RFID

2009-12-22T17:52:50Z

Pablos:

==RFID readers==
===pcscd===
Is the Linux daemon to access readers compatible with the PC/SC standard.
 To dump the readers list supported by libccid of your pcscd install:
<source lang=bash>
cat /etc/libccid_Info.plist|gawk '
/ifdVendorID/{
mode=1
}
/ifdProductID/{
mode=2
}
/ifdFriendlyName/{
mode=3
}
{
inarray=0
}
/<array>/{
i=0
}
/<array>/,/<\/array>/{
inarray=1
}
/string/&&inarray{
match($0,/<string>(.*)<\/string>/,a);
t[mode i]=a[1];
i++
}
END{
for (j=0;j<i;j++)
print t[1 j]":"t[2 j], t[3 j]
}'
</source>

===Parallax===
* http://www.makezine.com/06/theorypractice/ => See MAKE n6
* [http://www.gumbolabs.org/2009/10/17/parallax-rfid-reader-arduino/ Using it with an Arduino]

===[http://www.openpcd.org/ OpenPCD]===
===[http://www.acs.com.hk/acr122.php ACR122U]===
====Intro====
based on PN532
* [http://www.nfc-reader.com/acr122-document.php docs]
** ISO/IEC18092 (NFC) compliant
** NFC Tags Access Speed = 212 kbps
** Support FeliCa card
** Support ISO 14443 Type A & B cards
** MIFARE® cards (Classics, DESFire)
** SAM Socket (optional)

* To get the Firmware version string in command line: (actual string here is "ACR122U203" as the last 2 bytes are not SW1/SW2 but part of the string)
$ opensc-tool -s FF00480000
Sending: FF 00 48 00 00.
Received (SW1=0x30, SW2=0x33):
41 43 52 31 32 32 55 32 ACR122U2

You can also use scriptor:
$ echo ff00480000|scriptor
No reader given: using ACS ACR122U PICC Interface 00 00
Using T=1 protocol
Reading commands from STDIN
> ff 00 48 00 00
< 41 43 52 31 32 32 55 32 30 33 : Error not defined by ISO 7816

If you get the following error:
Can't allocate Chipcard::PCSC::Card object: No smartcard inserted.
that's because you've a model without SAM support. Place a tag on the reader and try again, it should work.

So that's where a lot of confusion comes into play: the two models behave very differently! See below
 Note that [http://www.libnfc.org/hardware/devices/acr122 this site] points out that it also corresponds to a difference of firmware versions

====ACR122U-SAM====
* With SAM slot
* [http://www.acs.com.hk/drivers-manual.php?driver=ACR122SAM Windows drivers & API docs]
Usage:
* When there is a SAM inserted, ATR shown is the ATR of the SAM
* When there is no SAM inserted, ATR shown is a pseudo-ATR = 3B 00
* So for PCSC there is always a "card inserted"
* APDUs are sent to SAM
* To send APDUs to a contactless card, you ''must'' wrap them into pseudo-APDUs (FF 00 00 00 ...)
* To send special APDUs to the reader (to get fw or to control LEDs), just send them

Some more infos [http://hackerati.com/post/57314994/rfid-on-the-cheap-hacking-tikitag here] about the Tikitag
 Some more [http://www.libnfc.org/hardware/pn53x-chip here]

====ACR122U PICC====
* Without SAM slot
* [http://www.acs.com.hk/drivers-manual.php?driver=ACR122 Windows drivers & API docs]
Usage:
* When there is a contactless card, ATR shown is the ATR of the card
* When there is no contactless card, no ATR
* So for PCSC there is a "card inserted" if there is a contactless card
* APDUs are sent directly to the contactless card, which makes this reader fully transparent in this mode
* To send APDUs to a contactless card, you can also wrap them into pseudo-APDUs (FF 00 00 00 ...)
* To send special APDUs to the reader (to get fw or to control LEDs)
** If there is a contactless card, just send the APDUs
** If there is no contactless card, the CCID Escape command must be used (*)

(*) Here is one small example how to use the Escape command:
<source lang=python>
#!/usr/bin/python
from smartcard.scard import *
hresult, hcontext = SCardEstablishContext( SCARD_SCOPE_USER )
hresult, hcard, dwActiveProtocol = SCardConnect(
hcontext, 'ACS ACR122U PICC Interface 00 00', SCARD_SHARE_DIRECT, SCARD_PROTOCOL_T0 )
IOCTL_SMARTCARD_VENDOR_IFD_EXCHANGE = SCARD_CTL_CODE(1)
CMD = [0xFF, 0x00, 0x48, 0x00, 0x00]
hresult, response = SCardControl( hcard, IOCTL_SMARTCARD_VENDOR_IFD_EXCHANGE, CMD )
if hresult!=SCARD_S_SUCCESS:
raise error, 'Failed to control: ' + SCardGetErrorMessage(hresult)
print ''.join([chr(i) for i in response])
</source>
This requires also to allow libccid to use the Escape command, you've to set bit 0 of ifdDriverOptions in /etc/libccid_Info.plist to 1:
<key>ifdDriverOptions</key>
<string>0x0001</string>
Possible values for ifdDriverOptions
1: DRIVER_OPTION_CCID_EXCHANGE_AUTHORIZED
the CCID Exchange command is allowed. You can use it through
SCardControl(hCard, IOCTL_SMARTCARD_VENDOR_IFD_EXCHANGE, ...)

In case libccid refuses with a
Firmware (x.xx) is bogus! Upgrade the reader firmware or get a new reader.
you can force it by setting the third bit (0x04) of ifdDriverOptions in /etc/libccid_Info.plist to 1
<key>ifdDriverOptions</key>
<string>0x0005</string>
Possible values for ifdDriverOptions
1: DRIVER_OPTION_CCID_EXCHANGE_AUTHORIZED
the CCID Exchange command is allowed. You can use it through
SCardControl(hCard, IOCTL_SMARTCARD_VENDOR_IFD_EXCHANGE, ...)
4: DRIVER_OPTION_USE_BOGUS_FIRMWARE
Some reader firmwares have bugs. By default the driver refuses
to work with such firmware versions. If your reader is rejected
because of the firmware (log message: "Firmware (x.y) is
bogus!") you can:
- activate this option but you will have problems depending on the bug

===Pegoda===
* See <nowiki>http://www.nxp.com/#/pip/pip=[pfp=41960]|pp=[t=pfp,i=41960]</nowiki>
===[http://www.nfc-global.com/nfc_global/nfc_products/adra.php Arygon ADRA]===
based on PN531

Supported Standards:
* ISO18092 ( NFC transport protocol)
* Sony FeliCa
* NXP Mifare ® family
* compliant to ISO14443A, ISO14443A – 4 (T=CL)
Communication protocol:
* ARYGON (HL - high level language), TAMA (LL - low level language)
** To send TAMA frames, send an ascii '2' as first char, e.g. to get firmware of the PN531:
0x32 0x00 0x00 0xFF 0x02 0xFE 0xD4 0x02 0x2A 0x00
=>
0x00 0x00 0xFF 0x00 0xFF 0x00 (TAMA ACK)
0x00 0x00 0xFF 0x04 0xFC 0xD5 0x03 0x02 0x02 0x24 0x00 (TAMA v=2.2)

echo 32 00 00 ff 02 fe d4 02 2a 00|xxd -p -r|socat - /dev/ttyUSB0|xxd -p
0000ff00ff000000ff04fcd50304022200

Baud rate (passive/active):
* 106 kBaud, 212 kBaud, up to 424 kBaud
* USB, seen as a serial port

===PN531===
* Official site: <nowiki>http://www.nxp.com/#/pip/pip=[pfp=53424]|pp=[t=pfp,i=53424]</nowiki>
* [http://www.google.com/search?q=pn531+transmission+module Short Form Specification, Near Field Communication PN531 µ-based Transmission module]

The PN531 is capable of speaking directly USB so there exist readers consisting simply of the PN531 wired to your Pc via USB.
 In that case, the vendorID/productID will be either 04CC:0531 or 054c:0193

Apparently the following products are like that:
* [http://www.scmmicro.com/scl3710/ SCL3710] by SCM Microsystems
* [http://www.snapper.co.nz/ Snapper], see also discussion [http://www.proxmark.org/forum/post/189/#p189 here]
===PN533===
* Official site: <nowiki>http://www.nxp.com/#/pip/pip=[pfp=53424]|pp=[t=pfp,i=53424]</nowiki>

The PN531 is capable of speaking directly USB so there exist readers consisting simply of the PN531 wired to your Pc via USB.
 vendorID/productID may vary, e.g. 04CC:2533 or for SCL3711: 04E6:5591

The following products are embodiments of a PN533:
* [http://www.scmmicro.com/en/products-services/smart-card-readers-terminals/contactless-dual-interface-readers/scl3711.html SCL3711] by SCM Microsystems

===[http://www.omnikey.com/?id=products&tx_okprod_pi1%5bproduct%5d=41 Omnikey 5321]===
* [http://www.omnikey.com/fileadmin/Documents/OK5321_Datasheet.pdf datasheet]
* ISO 14443 A/B and 15693 ( up to 848 Kbps in the fastest ISO 14443 transmission mode)
* APIs: PC/SC, Synchronous-API (on top of PC/SC), OCF (Open Card Framework) or CT-API
* contactless smartcards supported:
** HID: iCLASS®
** NXP: MIFARE®, DESFire®, SMART-MX and ICODE
** Texas Instruments: TagIT®
** ST Micro: x-ident, SR 176, SR 1X 4K
** Infineon: My-d (in secure mode UID only)
** Atmel: AT088RF020
** KSW MicroTech: KSW TempSens
** iCODE SLI, iCODE SL2 & LRI 64
** Contactless 2048 bit key generation in RSA mode (JCOP / SMART-MX)

Installing OmniKey reader under linux:

There are drivers [http://omnikey.aaitg.com/index.php?id=69 here]

But there is also a Debian package pcsc-omnikey
 Warning! Don't install it or it will remove libccid!!
 It's better to keep libccid if needed for other readers and install the missing RFID driver by hand: (here on a 64-bit platform)
aptitude download pcsc-omnikey
dpkg -x pcsc-omnikey_1%3a2-4_amd64.deb .
cp -a usr/lib/pcsc/drivers/ifdokrfid_lnx_x64-2.6.0.bundle /usr/lib/pcsc/drivers/

See [http://www.hidglobal.com/faqs.php?techCat=19 here]: you need also to recompile pcscd with libusb:
./configure --disable-libhal --enable-libusb
To do it by repackaging the Debian pcscd:
aptitude install libusb-dev
apt-get source pcscd
apt-get build-dep pcscd

<source lang=diff>
--- debian/rules 2009-01-14 13:54:42.000000000 +0100
+++ debian/rules 2009-01-14 13:46:56.000000000 +0100
@@ -38,6 +38,8 @@
dh_testdir
# we add LDFLAGS="-lpthread" for bug #253629
./configure $(confflags) \
+ --disable-libhal \
+ --enable-libusb \
--sysconfdir=/etc \
--prefix=/usr \
--enable-usbdropdir=/usr/lib/pcsc/drivers \
</source>
Then
dpkg-buildpkg -uc -us

To launch the modified pcsc in foreground, showing ADPUs and debug info: (here pcscd was installed in /usr/local/bin/pcscd-libusb)
pcscd-libusb -f -a -d

===Others===
* [http://www.netronix.pl/index_en.php Netronix]: producer of RFID readers for Unique, Mifare, Q5,Hitag, I-code transponders.
* [http://www.elektor.fr/products/kits-modules/modules-(-9x)/elektor-rfid-reader-(060132-91).91440.lynkx kit from Elektor] and a [http://81.56.186.109/ELEKTOR/RFID_EXPERIMENTAL.html user experience] (fr)
* [http://www.velleman.be/be/en/product/view/?id=379238 Proximity card reader kit] by Velleman, supporting [http://www.priority1design.com.au/em4100_protocol.html EM4100 protocol]
* [http://instruct1.cit.cornell.edu/courses/ee476/FinalProjects/s2006/cjr37/Website/index.htm 100% home-made 125kHz reader]
* [http://www.icarte.ca iCarte 110]: ''As a MFi (Made for iPod/iPhone) accessory attaching to the bottom connector of the iPhone, the iCarte™ turns the iPhone into an NFC phone as well as an RFID Reader/Writer''

==Other Hardware Tools==
===RFID killers===
* http://www.acbm.com/inedits/rfid.html (French)
* [http://globalguerrillas.typepad.com/globalguerrillas/2006/01/weapons_the_rfi.html WEAPONS: The RFID zapper]
* [https://events.ccc.de/congress/2005/static/r/f/i/RFID-Zapper(EN)_77f3.html RFID-Zapper(EN)]
* [http://www.rfidwasher.com/index.php RFIDwasher], if not hoax...
* [http://www.tagzapper.com/ TagZapper], if not hoax...

===RFID skimmers===
* [http://www.schneier.com/blog/archives/2006/06/build_your_own.html Build Your Own RFID Skimmer]
* [http://www.eng.tau.ac.il/~yash/kw-usenix06/index.html How to Build a Low-Cost, Extended-Range RFID Skimmer]
* [http://www.openpcd.org/rfiddump.0.html RFIDDump]
* [http://blog.didierstevens.com/2009/05/19/another-lowcost-rfid-detector/ Another low-cost RFID detector]: using a BasicCard
* [http://rfid.marcboon.com/ RFID sniffer], cheap hardware just to tell you if it's a 13.26MHz tag or not, can be bought [http://shop.marcboon.com/ here]

===RFID emulators===
====[http://www.openpcd.org/openpicc.0.html OpenPICC]====
* [http://wiki.openpcd.org/wiki/OpenPICC wiki]
* Flashing:
Use ARM toolchain, e.g. [http://www.mikrocontroller.net/download/arm-toolchain-linux-2.tar.bz2], add arm/bin/ to the path
svn co -r432 http://svn.openpcd.org/branches/sniffonly/openpicc/
cd openpicc
make
You may try later revision but at least r432 is compiling and working.
 If you don't get a /dev/usbTTYx to flash the beast, load the driver by hand:
modprobe -r usbserial
modprobe usbserial vendor=0x03EB product=0x6124
If ./at91flash_automatic openpicc.bin failed, edit at91flash => /dev/ttyUSB0 then
./at91flash openpicc.bin
Unplus & replug, you'll get a /dev/ttyACM0
* Using:
Whatever talking serial:
socat - /dev/ttyACM0,raw,echo=0,crnl,b115200

cu -l /dev/ttyACM0 -s 115200

screen /dev/ttyACM0 115200
h for help, f for field strength measure
 To sniff raw data, you've to convert the hexadecimal stream if you want to display it, e.g. with
(echo r;cat)|socat - /dev/ttyACM0,raw,echo=0,crnl,b115200 |xxd
Note that you can still send commands to the OpenPICC, e.g. "r" to stop sniffing, CTRL-D to quit
 To sniff and get decoded frames (from reader only, for tag you would need a OpenPCD)
svn co -r432 http://svn.openpcd.org/branches/sniffonly/host/
cd host
make
Usage:
./openpicc-sniff-14443a /dev/ttyACM0
To get just the raw stream:
./openpicc-sniff-14443a /dev/ttyACM0|cut -c 50-|sed 's/$[0-9A-F]\+$ [01]!\? */\1/g'
* Using under Windows:
Plug it, let Windows finding the new hardware -> search software? -> no -> install from specific location -> search/include/browse -> svn/branches/sniffonly/openpicc/win32driver (OpenBeaconUSB.inf) -> continue anyway
 To communicate, use whatever talking serial, e.g.
Start->Accessories->Communications->HyperTerminal -> new connection -> COM4 -> 115200/8/N/1/None -> try e.g. "h" -> File -> Save
* Debug
In case of trouble, you can get more lucky with [http://wiki.openpcd.org/wiki/Hardware#RS232_CMOS the debug cable] (115200/8/N/1 3v3)
# GND
# CTS# - shorted
# VCC - provided! not to be connected to external Vcc
# TXD
# RXD
# RTS# - shorted

====[http://www.proxmark.org/ Proxmark III]====
Originally created by J.Westhues: [http://cq.cx/proxmark3.pl here], video in action [http://www.youtube.com/watch?v=4jpRFgDPWVA here]
* [https://www.lafargue.name/proxmark3/refman.html manual], see also [http://proxmark3.com/dl/PM3-UserGuide.pdf this pdf]
* [http://www.proxmark.org/forum/index.php forum]
* [http://www.proxmark.org/files/index.php files], require login
* can read, sniff & emulate
* 13.6MHz, 125kHz and 134kHz
* [http://www.proxmark.org/files/index.php?dir=Sources%2Funix_windows%2F&download=20090306_proxmark_edo512.zip 20090306_proxmark_edo512 version] of the firmware/client is currently the latest available, running on both Windows and Linux
* Some troubles under Linux in USB2.0 mode, better to force USB1.1: Plug the proxmark in an USB 1.1 hub or unload ehci_hcd kernel module
Extracting the reader datastream (to be compared with OpenPICC results)
<pre>cat dump |grep -v TAG|cut -c 21-|sed 's/!crc.*//;s/$[0-9a-f]\+$[[:space:]]*/\1/g'|tr a-z A-Z</pre>
Getting both directions
<pre>cat dump |sed 's/: /+/;s/: TAG /-/'|cut -c 15-|sed 's/!crc.*//;s/$[0-9a-f]\+$!\?[[:space:]]*/\1/g'|tr a-z A-Z</pre>

[http://www.cq.cx/verichip.pl Demo: Cloning a Verichip]

====[http://www.iaik.tugraz.at/content/research/rfid/tag_emulators/ IAIK RFID DemoTag]====
====125kHz cloners====
* Chris Paget's cloner: [http://www.youtube.com/watch?v=fDimlEdeGjM video], [http://www.flickr.com/photos/eecue/990977879/ picture]. Raw cloner
* [http://www.rfidhackers.com/viewtopic.php?f=3&t=26 Programmable HID] ''The design is currently capable of emulating any of HID’s 26-bit, 35-bit (Corporate 1000) or 37-bit card formats.''
* [http://cq.cx/vchdiy.pl Verilog chip cloner]
* [http://pe.ece.olin.edu/projects/proxcard/prox.html AM-FSK] explained
* [http://www.cq.cx/prox.pl Flexpass PSK] explained + cloning
* [http://www.rmxtech.com/products/ RMX commercial] [http://www.rmxlabs.ru/ products]: emulators etc
* [http://www.proxpick.com/default.html ProxPick] is a highly versatile attack & defense tool for 125-134KHz RFID systems, about the size of a playing card. It is able to read, copy, and playback almost all Prox-type tags

===Misc===
* [http://en.wikipedia.org/wiki/USRP Universal Software Radio Peripheral]
* [http://www.rfidguardian.org RFID Guardian], see [http://www.rfidguardian.org/pipermail/announce/2008-July/000000.html here] what they want to come with for v4.
* [http://www.instructables.com/id/RFID_Reader_Detector_and_Tilt_Sensitive_RFID_Tag/ RFID Reader Detector and Tilt Sensitive RFID Tag]
* [http://www.raisonance.com Raisonance] products: [http://www.raisonance.com/~proxilab__smart-cards__product~product__T017:4cc863cqyaql.html ProxiLAB] ([http://www.raisonance.com/tzr/scripts/downloader2.php?filename=T020/file/73/b5/4ccaodgr44ka&mime=application/pdf&originalname=ProxiLAB_brochure.pdf pdf]), [http://www.raisonance.com/~proxispy__smart-cards__product~product__T017:4cc6848h7ij1.html ProxiSPY] ([http://www.raisonance.com/tzr/scripts/downloader2.php?filename=T020/file/3d/46/4ccap1bwb3vo&mime=application/pdf&originalname=ProxiSPY_brochure.pdf pdf]), [http://www.raisonance.com/~proxicard__smart-cards__product~product__T017:4cc87fzi8mge.html ProxiCARD] ([http://www.raisonance.com/tzr/scripts/downloader2.php?filename=T020/file/e0/3f/4ccappplhlbs&mime=application/pdf&originalname=ProxiCARD_brochure.pdf pdf])
* [http://www.cs.ru.nl/~flaviog/tools.html Ghost & RfidSpy]
* [http://blog.makezine.com/archive/2009/10/seeing_rfid_on_the_cheap.html Seeing RFID on the cheap] on Makezine and [http://www.flickr.com/photos/doegox/4029711939/ my own attempt] based on a slightly different technique
* [http://www.spirtech.com/detector_us.html Spirtech probe]
* [http://code.google.com/p/mikeycard/ mikey card]

==Software Tools==
===[http://openmrtd.org/projects/librfid/ librfid]===
librfid is a Free Software RFID library. It implements the PCD (reader) side protocol stack of ISO 14443 A, ISO 14443 B, ISO 15693, Mifare Ultralight and Mifare Classic. Support for iCODE*1 and other 13.56MHz based transponders is planned.
===[http://www.rfdump.org/ RFDump]===
RFDump is a backend GPL tool to directly interoperate with any RFID ISO-Reader to make the contents stored on RFID tags accessible.
===[http://www.rfidiot.org/ RFIDIOt]===
RFIDIOt is an open source python library for exploring RFID devices
apt-get install python-pyscard
$ ./mrpkey.py -L
PCSC devices:
No: 0 OMNIKEY CardMan 5x21 00 00
No: 1 OMNIKEY CardMan 5x21 00 01
$ ./mrpkey.py -r 1 CHECK
mrpkey v0.1n (using RFIDIOt v0.1s)
Reader: PCSC OMNIKEY CardMan 5x21 00 01
Device is a Machine Readable Document
$ ./mrpkey.py -r 1 "EXnnnnnn<cBELyymmddcSyymmddc<<<<<<<<<<<<<<cc"
To fix reader number, edit RFIDIOtconfig.py
 In MRZ passport number is coded with 9 chars. Belgian uses only 8 chars so some passport readers need a document number padded with char "<" ("EXnnnnnn<")

To use mrpkey under Windows you need:
 [http://www.python.org/download/ python], [http://sourceforge.net/projects/pyscard/ pyscard], [http://sourceforge.net/projects/pyserial/ pyserial], [http://sourceforge.net/project/showfiles.php?group_id=78018 pywin32], [http://www.voidspace.org.uk/python/modules.shtml#pycrypto pycrypto], [http://www.pythonware.com/products/pil/ python imaging library]

===[http://www.gnu.org/software/gnuradio/ GNU Radio]===
GNU Radio is a collection of software that when combined with minimal hardware, allows the construction of radios where the actual waveforms transmitted and received are defined by software. What this means is that it turns the digital modulation schemes used in today's high performance wireless devices into software problems.
===[http://www.rfidunplugged.com/pwnpass/ pwnpass]===
RFID tool by 3ric Johanson (get info from rfid on credit cards), presented at Shmoocon 2009
 See also this [http://tv.boingboing.net/2008/03/19/how-to-hack-an-rfide.html video] showing it demo'd
 See [http://www.nytimes.com/packages/pdf/business/20061023_CARD/techreport.pdf here(pdf)] a technical report of the vulnerabilities of RFID credit cards and [http://www.rfidhackers.com/viewtopic.php?f=4&t=45&start=0 here] info on PayPass 3000 reader

===[http://www.libnfc.org libnfc]===
Open source library for Near Field Communication (NFC) using readers based on PN531/PN532/PN533 chips.
The library comes with examples demonstrating read, emulation & relay attack by exploiting a "hidden" raw mode of those chips.

See also [http://code.google.com/p/nfc-tools/ nfc-tools] project

===[http://www.springcard.com SpringCard]===
Offers a SDK for their reader but somehow compatible with e.g. the Omnikey 5321, see [http://www.springcard.com/download/sdks.html here] especially the two PCSC-SDK

===[http://www.scardsoft.com/ SCard SOFT]===
A Russian software company making stuff to explore smartcards
* [http://www.scardsoft.com/main.php3?Theme=Soft_v3Server Smart Card ToolSet PRO v3.4], a shareware to explore cards based on APDUs, seems rich of features

==Specific applications==
* [[ePassport]]
** [[Belgian ePassport]]
** [[EPassport#US_Passport_Card]] (which is not an ePassport...)
* [[MOBIB]]
* Cambio
** Cambio (at least in Germany) is using [http://www.invers.com/en/products/keymanager/keymanager.html Invers COCOS-keymanager], according to this [http://carsharingus.blogspot.com/2008/12/carsharing-technology-overview.html car-sharing technology overview] and if [http://www.rfidjournal.com/article/articleview/3839/1/1/ RFIDjournal] is right, this is a passive 125 kHz Hitag RFID inlay, manufactured by NXP Semiconductors
* Mifare Classic
** crapto1
** tk-libnfc-crapto1 & mfoc, does not work against MFC emulation on e.g. JCOP or Mifare Plus

==Privacy==
* Social patterns at conferences: the good and the bad ;-)
** [http://events.ccc.de/congress/2008/Fahrplan/events/2899.en.html Mining social contacts with active RFID], presentation and application of the [http://www.sociopatterns.org/ SocioPatterns project]
** [http://www.wavetrend.net/docs/case_study-justBproductions.pdf Attendee Tracking/Networking], a commercial Big Brother application
* See [http://blog.yobi.be/category/privacy/ privacy-related news] on the blog
* Why it's important to consider privacy when designing a RFID infrastructure: acceptance!
** Huge thread [http://www.theblackvault.com/ftopic-60856-days0-orderasc-0.html starting here], see also the other pages...
** [http://www.notags.co.uk/ UK Consumers against the pervasive use of RFID in our society]
** [http://www.nocards.org/ Consumers Against Supermarket Privacy Invasion and Numbering]
** [http://www.spychips.com/ Spychips - Don't buy items that contain RFID tags]
** [http://www.cbc.ca/searchengine/blog/2009/03/podcast_24_is_up.html Podcast Interview with privacy commissioner Ann Cavoukian]
* Privacy: cultural differences
** [http://www.rtbf.be/info/societe/securite/les-japonais-veulent-pister-leurs-enfants-87768 Japaneses want to track their children (fr)]
* Recently Belgian Privacy Commission expressed its thoughts on the matter:
** See ''[http://www.privacycommission.be/fr/docs/Commission/2009/avis_27_2009.pdf Avis d'initiative relatif à la RFIDDate: 28 octobre 2009 N° : 27/2009]'' from [http://www.privacycommission.be/fr/decisions/commission/opinions/ here]

==Misc documentation==
* [http://www.rfidhackers.com/index.php Forum] setup by Chris Paget (aka foon)
* [http://www.proxmark.org/forum Proxmark forum], also with a lot of other information
* [http://en.wikipedia.org/wiki/Near_Field_Communication#Security_aspects Security aspects of NFC] on Wikipedia

* [http://www.rfidblog.org.uk/research.html Research page of Gerhard Hancke], mainly about physical RFID attacks
* [http://www.avoine.net/rfid/ RFID Security & Privacy lounge] by Professor Gildas Avoine, *the* bibliography of academic papers on those matters
* [http://ec.europa.eu/information_society/policy/rfid/index_en.htm Radio Frequency IDentification and the Internet of Things], a page of the European Commission]

* [http://sid.rstack.org/blog/index.php/321-vagues-reflexions-sur-le-warfidriving Réflexions sur le warfidriving] & experiments on skipass...
* [http://www.rfidvirus.org/ RFID virus]
* [http://www.acbm.com/inedits/pass-transports-commun-secrets.html Les secrets des Pass de transports en commun] by P. Gueulle

YobiWiki - User contributions [en]

RFID