friendly_RFID

validation tool UI
Main app UI

What it does

Our project is called the "Friendly_RFID". What we aim to solve is accessibility in the world of cloning RFID.

We understand as a group that the sheer volume of standards within RFID technology is monumental. So, given the time constraint, we decided to limit ourselves to the MIFARE high-frequency standard for the 1K and 4K technology.

Our work is based on a very specific type of hardware, namely the Proxmark3 RDV4, the current bleeding-edge technology in RFID pentester tools. For our work, we used the latest firmware running on the Proxmark3 by the Iceman repository (open source firmware).

What our project sought to accomplish is to bring accessibility to the world of RFID research and white-hat pentesting. And accessibility brings people together.

One of the main challenges in studying RFID technology is the very high learning curve necessary even to understand how cloning works in the RFID world. Our group bridged that gap with our Friendly_RFID app.

How we built it

What we created is a friendly and easy-to-use interface that communicates with the underlying hardware. With a simple click of buttons, you can copy, clone, and wipe the MIFARE 1K and 4K standards (with the appropriate fobs and cards).

We created a backend in Python and a frontend in JavaScript. The main challenges we ran into were trying to get our backend to communicate with the Proxmark3 RDV4 through the subprocess module.

With our app and hardware, you could literally open closed doors (with consent). And if that doesn't bring people together, we don't know what will.

Future work

In the future we plan to have a DB to store the card information for easier research cloning, authorization mechanisms from the original card issuer so that they can authorize the cloning. We also plan to extend the standards of RFID compatible (i.e. low frequency). Future work will also revolve around integrating the validation tool within the main UI interface. Disclaimer: Our work is intended for research purposes. You cannot clone, copy, or wipe the MIFARE standards card without the consent of the organization that issued a specific card. We do not condone any illicit behavior conducted using our application.