks with humor built into it will prolly also help pull some students more into being interested into it then just a sad powerpoint with 4 bulletpoints. they will prolly remember the video of someone trying to clone cards from random people in public from a backpack , or building readers into carseats for fun, then just the screenshot of the copy action.
Many thanks for your detailed contribtion.
Let we describe it in easier way. I need the component of which I could simulate how the NFC, RFID works, which security attacks could effect our data. No real hacking, but simulation the copying of NFC code could for example be a genius part of the lab.
Which equibment beside “Flipper Zeor” could be needed, any link to order them, any link for simple lab step vy step.
That should be enough at this phase.
thanks again.
Just rebuild https://youtu.be/Q08qhJ3TOM8 … Impressive enough, cheap (Proxmark3 easy, about 50usd, will work), not illegal.
How do you think we could provide a link, without knowing your area … It is different from EU to UK and US.
Lab401, k-sec, AliExpress should cover all areas. I am not sure for Asia.
Yes, I mean to know which item, so I can order it from the providor in my area. Many thanks
I have still no idea what is the objective of this planned lab.
I doubt you will be able to transfer the needed knowledge to your students, if you can’t google for ‘Ikea Rothult’ and ‘Proxmark3 easy’, both named with context above.
Maybe the Proxmark3 is a little big for the beginning. It would be similar to show students a surgery to explain how the body works.
But you could still take a flipper, it should be able to clone the Ikea Rothult tag, as well.
Or play around with some cheap NTAG21x tags from Amazon/AliExpress. A NFC-Tag will have something like:
Filetype: Flipper NFC device
Version: 3
# Nfc device type can be UID, Mifare Ultralight, Mifare Classic or ISO15693
Device type: NTAG213
# UID is common for all formats
UID: AA BB CC DD 11 22 33
# ISO14443 specific fields
ATQA: 00 44
SAK: 00
# Mifare Ultralight specific data
Data format version: 1
Signature: AA BB CC DD EE FF 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF 00 11 22 33 44 55 66 77 88 99 AA
Mifare version: 00 04 04 02 01 00 0F 03
Counter 0: 0
Tearing 0: 00
Counter 1: 0
Tearing 1: 00
Counter 2: 0
Tearing 2: 00
Pages total: 45
Pages read: 45
Page 0: AA BB CC DD
Page 1: 11 22 33 44
Page 2: AA BB CC DD
Page 3: 11 22 33 44
Page 4: AA BB CC DD
Page 5: 11 22 33 44
Page 6: 00 00 00 00
Page 7: 00 00 00 00
Page 8: 00 00 00 00
Page 9: 00 00 00 00
Page 10: 00 00 00 00
Page 11: 00 00 00 00
Page 12: 00 00 00 00
Page 13: 00 00 00 00
Page 14: 00 00 00 00
Page 15: 00 00 00 00
Page 16: 00 00 00 00
Page 17: 00 00 00 00
Page 18: 00 00 00 00
Page 19: 00 00 00 00
Page 20: 00 00 00 00
Page 21: 00 00 00 00
Page 22: 00 00 00 00
Page 23: 00 00 00 00
Page 24: 00 00 00 00
Page 25: 00 00 00 00
Page 26: 00 00 00 00
Page 27: 00 00 00 00
Page 28: 00 00 00 00
Page 29: 00 00 00 00
Page 30: 00 00 00 00
Page 31: 00 00 00 00
Page 32: 00 00 00 00
Page 33: 00 00 00 00
Page 34: 00 00 00 00
Page 35: 00 00 00 00
Page 36: 00 00 00 00
Page 37: 00 00 00 00
Page 38: 00 00 00 00
Page 39: 00 00 00 00
Page 40: 00 00 00 BD
Page 41: 04 00 00 FF
Page 42: 00 05 00 00
Page 43: FF FF FF FF
Page 44: 00 00 00 00
Failed authentication attempts: 0
With much higher entropy for a real card.
Now you can start read https://www.nxp.com/docs/en/data-sheet/NTAG210_212.pdf, especially the part ‘8.5 Memory Organisation’.
If you put the .nfc file from the flipper next to this datasheet, you will be able to find a lot of data.
A header (with the UID), a body (user data) and a footer (with the password).
Understanding NDEF you will even be able to write data any NFC enabled smartphone will parse. And go to a website or show a vCard … It is a RF equivalent to the visual QR-Code.