Category Archives: Uncategorized

NFC tags – automating reading and writing with LUA and Proxmark3.

Hello There, its been quite a while. But no time like the present to ressurect this blog. Since the beginning of ’21 i have been researching NFC and RFID tags as part of a Cyber Security course. It lead me to finding a hardware device called the Proxmark3 that allowed me to interact with the tags. But i wanted more. Youtube video here

https://youtu.be/FYHxatRUmEk

My goal was to write a LUA program that can be executed by the proxmark software. It would sit there listening until it detected a tag, then it would dump the information using that to write a new tag. As this project was for a class, i only had 4 weeks to develop something while learning a new language. I have posted the result (and interations of the build) on my GitHub – https://github.com/somefreak/proxmark-auto-mifare

The program i ended up with does not have the entire functionality that i set out to acheive. However i do not count that as failure. My programming skills are amateur level at best, so getting a working program with part functionality feels like i have accomplished something.

Luckily, there are many other LUA proxmark3 projects with more functionality than mine. Here is the references i used while researching and coding my solution:

https://swende.se/blog/Proxmark_Scripting_1.html
https://swende.se/blog/Proxmark_Scripting_2.html
https://stackoverflow.com/questions/1034334/easiest-way-to-make-lua-script-wait-pause-sleep-block-for-a-few-seconds
https://www.tutorialspoint.com/lua/lua_variables.htm
https://www.tutorialspoint.com/lua/lua_repeat_until_loop.htm
https://github.com/Proxmark/proxmark3/blob/master/client/scripts/formatMifare.lua
https://github.com/Proxmark/proxmark3/blob/master/client/scripts/mifare_autopwn.lua
https://github.com/Proxmark/proxmark3/issues/840
https://stackoverflow.com/questions/14629658/lua-repeat-until-seems-to-use-original-value
http://www.troubleshooters.com/codecorn/lua/luaio.htm

Through my research what i have discovered is these tags are just as vulnerable as normal locks with keys. There is no perfect security solution, the only difference between normal locks and lockpicks is the technical barrier of entry is higher for NFC but that doesn’t mean there isn’t digital lock picks out there.

Device Security – Cisco NTP

This week has seen a few vulnerabilities become very public, one that targets home routers (misfortune cookie) and another of note is for people running NTP (ntpd – http://www.eweek.com/security/four-flaws-expose-critical-network-time-keeping-servers-to-attack.html ). Between this and the hacks on sony, icloud etc. this year has served as a reminder to me that device security is something that often changes, and may be impacted by protocols, devices or other changes on your network be it home or otherwise.

A great example of this is consumer routers coming with IPv6 support. Years ago, i swapped to a new router, that came with IPv6 support. Little did i know at the time that my ISP automatically assigned clients a /56 IPv6 subnet by default. My router was then happily handing out a /64 to the lan segment meaning all my home devices automatically got a public IPv6 address. I can tell you, it was very scary the day i was able to connect from an public network to my NAS and other network devices without filtering. This security issue arose because i changed one piece of hardware without realising the full impact that change would make.

Getting to the topic, alot of people configure up their cisco routers and switches to use NTP. However i have found in the past, that in doing this, it also enables the cisco device as an NTP server. Yep, thats right, if you typed in “ntp server pool.ntp.org” into your cisco router as an example, it has not only started the client to update its own time, but it has started acting as a server too! Luckily, you are able to secure it, Here is what you need to do.

(in this example i will use 10.1.10.1 and 10.2.20.1 as the NTP servers)

First, we will need to create an ACL to allow traffic to the NTP servers that we want our device to synchronise with:

!

configure terminal

access-list 10 permit 10.1.10.1

access-list 10 permit 10.2.20.1

access-list 10 deny any

!

Here i will assume you will have already configured your servers, next step is to apply the ACL. Even though i use the command “ntp server 10.1.10.1” rather than “ntp peer 10.1.10.1” as they do different things (see here – http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html ) when you apply the ACL, you need to use the following command:

!

ntp access-group peer 10

!

Your network devices should now no longer respond to queries (except from hosts in that ACL).

Wishing everyone all the best for the holidays and 2015! Remember backup those videos and photos 🙂