7.7 KiB
FZ - NFC
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥
- Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
- Discover The PEASS Family, our collection of exclusive NFTs
- Get the official PEASS & HackTricks swag
- Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.
- Share your hacking tricks by submitting PRs to the hacktricks repo and hacktricks-cloud repo.
Intro
For info about RFID and NFC check the following page:
{% content-ref url="../../../radio-hacking/pentesting-rfid.md" %} pentesting-rfid.md {% endcontent-ref %}
Supported NFC cards
{% hint style="danger" %} Apart from NFC cards Flipper Zero supports other type of High-frequency cards such as several Mifare Classic and Ultralight and NTAG. {% endhint %}
New types of NFC cards will be added to the list of supported cards. Flipper Zero supports the following NFC cards type A (ISO 14443A):
- Bank cards (EMV) — only read UID, SAK, and ATQA without saving.
- Unknown cards — read (UID, SAK, ATQA) and emulate an UID.
For NFC cards type B, type F, and type V, Flipper Zero is able to read an UID without saving it.
NFC cards type A
Bank card (EMV)
Flipper Zero can only read an UID, SAK, ATQA, and stored data on bank cards without saving.
Bank card reading screenFor bank cards, Flipper Zero can only read data without saving and emulating it.
Unknown cards
When Flipper Zero is unable to determine NFC card's type, then only an UID, SAK, and ATQA can be read and saved.
Unknown card reading screenFor unknown NFC cards, Flipper Zero can emulate only an UID.
NFC cards types B, F, and V
For NFC cards types B, F, and V, Flipper Zero can only read and display an UID without saving it.
Actions
For an intro about NFC read this page.
Read
Flipper Zero can read NFC cards, however, it doesn't understand all the protocols that are based on ISO 14443. However, since UID is a low-level attribute, you might find yourself in a situation when UID is already read, but the high-level data transfer protocol is still unknown. You can read, emulate and manually input UID using Flipper for the primitive readers that use UID for authorization.
Reading the UID VS Reading the Data Inside
In Flipper, reading 13.56 MHz tags can be divided into two parts:
- Low-level read — reads only the UID, SAK, and ATQA. Flipper tries to guess the high-level protocol based on this data read from the card. You can't be 100% certain with this, as it is just an assumption based on certain factors.
- High-level read — reads the data from the card's memory using a specific high-level protocol. That would be reading the data on a Mifare Ultralight, reading the sectors from a Mifare Classic, or reading the card's attributes from PayPass/Apple Pay.
Read Specific
In case Flipper Zero isn't capable of finding the type of card from the low level data, in Extra Actions
you can select Read Specific Card Type
and manually indicate the type of card you would like to read.
EMV Bank Cards (PayPass, payWave, Apple Pay, Google Pay)
Apart from simply reading the UID, you can extract a lot more data from a bank card. It's possible to get the full card number (the 16 digits on the front of the card), validity date, and in some cases even the owner's name along with a list of the most recent transactions.
However, you can't read the CVV this way (the 3 digits on the back of the card). Also bank cards are protected from replay attacks, so copying it with Flipper and then trying to emulate it to pay for something won't work.
References
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥
- Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
- Discover The PEASS Family, our collection of exclusive NFTs
- Get the official PEASS & HackTricks swag
- Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.
- Share your hacking tricks by submitting PRs to the hacktricks repo and hacktricks-cloud repo.