A hack for HackUMass VI by the UMass PenTesting Team + 2.
The purpose of our hack is to conduct man-in-the-middle (MitM) and denial-of-service (DOS)exploits on RFID cards of various bit capacities. Our primary motivation was to hack the UMass RFID system. Our exploits were tested using the iClass r-640x-300 reader (tag).
We had two subteams: one worked on researching protocols and exploits for the UCards and the other set up the tool that employs MitM and DOS attacks.
Our hack consists of a second-hand RFID scanner hooked up to a Raspberry Pi and an Arduino. The RFID scanner reads in card data which the Arduino processes and logs. The data is then sent along to a web server that the Raspberry Pi hosts. The web server hides the logged data behind a login screen. After entering in the correct login, the attacker can access the card data of whoever has unknowingly used their dummy scanner. To use the data, the attacker can select a card code from a dropdown and click "Open Sesame" or "Lock" to lock the door that they've planted the dummy scanner on.
- Nils Carlson
- Michael Roffo
- Jordan Chen
- Nicholas Sichalov
- Jake Quilty
- Aaron Terentiev
- Python 3.6+
- virtualenv
- Clone this repository
- Navigate into the project folder
cd UMPenTest_RFID_hack
- Activate the virtual environment
source venv/bin/activate
- Install the project packages
pip install -r requirements.txt
To run the local web server:
- Export the requisite environment variables
export FLASK_APP=UMPenTest_RFID_hack.py
export FLASK_ENV=development
- Run the Flask web server
sudo python3.6 UMPenTest_RFID_hack.py
-
Navigate to the server IP (default: http://127.0.0.1:5000/)
-
Select a logged card code from the dropdown and press either "Open Sesame" or "Lock"
After getting the Pi up and running:
- Rip out the RFID scanner on a door/building
- Install our tool
- Navigate to the web address and port that you have the Pi running on
- Enter your login credentials
- Enjoy life in prison