Proxmark3 and the Lost Key

The Proxmark is an RFID swiss-army tool, allowing for high- and low-level interactions with the vast majority of RFID tags and systems worldwide. Proxmark3 can run independently from a PC powered by an optional battery and offers, depending on the targeted RFID Tag, advanced functions like Offline Encryption, Online sniffing, default key cracking, data dumping, or the ability to run simulations.

Proxmark3 is a tool used for RFID (radio-frequency identification) analysis and manipulation. It is often used by security researchers, hackers, and forensic analysts to study and test the security of RFID systems. The Proxmark3 device consists of a portable, handheld hardware device and accompanying software that can read and write data to RFID tags, listen to and transmit RFID signals, and perform other actions related to RFID analysis. The Proxmark3 is a highly flexible and powerful tool that can analyze a wide range of RFID technologies, including those used in access control systems, payment systems, and other applications.

Key fobs, also known as RFID (radio-frequency identification) tags, are commonly used for access control in various settings, including corporate environments and secure facilities. These passive devices transmit data when in proximity to a reader, enabling them to act as electronic keys and granting access to designated areas based on the permissions of the individual or group associated with the key fob.

One aspect of key fobs that is important to consider is the unique identifier assigned to each device by the manufacturer. This identifier, known as the UID (User Identification), is encoded using a specific method specific to the manufacturer, making it distinct from other key fobs on the market. In addition to the UID, key fobs may also have a Facility Code (FC) assigned to them, which further restricts access to specific areas or resources within a facility.

It is possible to read the data transmitted by a key fob and obtain the UID and FC; in some cases, it may be possible to replicate this information onto another key fob. This process, known as cloning, can bypass access control systems and compromise the security of a facility. Therefore, it is crucial for organizations to carefully manage and secure their key fobs to prevent unauthorized access or duplication.

Generally, key fobs are a widely used tool for access control and security. Still, it is essential to understand the data transmitted by these devices and the potential risks associated with cloning or unauthorized access. Proper management and security measures can help to mitigate these risks and ensure the integrity of access control systems.

Reading the Key Fob

It is relatively simple to obtain the Facility Code (FC) and Card Number (CN) from an RFID key fob, and with this information, it is possible to clone the key fob or create a new key fob with the same FC and CN. This allows an attacker to potentially bypass access control systems and gain unauthorized access to a facility.

Alternatively, an attacker could also potentially use a brute force attack to try different combinations of FC and CN values in an attempt to gain access to a facility as another tenant. It is important for organizations to protect against such attacks by implementing measures such as rate limiting, which can help to mitigate the effectiveness of brute force attacks. Additionally, regularly updating and rotating key fob codes can also help to reduce the risk of unauthorized access.

Brute Forcing Success

Brute forcing an RFID key fob using the Proxmark3 tool is a potentially effective method for gaining unauthorized access to a facility. Still, it is crucial for organizations to take steps to protect against such attacks and implement measures to mitigate the risk of unauthorized access.

To perform a brute force attack on an RFID key fob using the Proxmark3 tool, an attacker would need to follow these steps:

  1. Acquire a Proxmark3 device and ensure it is properly configured and set up for use. This may involve installing necessary software and drivers and connecting the device to a computer or other host system.

  2. Place the target key fob in close proximity to both the Proxmark3 device and the RFID reader that the attacker is attempting to access.

  3. Use the Proxmark3 software to transmit a range of different Facility Code (FC) and Card Number (CN) values to the RFID reader. This can be done using a command-line interface or other software interface provided by Proxmark3.

  4. Please review the RFID reader’s response to each transmitted FC and CN combination, and let me know whether access is granted or denied. This information can be used to narrow down the possible range of FC and CN values that may be valid for the key fob.

  5. Continuously try different FC and CN values combinations until the correct values are found or determine that the attack is unsuccessful. This process may involve trying all possible combinations of FC and CN values within a specific range or using other techniques, such as dictionary attacks or rule-based attacks.

It is important to note that brute forcing an RFID key fob can be time-consuming and resource-intensive, and it may not be practical to try all possible combinations in many cases. Additionally, some RFID systems may include measures to mitigate the effectiveness of brute force attacks, such as rate limiting or temporary lockouts after multiple failed attempts.

Share with the World!

John Wotton

John Wotton

John Wotton @ Aegisbyte is an expert red team operator and reverse engineer with a wealth of experience in the field of cybersecurity. With a strong background in offensive security and a track record of success in simulated attacks against real-world systems, John is highly skilled at identifying and exploiting vulnerabilities in a variety of systems and technologies. In addition to his expertise in red team operations, John is also an experienced reverse engineer, with a deep understanding of the inner workings of software and hardware systems. With his combination of technical skills and strategic thinking, John is a valuable asset to any team looking to improve the security and resilience of their systems.