Directory of Access Control Research Tools
This directory examines 11 commonly used tools to help research vulnerabilities and problems within physical access control systems.
This is intended for those new to the space, aiming to explain at a high level what these tools can be, without exploring complexities or advanced topics.
Physical Devices And Apps
This directory covers physical devices and smartphone applications used for RFID pen-testing and analysis. This includes nine physical devices and two apps, including (in alphabetical order):
- Chameleon Devices (Ultra, Light, Dev)
- DL533N
- ESPKey RFID Wiegand Interception Tool
- Flipper Zero
- HID ICLASS RWK400 Revision A Credential Reader/Writer
- iCopy-X And ICS Decoder For iCLASS® SE / SEOS
- NARD SAM And SEADER
- RFID LF / HF Field Detector Card
- Proxmark 3 RDV 4.01
- Smartphone App: NFC Tools
- Smartphone App: Tag Info
Each of these will be discussed in more detail further in the report.
Note that the field is constantly evolving, and IPVM is expanding its coverage in the area. As we learn more, we will keep updating this directory. If you feel that IPVM missed an important tool, please contact nikita@ipvm.com or leave a comment describing the tool you think we missed.
Chameleon ******* (*****, *****, ***, ***.)
***** *** * *** ********* *******, including********* *****,********* *****, ***., *** *** ***** *** multifunctional ******* **** *** ********* **** for ********** ********* *** ********* ** the *****, *** **** ******* ********, reading, ********, *** ******* ** ** and ** ***********.
******** ** ********* *****, ********* ***** offers ********/******** ************, ** *** ******* below *****:
********* ** *** ************** ********** ** ********* *****, *** ******** ***** ** ***** being ****** **, ** **** *************** can ** ***** ** *** ******.
***** ****** **** ********* ******* *** based ** **** ****** ***** (*** Github ************), *** *** ***** ********* device *** *** *************, ************ **************** ***** ****** ************* *** **** **** *,***+ ******* and ***** ** ~€***,*** ****** (*** context,*** ******* ***** ****** *** * "successful" ******** ** **** ******** ** ~$92,500, ********* ** *********** ****).
DL533N
*********** * ****** ***** ** ****** ***** ************ ** **** ***********, ***** ******* data **** *** ***********, *** ******* them.
** *** ****** ** ***** ** an *** ****, *** ****** ******** most ** ****** *********, ********* ** the ******* **************, ********* ******* ***, EV2, *** ******.
*******-****, *** ****** *** *** ****, SMS, ***** *******, ******, **** *****, etc. *** ***** *** **** ******* various *** ****, ************ **** **** ******** *, ********* ***** ********'* **************.
**** **** *** ****** ***** ** two **** *******: ** * *** drive *** ** * ****.
ESPKey **** ******* ************ ****
******** * *******-***** **** **** *** intercept ********** ******* ****** **** *** reader ** *** **** ********** *** store **** **** ** ***** ******** to *** **** ********** ***** *** web *********.
***** ******* ** ******** ** **** as ** ****** *** **** ***-*** communication, *** **** ****** ************* ******* OSDP *** *** ********, **** *******-***** readers *** ********.
*** *** ***** ***** ******* *** the ****** *** ** **** ** intercept ******* ******* *** ****** *** the **********:
*** **** *********** ** ******, *** the*** **** ********'* **** *****.
Flipper ****
******* ****** * ******** **** **** ********** * ****** ***** *********. ** ** * ********* **** tool **** *** ** **** *** duplicating, *******, ********, ********, *** ********* various ****** ******* *********** (******* ***** things).
******* ** ******** **** ***-***, ***-********* (125kHz), *** ****-********* (**.** ***) ********, as **** ** *********, ********, *** iButton ******** **********. *** ***** ******** can ****** *** ******** *******, ***** is ****** *** ********* *** ******** various ****** ******* ***********.
*** ****** *** **.*****, ******* ******** a ****** ** *********, ** *** excerpt **** *** ******'* ***** ***** shows:
*******, ********* ** *** ********, *** Flipper's ************* *** ** *******. *** example, ******* ****** ******* *** *********** for **** ******* *********, **** ** DESFire ***/*, ** ***** ********* ****** uncracked ** ****.
*** **** **** ******* ** **** list, ******* ** ***** ** ****-****** code (****** ****** **********), ** **** ************* *** ** added ** *** *** ***** ********** code **********.
******* **** **** *** *** *** app ********* *****************. ********, ****** *** ******* **** environment, **** **** *** **** **** developed, *********'* ******* *****.
********* ** * ***** ** *******-********* developers (**** ***** ******* *** ******* called******* *******), ******* **** ******* ** *********** *********** ********, ******* **** **** $* ******* in *** ***** ** ***** ***** publishing *** ******** (*** ******* ****** a ***** ** ~$*.* *******).
HID ****** ****** ******** * ********** ******/******
***** ***** ******* ** **** ********* are *****-***** ******* ******* ********** ** companies ************* ****** ******* *******,**** *** ****** ******/******** ** ****** ************ ******. **** recognize *** ***** ** **** ******/******, as ** **** *** ********** *** the***** ** ******** ****** ******* ****** protocol. *** **** ******** (*******'* ******* ** **** *******) ********** **** **** ****** ** "highly ******" ** *********** ** **** field, ** *** ******* ****:
***** ******** ******* *** ****** ****** by *********** *** *** ************ ** hardware ******* ******* **** *** ******** block ********** *** **** *** ********** with *** ***-********** ****** ****** ******** that ****** *** **** ************* ************* with ****** ***** **** *****.
**** **** **** ******/****** ** ** longer ************ ** ***, *** *** stock ********* ********* ***** ** *******.
iCopy-X *** *** ******* *** ******® ** / ****
*****-*** * ********** ****** ***** ** Proxmark * *** *.** ********* **** a **** ****-******** ********* **** * typical **** **** (*.*., *****-* *** a ******* *** *******). *************-****, *****-* can "****, *****, *********, ***** *** simulate ******* *** *** ** * PC," ********* ***** *******'* ******** *********** ********.
*** ******* ***** ***** *****-* ********* protocols:
*****-* **** *** ** ***-**, ****** ICS *******, ***** ****** *** ******* HID **/**** *****. *** ******* *** do **, ** ** ** ***** on ** *** ****** ** ****** modified ** ******** ********** **** **** USB * ** *** ****** **** unit. ********** *** ** ********* ** ~$***** *** ******** ****** *******.
NARD *** *** ******
**** ***(*** ****** *** ****** ****** *****) is ** ********* ***** *** ******* Zero ****, ** *********** **** ********* ***, ****** *** ** *********** **** SIMs ** ****. **** ******* ** useful ** ** ******* ******* **** to **** *********** **** *** ******** keysets *** **** (****** ******** *******), such ** *******, ****, *** ****** SE.
***** **** ********* ***** ***'* ***** one ** ****** **** *********** ********, it *** **** ******* * ********* attack, ** **** **** ********, ** educational ************ ** *** *****,********* ** *** *******.
*** **** *********** ** **** ***, see*** ****** **********.
RFID ** / ** ***** ******** ****
***** ******* **/** ******** ****** ************* **** ******* **** ***** devices ** **** ****, ** *** offer ******** ******* **** **** ********* is **** ** * ****** *** serve ** * ******** **** ** make **** **** *** ******** ** functioning ** ********.
**** ****** *** ******** *** ******* low *** ****-********* ****** *** *** lights (*** *** **** *** ** and **, ************).
Proxmark * ****.**
******** **** *** ****** *******,*** *.**, ** *** ** *** **** recognizable ******* ** *** ******** ***** ****** "*** **** ******** ****" in **** ******** ** ****, ** ** *** ** **** for * ******* ** ********* *****, such ** *******, *******, ********, *********, and ******** ***********.
********** ******* ** ******** ********, * prominent ***** ** *** **** ********, Chris *******, ***** ********,*********** ** *** ****** ******* ** Proxmark, ********* ** ******, * ********-***** reseller ** **** *********.
******** * *** * ****** ** different ***-** ******** ********** **** *** improve *** *****, *** ********* **********, etc.
*** **** *********** ** ******** *, see*** ****** **********.
Smartphone ***: *** *****
*** ***** ** ** *** (********* both *****************) **** *** ****, *****, ******, and ******* *** ***********.
*** *** *** ***********, ** *** been ****** **** * ****** ** widely **** ********** *****, ********* ******* EV *-*, ** *** ******* ***** shows:
***** ******* *** ***, *** *** will ******* *********** ***** *** ***'* maker, *** ******** ****, ***. ** writing ** *******, *** *** *** simple ****, ******* ***********, ****/********* *************, amongst ***** ******.
Smartphone ***: *** ****
*** **** ** ** ***-********* *** credential ******** *** (********* *****************) ******** *** ******* *** ****'* information *** ********** ** ******, **** as ******** * ***** **** ** opening * ******* ** **** ** action ** *******.
*** *** *** *** *****, ****&****** and ****&****, **** ********* ********* ** each ****, ***** *** ******** *********: