Tutorial on Smart lock picking - BLE, NFC, RFID security training, tutorials, hacking, resources

Bluetooth Low Energy HackMe: the best way to learn BLE security basics while having fun!

Tue, 17 Nov 2020 00:00:00 +0000

Bluetooth Low Energy hardware-less HackMe is a free tool that aims to help getting familiar with the very basics of ubiquitous BLE technology and its (in)security - without the need of any dedicated hardware, nor sophisticated prior knowledge. It is based on a specially designed software (running on a typical Windows 10 laptop) - which simulates various BLE devices, on the radio layer working exactly the same as real ones. Hands-on challenges of increasing level - starting with simple introduction up to unlocking smart locks - allow for practical experience, the best possible way to learn.

Magic NFC business card

Sat, 04 May 2019 00:00:00 +0000

Many access control systems still rely just on the UID of the card. It is a unique number, generated during manufacturing, read-only and impossible to change. There are however special, unofficial “Magic UID” cards (like my business card) that allow to set any UID - clone it from other cards. It takes just a few seconds with the new “one click” cloning feature that I have contributed to free Mifare Classic Tool Android application.

Confidence 2018: NFC research toolkit

Wed, 30 May 2018 00:00:00 +0000

During upcoming Confidence conference in Krakow, we will celebrate 15 years of SecuRing. On this occasion the we will share with you several NFC “research toolkits” hardware sets - that among other things allow to clone card UID and crack Mifare Classic. Come meet us at our booth and solve the NFC challenges to win one!

Also be sure to attend my introductory talk on NFC security “A 2018 practical guide to hacking RFID/NFC” track 1 Jun 4th 11:50am.

Update: slides are available to download here.

How to pick a BLE smart lock and cause "cancer" using just a mobile phone

Wed, 25 Oct 2017 00:00:00 +0000

Behold The Smart Lock! In case anyone would doubt its smartness, it is literally imprinted. Fitted with an enormously loud speaker - advertised as a feature to raise a solid anti-thief alarm. Using the same speaker for a normal unlock notification, thus enforcing you to cover your ears while opening, was not the smartest idea though. Security? Smart my shiny metal (…)!

Enough smart for the introduction. Give me the meat! TLDR exploit.

My smart lock vendor disappeared and shut the servers. Long live my smart lock!

Wed, 27 Sep 2017 00:00:00 +0000

One of my smart locks, Okidokeys, unexpectedly just turned into a brick, and this time for a change I had nothing to do with it ;) The mobile application barked at me: “Login request has failed. Please try again”. And the more I tried again, the more the login request failed. I finally discovered the vendor’s application server was shut down. And suddenly recalled shutting down their official website, Twitter and Facebook accounts a while before, but did not consider it important back then. Now as it turns out, also the phone number and e-mail server is dead. Following a quick investigation I found out they have been acquired in the meantime. By translating French forum I also realized some locks are undergoing a migration procedure to a new system, and the users are supposedly being notified. I did not get any notification - maybe because based on the serial number my lock was apparently destined for ‘American market’. That market was not covered by the acquisition, and therefore my device is not eligible for migration, as many others also just found out. I guess we can’t count on support any more. I wonder how many of the > 5000 customers (approximation based only on Android mobile application installs) have the same problem. And as of today there is still plenty of offers on US Amazon and Ebay.

Bluetooth Smart Hackmelock

Wed, 12 Apr 2017 00:00:00 +0000

Bluetooth Smart locks did not have a good press recently regarding their security. One of the reasons may be lack of knowledge, as well as insufficient number of professionals to assess and secure such devices. This project helps to develop relevant skills and allows to practice BLE hacking without the need of having the physical vulnerable hardware.