Until now, getting into NFC/RFID hacking required enthusiasts to buy special hardware and learn about the underlying transfer protocols. No longer! NFCProxy is a new tool (being released at DEF CON 20) that allows you to proxy RFID transactions using Android phones. NFCProxy can record and replay RFID transactions from the perspective of the tag or the PCD (proximity coupling device). NFCProxy is an open source tool/framework that can be used to analyze 13.56?MHz RFID protocols and launch replay (and potentially man in the middle) attacks. You can even use NFCProxy as a virtual wallet by storing previously scanned RFID enabled credit cards and replaying them later at a POS (point of sale) terminal. No fancy equipment needed…just two NFC capable Android phones running ICS (one with a custom rom). Owning RFID enabled credit cards just got easier!
Eddie Lee is a security researcher at Blackwing Intelligence. He specializes in application security, but is an enthusiast of all things related to security. From exploiting buffer overflows to building robots to messing with RFID, he just likes to figure out how things work (and how they break). Before Blackwing, Eddie was a member of the Security Research Group at Fortify software where he helped develop methods to detect vulnerabilities and attacks through static analysis and runtime analysis. Eddie has previously spoken at DEF CON and is a core member of Digital Revelation -- a two-time DEF CON CTF 1st place team