VehiclesFashionRecipesBlogsHuntTravelsSportFunHandmadeITEducation
Mini-Games
x

x
zakruti.com » Knowledge, science, education » GreatScott!
How safe is contactless payment? How does RFID & NFC work? EB#40

How safe is contactless payment? How does RFID & NFC work? EB#40

FBTwitterReddit

video description

Rating: 4.0; Vote: 1
How safe is contactless payment? How does RFID & NFC work? EB#40 DragoSmash: i wanted to clarify something to GreatScott!
the tags/cards you used at the beginning that spit out their full information, they do so because they have their default keys set (FF FF FF FF FF FF)
in the MiFare 1K cards there are a couple of security things you can do to make them safer
each sector in the card can be set with either a Key A or Key B, and each can have different permissions to the read/write of the sector, additionally each sector can have a different Key, so you can lock the whole card with 128 different keys, each sector is composed of 3 blocks and a trailing block (where the keys and access bits are stored, each block is composed of 16 bytes
the other security thing you can do is write the access bits, this way you can lock the card keys so they can't be read or changed later on (this is a bit dangerous to do if you don't know what you are doing, writing invalid access bits can lead to bricking the access to that sector permanently)
in my opinion, MiFare 1K cards while not the best security choice, its fairly decent

Date: 2020-09-05

Comments and reviews: 9


the ISO14443 is just the communication protocol between card and the reader, ISO18092 also based on ISO14443 but its purpose for NTAG (one of NFC requirement, the program embedded inside the card itself either native or java card (they're not using mifare, because it's type of memory card, the secret key key stored within card and used by the program to authenticate transaction, each time a transaction performed a session key can be generated between reader and card based on the secret key inside the card and SAM card (on the reader, also the reason why NFC reader on phone didn't recognized the card because it didn't implement NTAG specification (ISO18092, but if you have an app that can specifically read ISO14443 card, it can be used to communicate with the card at application level protocol (basic APDU)
reply

good video, notes are.
3 popular ICs
- RDM6300 (125KHz)
- PN532 (13. 56Mhz) - Can handle more RFID tags, but not credit card NFC data (this might work for workplace access card)
- RC522 (13. 56Mhz) - Cant read credit card NFC data, Can read and write
Frequencies used (13. 56Mhz) HF
MIFARE Classic 1K - (tag based RFID)
Both the card and the tag, holds 1KB of data
Contactless payment uses NFC and not RFID (and has standards) and it uses 13. 56Mhz
So credit cards NFC cant be read with RC522 Card. a HP with NFC maybe able to read NFC card and gives the card type (ISO 1443-4) but cant read memory as the data is encrypted.

reply

I was wondering which technology my University library system uses. now i know and thinking of how to hack that system by using a decoy RFID tag same data carried out by the books RFID tag. but I don't know that library uses NFC or normal RFID. need to watch out after this CORONA Quarantine days.
reply

Can i please ask do you remebert that code you has been using at 6: 27 i cant find it anywhere (with rfid identification)
Everytime it has delay or display and other things but i want to upload it on Arduino Nano 168P

reply

Well bank cards use different frequency compared to those. I had those NFC readers and they were not able to read my bank card. I also know about those numbers only can be changed but not the unique one with letters.
reply

Great Scott, I've got it! :)
So the passive chips are powered by the readers. I was wondering how the f is it powered, there are no batteries that small. in case of credit cards.
Thanks for the explanation!

reply

Can you make a full tutorial on how to make a RFID attendance System out of the rc522 and an arduino, there are a lot of tutorials in youtube but I think I will be able to understand it more if it comes from you
reply

You are assuming that our cards will never be stolen or lost. If someone takes it from us he/she can easily use it as PIN Nos are not reqd. Please don't promote insecurity in the name of modernity.
reply

So we can still try to capture it's encrypted data and just reproduce the signal. Thus having a 25 false card that we can use from time to time if the victim isn't careful on his money transaction
reply
Add a review, comment






Other channel videos