RFID Evaluation Toolkit

We have provided in this toolkit a systematic analysis for the RF protocol of RFID systems. The tools are either written for the Gnuradio software and the USRP software radio hardware or for post processing the extracted data. USRP provides the flexibility of supporting any modulation and frequency (the basic module supports frequencies 0-30 MHz).

We used gnuradio version 3.1.2. Here instructions how to install it: RFID Audit Hardware

It lacks some components that are included in the newer versions. I had to do things like: Rx tuning study and Rx tuning study part two. Some of our self written blocks are nowadays included at the gnuradio too. The GNURadio is very much alive and the API is still living quite much. It might be a good idea to just wait a year and rewrite these tools (use hierarchical blocks, Model View Control -model in application design instead of single class, better UI signal/event handling, command line options ...). There might be some issues with 64 bit machines due different variable bit sizes. These tools were built for our own security evaluation usage while doing the evaluation. We found these useful and we hope that so do you.

Getting it

Reference signals

Signal analysis tools

The first task is to analyze the spectrum of each device in the system. This is useful when identifying the frequencies used by each device in the system and analyzing the bandwidth of each signal (for example, is data present and some estimate of the bitrate or bandwidth of the signal).

Demodulation tools

  • psk_demod.py: Standalone PSK demodulation utility

  • ask_demod.py: since FM is AM on two or more frequencies and because the filter might be nicely nonlinear for used frequencies, this can be used to demodulate FM signals too.

Transmitting tools

Recording data format utilities

Signalrecorder stores files in quadrature (I/Q) float format, where samples are stored as pairs of 32 bit single precision floating point numbers. The first float in the pair is the I and the second is the Q component of the sample. No header data is used.

Replaying of RFID tag signals is possible. Instructions given on the Replay attack page.

Syntax analysis

Data generation

Alibaba gnuradio modules (and tools)

Alibaba


selectiontext
Tookit
gwikishapefile

toolkit.png


Linked in pages: Testing Use Case, RIDAC/Introduction, RFID Reverse Engineering, RFID Audit Workflow, RIDAC, Debugging Use Case