FeliCa is externally powered, i.e. it does not need a battery to operate. I recently got a Proxmark 3, and used it to read the NFC of the Tamagotchi Friends. Even worse, very often these numbers are also physically printed on the badge and so an attacker can grab them simply reading the badge with his eyes! 🙂 So, what can we do with do if we have a Facility Code and a Card Number? Tags: CCC, Chaos Communication Congress, defcon, eBay, Eric Smith, HID Global, iClass, Joshua Perrymon, Lares Consulting, RFID. But many “security designers” are quite lazy anyway and don’t use those possibilities even if they exist….
This is interesting, because it shows that some ‘spiking’ in the scan might be due to noise from non-NFC features of the Tamagotchi. A scan of a ‘normal’ rfid tag gave this: I looked around at other scans done with the Proxmark, and the Tamagotchi scan seems quite atypical. But maybe the badge that we can clone can not access in every area of the corporate environment. The card uses power supplied from the special FeliCa card reader when the card comes in range. Retrieved on 2013-08-16. ^ Sony to launch next generation FeliCa contactless IC chip ‹ Japan Today: Japan News and Discussion. Lares’ Joshua Perrymon and Eric Smith demonstrated how an HID parking garage reader capable of reading cards up to three feet away was purchased off of eBay and modified to fit inside of a common backpack. When the data transfer is complete, the reader will stop the supply of power.
Смонтировав обе антенны в корпус обнаружилось что проездной не читается. For this reason, Brad Antoniewicz of McAfee® Foundstone® Professional Services published ProxBrute, a very smart modification of the stand-alone mode of Proxmark III firmware. The Facility Code identifies the company, while the Card Number identifies the particular badge. You can see some data from scanning the Tamagotchi here, here and here if you’re interested. Your card might not have data center or HR access but I can get into those places within your organization just by coming up to some employee standing outside the building and bumming a light off of him.” Organizations that are vulnerable have several options.