Full Disclosure mailing list archives
Re: RFID used at Olympics in Germany
From: Adam Laurie <adam.laurie () thebunker net>
Date: Thu, 01 Jun 2006 10:08:01 +0100
Josh L. Perrymon wrote:
Yeah.. I suppose their would be limitations on the amount of data that would be on the chip..Maybe the will just use an ID number that refrences the user info in the DB....Has anyone successfully performed SQL injections usinf RFID tags? I looked at a few papers but know it's not widespread. I'm thinking about getting an IPAQ and an RFID reader/writer to play around w/ this stuff.
It's certainly do-able if the target RFID reading system isn't doing the proper checks... for playing, I can recommend the ACG reader - should work fine in a Compaq as it's a CF card:
http://www.acg.de/synformation/servlet/PageServlet/corporate/RFIDProducts/Start?show=RFID_Basics and if you've got python, you can drive it with RFIDIOt: http://rfidiot.org/BTW, if anyone's got access to these tickets I'd love to have a look at one...
cheers, Adam -- Adam Laurie Tel: +44 (0) 1304 814800 The Bunker Secure Hosting Ltd. Fax: +44 (0) 1304 814899 Ash Radar Station http://www.thebunker.net Marshborough Road Sandwich mailto:adam () thebunker net Kent CT13 0PL UNITED KINGDOM PGP key on keyservers _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: RFID used at Olympics in Germany Chris (Jun 01)
- <Possible follow-ups>
- Re: RFID used at Olympics in Germany Adam Laurie (Jun 01)
- Re: RFID used at Olympics in Germany gboyce (Jun 01)