Prox Card Hack
March 5, 2005 10:50 AM   Subscribe

Uh, where is the information about the reverse enginerring?

The page just seems to be about building the prox card system.
posted by exois at 12:03 PM on March 5, 2005

Think your Prox Card system is secure?

Telling us what a 'Prox Card system' is might help too.
posted by Steve_at_Linnwood at 12:34 PM on March 5, 2005

Prox is apparently short for Proximity, as in the cards and readers that work by being in close proximity to eachother, instead of physically touching like magnetic cards do.

Examples include Exxon's SpeedPass, EZPass Toll Tags, HID cards for building access in business environments, and several college ID cards used for access to buildings and payment for food.

This post strikes an unnecessarily paranoid tone, as in:
Think your house key is secure? Guess again. Sophomores at ___ College have reverse-engineered the so-called "pin and tumbler" design that, according to analysts, may be an industry standard in many locks. Rumor has it they have created a "grinding wheel" (combined with metal stock) too, but nothing more is known at this time.
posted by odinsdream at 12:52 PM on March 5, 2005

a prox on your house!
posted by quonsar at 12:53 PM on March 5, 2005

A "Prox Card System" is a remote (RFID) identification system. The Prox Card can be read from up to several feet away and provide an ID to a reader.

The reverse engineering that took place was that the students took an existing card(s), analyzed its response to a reader signal, and determined how the ID was encoded in the response.

The fear is that it is simple to build a card reader, carry it around hidden on yourself, remotely read anyone's card without there knowledge by walking within a few feet of them, create a card with that persons ID encoded in it, and have access to anything that person's card has access to.

On preview: I tend to agree with odinsdream that this is not much worse than key systems. However, it is somewhat worse because picking a lock takes time and has the risk of discovery, while using a cloned card would be undetectable in many situations. And duplicating a key requires physical possession of that key for some time, while grabbing the ID from a prox card only requires being near it for a moment.
posted by Bort at 1:02 PM on March 5, 2005

BTW, these cards will become much more secure as they change the design away from just giving up an ID to a challenge-response smart card type of system. And that will have to happen before RFID is widely accepted for financial transactions.
posted by Bort at 1:07 PM on March 5, 2005

Then the advancing system will be broken. Locks have only been secure all these years because most people don't know how to break into them. Most people could if they knew how.
posted by Dean Keaton at 3:07 PM on March 5, 2005

the post is a bit silly because, as far as i know, no-one is claiming that these things are secure. but it was an interesting article anyway - i hadn't realised how they worked in that much detail and the encoding details were more complicated than i expected.

presumably the range of these things depends on the field being used to read them. here in santiago they're used as tokens for the metro (the system is presented as "storing" value on the cards, but presumably it's a central server that look up the id) and you have to get the card very close to the reader (often needing to take it out of your wallet). i wonder how practical a long range (say 1m) hand held device is.

also, it seems like it would be fairly easy to make these safe by simply carrying two. i read the article earlier today, but from what i remember the encoding doesn't exploit any kind of fancy orthogonality (you know what i mean, can't remember the technical term) so i would guess that two cards together would be unreadable.
posted by andrew cooke at 3:22 PM on March 5, 2005

Some of these systems do have "anti-collission" stuff in their protocols, but buildings' card-keys tend to be the simplest, cheapest cards.

I assume that MegaDefenseCorpSecretLabs Inc. uses the spiffier challenge-response public-key two-factor cards, but then maybe they don't.

I carry two proximity cards in my wallet. One of them is readable but only from one side of the wallet, unless I take out the other card. The other one is only readable if I take it out of my wallet (but it had a shorter range to begin with).
posted by hattifattener at 4:15 PM on March 5, 2005

(i was thinking of the very simple chips described in the article - also, they'd have to be on the same frequency, i guess (and several frequencies were mentioned))
posted by andrew cooke at 5:21 PM on March 5, 2005