Reverse Engineering a Payment System #5

I didn't write about it, in a long time. Just to keep a few facts straight. It has been cracked. I gave a talk about it, with my little knowledge base...a team formed and it got cracked in no time. I'm not posting any information here. you ...

more ...

Tampering with RFID Security

If you tamper with security systems, you will get burned sometime. I'm not allowed to enter this store for the next month, and i'm not allowed to touch any electronic equipment... So, i couldn't verify this on my own, but a good friend of mine took care ...

more ...

SQL Injection with RFID-Cards

I thought it wouldn't work...but apparently, something happend. A few days ago, i checked a local RFID System...I wanted to know, how it is working and so on... The card looks something like this:

0000000: adb0 a0a3 1e88 0400 468f 3658 5570 3710  ........F.6XUp7.
0000010: 0000 ...
more ...

Reverse Engineering a Payment System #4

I finaly figured out, where the amount of money is stored. I got it down to 8 bytes...but not further.. these 8 bytes even change if you put your card into the machine and buy nothing. i made a list of all data i have and which is displayable ...

more ...

Reverse Engineering a Payment System #2

i prepared two different card outputs (just excerpts) to compare them. The first card is a guestcard, which you can buy without beeing registered in the system. The part i left out, is a not encrypted and empty sector which is totaly unimportant. The card has the UID: aa257c3c which ...

more ...