Didier Stevens

Monday 23 February 2009

Shellcode On a MIFARE RFID Tag

Filed under: RFID,smart card — Didier Stevens @ 21:29

This posts kicks-off a series of posts on smart cards and RFID tags.

First a little bit of fun. I’ve written a Python program to read and write 1K MIFARE RFID tags with my ACR122 contactless reader/writer.


I store shellcode on an MIFARE tag (MIFAREACR122.py write shellcode.bin); and then I read it from the tag and execute it (MIFAREACR122.py shellcode).


Of course, this is just a little trick, it’s not a vulnerability. Just find it funny to store shellcode on a RFID tag.

Monday 2 February 2009

CommNet at TechEd Barcedlona 2008

Filed under: Hacking — Didier Stevens @ 12:05

It was surprising to see the CommNet desktops at our disposal at TechEd Barcelona 2008. This time, you were not required anymore to perform a Windows logon to the machine with your attendee account. A generic, limited user account was already logged-on. Every attendee had to use this account.

This is a bad idea. Even a limited user account can be compromised with spyware, as I’ve shown with my Basic Process Manipulation Tool Kit.

cmd.exe was disabled, but this policy is still easy to bypass:


Blog at WordPress.com.