[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] RFID used at Olympics in Germany
- To: "Josh L. Perrymon" <joshuaperrymon@xxxxxxxxx>
- Subject: Re: [Full-disclosure] RFID used at Olympics in Germany
- From: Adam Laurie <adam.laurie@xxxxxxxxxxxxx>
- Date: Thu, 01 Jun 2006 10:08:01 +0100
Josh L. Perrymon wrote:
Yeah.. I suppose their would be limitations on the amount of data that
would be on the chip..
Maybe the will just use an ID number that refrences the user info in the
DB....
Has anyone successfully performed SQL injections usinf RFID tags? I
looked at a few papers but know it's not widespread.
I'm thinking about getting an IPAQ and an RFID reader/writer to play
around w/ this stuff.
It's certainly do-able if the target RFID reading system isn't doing the
proper checks... for playing, I can recommend the ACG reader - should
work fine in a Compaq as it's a CF card:
http://www.acg.de/synformation/servlet/PageServlet/corporate/RFIDProducts/Start?show=RFID_Basics
and if you've got python, you can drive it with RFIDIOt:
http://rfidiot.org/
BTW, if anyone's got access to these tickets I'd love to have a look at
one...
cheers,
Adam
--
Adam Laurie Tel: +44 (0) 1304 814800
The Bunker Secure Hosting Ltd. Fax: +44 (0) 1304 814899
Ash Radar Station http://www.thebunker.net
Marshborough Road
Sandwich mailto:adam@xxxxxxxxxxxxx
Kent
CT13 0PL
UNITED KINGDOM PGP key on keyservers
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/