Search the Community

deleted

The Tastic RFID Thief has been around since late 2013, and since I've had a tremendous amount of requests asking how to build it, I thought that this blog post would be of justice to the tastic. About the Tastic RFID Thief The Tastic RFID Thief was introduced by the company Bishop Fox through a series of and videos across mid-late 2013. Bishop Fox describe the Tastic silent, long-range RFID reader that can steal the proximity badge information from an unsuspecting employee as they physically walk near this concealed device.I built my first Tastic RFID Thief in February 2014, with no experience in electronics, and as a total challenge given to me by my boss at the time. It was an overall fun experience however, and I'm grateful that I was able to push myself. So, to all those who want to build one, but don't quite have the experience to do so, my advice is just go for it. The Tastic RFID you see in this post, is the second that I have built for a security consultancy company in Sydney. This guide assumes that you are doing constant testing of the circuit along the way. Whilst this guide itself isn't so detailed and bullet proof, it definitely will act as a great reference and tutorial towards building the Tastic. Getting Started 1. Getting your parts in order Bishop Fox conveniently provide a downloadable list of parts, which you can find here. Most parts are necessary for the production of the tastic, however the following three parts are not really needed: You can mount the board yourself with some tape/hackiness: Adafruit - Board Edge Mounting Kit - Pack of 4 ID 1116 (~$3)Board Edge Mounting Kit - Pack of 4 ID: 1116 - $2.95 : Adafruit Industries, Unique & fun DIY electronics and kits This is for showing off/aesthetic purposes only: Two Wire Display Stand; Set of 2 6A - Black (~$9)Amazon.com: Gibson Holders Two Wire Display Stand; Set of 2, Black (6A-: Office Products Official HID MaxiProx 5375AGN00's come with a screw to tighten the lid by default: Single thumbscrew in front to hold cover onNylon 6/6 Thumb Screw, Knurled Head, #6-32, 3/4" Length (ASIN: B000FN2ADW) Nylon 6/6 Thumb Screw, Plain Finish, White, Knurled Head, Flat Point, Meets ASTM D4066/ASTM D6779, 3/4" Length, Fully Threaded, #6-32 Threads (Pack of 100): Amazon.com: Industrial & Scientific Since the above isn't stated in the parts list, I thought I would just make it clear to new comers that those parts are not essential. Additionally, the project will require having access to the following equipment: Soldering Iron w/ solderSome sort of clamp to hold anything which needs to be solderedHeader pins, rainbow cable Last, but not least, Bishop Foxhave kindly provided the PCB design/schematics needed for this project. They are freely available and can be found here. You can get such a Fritzing PCB printed out via: Fab — Fritzing Fab or Printed Circuit Board Prototype - PCB Fabrication - Assembly | Advanced Circuits 2.Connecting up the PCB In order to connect up the PCB, you'll need to fire up your soldering iron to around 400°C and wait some time to ensure that it is hot, and ready to go. While the solder is warming up, simply place the Ardiuno Nano onto the PCB, fitting it in where outlined: When in place, it should look something like this: By either using a clamp, or something which can hold the arduino, as well as PCB in place upside down, solder the arduino on: The end result should look like this: Since the general gist of soldering things onto the PCB has been established, just continue adding all the other parts via soldering onto the PCB where indicated on the PCB. Here's how my PCB turned out, which should be good guidance of how to set everything up. Clip anything from the bottom of the PCB if it is too long, e.g. pins from the arduino and the legs of the resistors, capacitors and voltage regulators. Note: For the Maxiprox connection pins for the PCB, you can see how my PCB contains header pins instead of a direct connection. This allows for the PCB to be moved freely, right until we make the final connection. Congratulations, your PCB now has all the parts needed, attached. We can now continue with the assembly of the LCD screen. Here is how the PCB should look from the bottom (sorry for the blurriness!): 3. Assembling the LCD Screen The LCD screen, in my opinion is largely not required. Perhaps for demonstration and debugging purposes it can be quite useful, however in a real life penetration test, it's unlikely that once you steal a persons RFID information, you'll quickly check your Tastic RFID Thief to see the number pop up on the LCD screen momentarily. However, I did document it for everyone. Since header pins are all round useful, add some header pins to the RX, GND and VDD spots on the LCD board. Solder these header pins on, like seen in the image below: These three pins will join accordingly to the 3 pin terminal block on the PCB. Keep track of the colours I used for the connection (green = VDD, yellow = GND, orange = RX). 4. Preparing the Batteries In this build of the Tastic RFID Thief, instead of the suggested 2 x 6 battery case solution, I was forced to instead use 3 x 4 battery case solution. Basically, connect the battery packs up like the image below (Note: Don't solder all the connections until you're happy with the arrangement and the switch has been added): In the image above, you may notice the lack of a switch in between the last battery back and the terminal block on the PCB. When building the RFID tastic, my friend andI added the switch later, after confirming that the battery circuit was working fine. The entire circuit is below (without the RFID reader connected): 5. Connect the PCB to the HID Maxiprox By using the header pins we put into the PCB earlier, we can easily make a connection from the PCB to the reader. The photo below, shows how it could be done (colour coding to help you out): You may notice that I have not connected the wires for the LCD, this was because for some reason it was somehow shorting the entire circuit. I concluded that it was either faulty, or that I had messed up something with the power distribution, however as soon as it was removed, everything was working fine, consistently. 6. Finishing Up With Hardware To finish up the project, simply hold everything down with electrical tape. To make sure that the PCB does not move around when the Tastic is closed, you can use double sided tape or something similar. One of the biggest issues included making sure that the height of everything placed inside of the maxiprox was less than the actual height of the maxiprox. If anything were higher, then the casing would not close without extra pressure (which is seriously not recommended). Additionally, you may need to set your Maxiprox to the following settings in the image below: and the voltage level to the following setting: Even though I don't have any photos of setting it up, in the finalisation stages, it's also recommended to fix the missle switch/regular switch into the hole provided in the Maxiprox. The final version of the Tastic RFID Theif looked something like this: Notice the missile switch to the right of the PCB. 7. Uploading Code to the Arduino This part is quite simple.Download the Ardunio software here: Arduino - SoftwareDownload the Tastic RFID source code here: http://www.bishopfox.com/download/814/Download the SDFat Library for Arduino here: http://sdfatlib.googlecode.com/files/sdfatlib20111205.zipRead the following guide to help install the SDFat Library: Arduino - LibrariesCompile the project to ensure no errors arise, and then simply connect the arduino on the PCB to your computer via a mini USB cableSelect your respective device and COM port from the options of the Arduino IDE and click the upload button Completion! Once the code is uploaded, put in the microSD card into the microSD card reader on the PCB, ensure that no connections are damaged or missing and keep an eye out on the LCD screen (if one is attached). The building process is now complete. Feel free to flick the switch on and make sure that your RFID cards are being read and written to the microSD card. I really do recommend reading Bishop Fox's page on the tastic, and watching their video demonstrations to give you even more of an understanding of how the tastic works and how to build it. Good luck and feel free to contact me along the way! Sursa: Guide to building the Tastic RFID Thief

Amal Graafstra snaps on a pair of black rubber gloves. “Do you want to talk about pain management techniques?” he asks. The bearded systems administrator across the table, who requested I call him “Andrew,” has paid Grafstra $30 to have a radio-frequency identification (RFID) chip injected into the space between his thumb and pointer finger, and as Graafstra describes Lamaze-type breathing methods, Andrew looks remarkably untroubled, in spite of the intimidatingly high-gauge syringe sitting on the table between them. Graafstra finishes his pain talk, fishes a tiny cylindrical two-millimeter diameter EM4012 RFID chip out of a tin of isopropyl alcohol, and drops it into the syringe’s end, replacing the RFID tag intended for pets that came with the injection kit. He swabs Andrew’s hand with iodine, carefully pinches and pulls up a fold of skin on the top of his hand to create a tent of flesh, and with the other hand slides the syringe into the subcutaneous layer known as the fascia, just below the surface. Then he plunges the plastic handle and withdraws the needle. A small crowd of onlookers applauds. The first subject of the day has been successfully chipped. Here’s a video of the procedure. Over the course of the weekend, Andrew would be one of eight people to undergo the RFID implantation among the 500 or so attendees of Toorcamp, a hacker conference and retreat near the northwest corner of Washington State. Graafstra’s “implantation station” was set up in the open air: Any camper willing to spend $30 and sign a liability waiver could have the implantation performed, and after the excitement of Andrew’s injection, a small line formed to be next. And why volunteer to be injected with a chip that responds to radio signals with a unique identifier, a procedure typically reserved for tracking pets and livestock? “I thought it would be cool,” says Andrew, when we speak at a picnic table a few minutes after his injection. (The pain, he tells me, was only a short pinch, followed by a “weird feeling of a foreign body sliding into my hand.”) Graafstra's glass-encased RFID chips, ready for implantation. The practical appeal of an RFID implant, in theory, is quick authentication that’s faster, cheaper and more reliable than other biometrics like thumbprints or facial scans. When the chip is hit with a radio frequency signal, it emits a unique identifier number that functions like a long, unguessable password. Implantees like Andrew imagine the ability to unclutter their pockets of keys and keycards and instead access their cars, computers, and homes with with a mere wave of the hand. Andrew says he initially hoped to use his RFID implant instead of the HID identity card his office uses for entry, but wasn’t deterred from the injection when Graafstra told him that HID uses a proprietary system whose chips Graafstra couldn’t implant. “I don’t have anything specific in mind, now, but I didn’t know when I’d have another opportunity to do it,” says Andrew. “And it’s a good excuse to start learning more about RFID.” Another young hacker who underwent the procedure at Toorcamp said he hopes to install an RFID access system at the door of his local hackerspace. A young woman with a small collection of rings and studs in her ears compared her new implant to aesthetic body modifications like piercings and tattoos, or even the fringier culture of erotic “needleplay.” “I guess I have an interest in my body’s response to pain and modification,” she says. “There’s a certain thrill of the new.” For Graafstra himself, the chips are more than a novelty or a hacker hobby. Graafstra uses them to access his home near Seattle, to turn on his motorcycle, to open a safe in his house, even to authenticate into his phone, a Samsung Galaxy Nexus that’s capable of near-field communications. He had his first chip installed in 2005 by a doctor client of his IT services firm, and has since become one of a few vocal RFID body implant evangelists, chronicling his experiences with the chip on his website and in a book, RFID Toys. The enthusiasm of hackers like those at Toorcamp for RFID implants may seem a bit surprising–privacy advocates have long warned that the chips could allow individuals to be tracked by governments and corporations, even when they’re merely housed in passports or clothing, not to mention injected subcutaneously. But Graafstra says that the chips he’s implanting are difficult to read from more than a few inches away. And he argues the idea of some trying to read his chip in order to spoof its signal and access his house or other property is far less of a threat than other potential privacy invasions. “If someone manages to read this, it’s just as if they found a piece of paper with a number on the ground,” he says. “For any kind of attack, they would have to also know me and where I live and wants to gain access to the things I’ve enabled. There are easier ways to do that, like breaking into my window.” That hasn’t stopped privacy advocates and religious types from attacking Graafstra as a harbinger of evil–Some link his hand chip with the Bible’s “mark of the beast,” a number stamped by the Devil on hands and heads in the Book of Revelations. Graafstra ignores their emails or responds politely. “Some people view the body as a sacred temple,” he says. “Some view it as a sports utility vehicle they can upgrade. I’m definitely in the second category.” Even so, he says his Toorcamp implantation station was a one-off. Outside of the camp’s community of hacking and experimentation, he worries that the risk of unhappy customers would be too high. “I trust that the people here have put a little thought into it and know what they’re getting into,” he says. “For everyone else, I recommend you contact your local piercing artist.” Implementation Guide: http://amal.net/wp-content/uploads/2012/09/DIY-Implantation-Guide.pdf Sources: Want An RFID Chip Implanted Into Your Hand? Here's What The DIY Surgery Looks Like (Video) - Forbes The first ever MakerFaire - Amal Graafstra - Technologist, Author & Double RFID Implantee