Tampering with RFID Security

If you tamper with security systems, you will get burned sometime. I'm not allowed to enter this store for the next month, and i'm not allowed to touch any electronic equipment... So, i couldn't verify this on my own, but a good friend of mine took care ...

more ...

SQL Injection with RFID-Cards

I thought it wouldn't work...but apparently, something happend. A few days ago, i checked a local RFID System...I wanted to know, how it is working and so on... The card looks something like this:

0000000: adb0 a0a3 1e88 0400 468f 3658 5570 3710  ........F.6XUp7.
0000010: 0000 ...
more ...

Reverse Engineering a Payment System #4

I finaly figured out, where the amount of money is stored. I got it down to 8 bytes...but not further.. these 8 bytes even change if you put your card into the machine and buy nothing. i made a list of all data i have and which is displayable ...

more ...

Reverse Engineering a Payment System #3

I discovered something really strange a few minutes ago. I scanned a friends card. I've never touched that card before and this guy hasn't either. But the data pattern was really messed up. The parts with the 0x00 bytes were 0xff. Some standard encryption keys were changed and ...

more ...

Reverse Engineering a Payment System #2

i prepared two different card outputs (just excerpts) to compare them. The first card is a guestcard, which you can buy without beeing registered in the system. The part i left out, is a not encrypted and empty sector which is totaly unimportant. The card has the UID: aa257c3c which ...

more ...