Building my own Tastic RFID Thief, Part 1

Building my own Tastic RFID Thief, Part 1

RFID-TagIn 2013 I watched the original Defcon presentation where they presented the RFID thief. Bishop Fox designed a tool for pen-testing and to demonstrate a weakness in the ID card system. This long-range RFID reader is able to collect and store card information that could be written to a new card at a later time or used in a replay attack.

Bishop Fox’s goal:

Our goal is to make it easy for security professionals to re-create this tool so that they can perform RFID physical penetration tests and better demonstrate the risks posed by these technologies to their management.  The hope is that they can get up and running quickly, even if they don’t have an RFID or electrical engineering background.

At the time I thought it was such a cool device and wanted to build one but it was rather expensive. Recently while searching through my bookmarks–which is a nearly impossible task–I found the device again and decided to make it. Although I do not have a particular use for the device I thought it would be a good learning experience and a chance to start learning the Arduino. I want to point out that I do not have any electrical engineering experience but have a lot of soldering experience. With the information provided on their website Bishop Fox has definitely been able to accomplish their goal and the device was really easy for me to make.

Shubham Shah also released a great article going over how he built his Tastic RFID Thief. Found here: https://shubh.am/guide-to-building-the-tastic-rfid-thief/

I do not feel like it is necessary to rewrite all of the great work that these people have already been done but I will talk about the things that I have done differently.

Ordering the parts

I followed the original parts list here and ordered most of it. I didn’t order the same toggle switch, thumbscrew (linked one was expensive), display stand, or the screw terminals. I found my Arduino Nano on Digi-Key because Amazon was more expensive and had reviews stating it was a counterfeit. While I was at it I also ordered my capacitor. Part #: P5182-ND

At first I attempted to order a PCB from http://www.4pcb.com/ as Shubham Shah suggested but I found their process to be quite difficult. I do not know much about Gerber files and they were asking questions that were difficult to answer. After spending sometime on it and getting an expensive quote from 4pcb I found OSH Park.

OSH Park is a community printed circuit board ordering site. This basically means you submit your files and they bundle it with other submissions to reduce the cost of small batches. The process was as easy as adding the Gerber files to a zip and uploading them. The total cost–shipped–was $28.05 to get three printed circuit boards. Later that day I was alerted my project was assigned to a panel and shortly after that it was sent to fab.

Program the Arduino

Uploading the code was the next process I did after getting my Digi-Key order. There is already a ton of information online for programming the Arduino. It is important to note that Arduino refers to a program as a sketch and this is separate from the Boot loader.

Resources
  • Arduino Software
  • Tastic RFID source code
  • SDFat Library – Extract the SdFat folder and place it in the libraries folder. You many have to relaunch the IDE but you will see it under ‘Sketch -> Import Library… -> Contributed’ if it was installed properly.

Finally open the sketch, select your board and COM port under tools, then upload it to the Arduino.

Breadboarding it!

While waiting for my PCB order I decided it would be a good idea to lay it out on a Breadboard. A breadboard is a way to make circuits quickly without soldering. They are not designed to be a long term solution but to reduce the time and cost of prototyping. The original diagram provided by Bishop Fox shows the breadboard design.

I watched a quick video that explained how the pins are connected inside a breadboard. Then started laying out the components and making connections. This picture is missing the MicroSD card and the resisters.

IMG_20151122_100202459

After the rest of my orders came in I wrapped up the breadboard and was able to test! It was a success!

IMG_20151123_171723194

Note: Bishop Fox said it had to be a 2GB MicroSD card to support FAT instead of FAT32 but I was able to format a 4GB card as “FAT” on linux and it works great.

While I’m waiting for my PCB this project is going to sit on my desk for a bit. If you have any questions be sure to let me know! I *will* post a follow up article showing the final product.

 

8 thoughts on “Building my own Tastic RFID Thief, Part 1

  1. Hey Joe, good work. I just built one for myself, the sdfat library used with the tastic sketch works fine with fat32. I’m actually using a 64GB microsd with a 32GB partition. Just keep your partition under 32 gigs and you should be fine.

    Best,
    Joseph

    1. Thank you for the comments! I ran into a strange issue once I placed everything onto a real PCB but I am working on getting that resolved.

  2. Блин немогу найти печатную плату в обоих сайтах что вы указали…. может поможите как то скинете мне готовую сылку что бы купить?????

    1. I feel like I had trouble with newer versions of the Arduino IDE. It might be worth trying an older release of the IDE – maybe 1.6.5 since that was release in 2015 before I was working on this.

Leave a Reply

Your email address will not be published. Required fields are marked *