Differences between revisions 1 and 2
Revision 1 as of 2010-02-22 19:36:54
Size: 3289
Editor: ?fenris
Revision 2 as of 2010-02-24 08:16:50
Size: 3283
Editor: gw1
Deletions are marked like this. Additions are marked like this.
Line 15: Line 15:
 * [[http://code.google.com/p/ouspg/source/browse/trunk/ridactoolkit/ | Source Repository]]
 * [[http://code.google.com/p/ouspg/issues/list | Issue Tracker]]
 * [[http://code.google.com/p/ouspg-ridac/source/checkout | Source Repository]]
 * [[http://code.google.com/p/ouspg-ridac/issues/list | Issue Tracker]]

RFID Evaluation Toolkit

We have provided in this toolkit a systematic analysis for the RF protocol of RFID systems. The tools are either written for the Gnuradio software and the USRP software radio hardware or for post processing the extracted data. USRP provides the flexibility of supporting any modulation and frequency (the basic module supports frequencies 0-30 MHz).

We used gnuradio version 3.1.2. Here instructions how to install it: RFID Audit Hardware

It lacks some components that are included in the newer versions. I had to do things like: Rx tuning study and Rx tuning study part two. Some of our self written blocks are nowadays included at the gnuradio too. The GNURadio is very much alive and the API is still living quite much. It might be a good idea to just wait a year and rewrite these tools (use hierarchical blocks, Model View Control -model in application design instead of single class, better UI signal/event handling, command line options ...). There might be some issues with 64 bit machines due different variable bit sizes. These tools were built for our own security evaluation usage while doing the evaluation. We found these useful and we hope that so do you.

Getting it

Reference signals

Signal analysis tools

The first task is to analyze the spectrum of each device in the system. This is useful when identifying the frequencies used by each device in the system and analyzing the bandwidth of each signal (for example, is data present and some estimate of the bitrate or bandwidth of the signal).

Demodulation tools

  • psk_demod.py: Standalone PSK demodulation utility

  • ask_demod.py: since FM is AM on two or more frequencies and because the filter might be nicely nonlinear for used frequencies, this can be used to demodulate FM signals too.

Transmitting tools

Recording data format utilities

Signalrecorder stores files in quadrature (I/Q) float format, where samples are stored as pairs of 32 bit single precision floating point numbers. The first float in the pair is the I and the second is the Q component of the sample. No header data is used.

Replaying of RFID tag signals is possible. Instructions given on the Replay attack page.

Syntax analysis

Data generation

  • bruteforcer.py for brute force and data generation. Supports some encodings.

Alibaba gnuradio modules (and tools)




Linked in pages: Testing Use Case, RIDAC/Introduction, RFID Reverse Engineering, RFID Audit Workflow, RIDAC, Debugging Use Case