Tastic RFID Thief: Silent, But Deadly

by Francis Brown, on Sep 24, 2014 10:59:37 AM

You’re a professional. You’re equipped with the latest in elite, customized RFID hacking tools. So, it's high time you put a silencer on your Tastic RFID Thief – the weaponized, long-range badge reader. We’ll show you how to avoid the embarrassingly loud beep when turning on your RFID badge stealer during your next physical penetration test. Because after all, silence is golden.

Silencer for Your Weaponized RFID Reader

So, you’ve built yourself a customized Tastic RFID Thief. Nice work. Fortunately, all the hard work is now done. It’s time for the finishing touches.

 

Tastic RFID Thief from Bishop Fox Tastic RFID Thief from Bishop Fox

 

The Tastic RFID Thief is a long-range RFID reader that can steal the proximity badge information from an unsuspecting employee as they physically walk near this concealed device. Specifically, it is targeting 125KHz, low frequency RFID badge systems used for physical security, such as those used in HID Prox and Indala Prox products.  It can even be used to weaponize a high frequency (13.56MHz) RFID reader, such as the iClass R90 Long Range reader.

There are 2 ways we can silence the HID MaxiProx 5375 commercial badge reader that we used to create the Tastic RFID Thief.

Method 1 – Mostly Silent – Flipping the Beeper’s DIP Switch

The first method involves simply flipping a single DIP switch, which will render the device silent, except for when it is first turned on. All subsequent badge reads that normally would have caused a loud BEEP, are now silent.

 

Tastic RFID Thief - Location of DIP Switches Tastic RFID Thief - Location of DIP Switches

 

You can find the DIP switch by removing the cover of the Tastic RFID Thief and looking toward the top-right corner. To make the reader mostly silent, flip the SW1-4 switch to the down position.

 

DIP switch SW1-4 – Flip to down position for silent DIP switch SW1-4 – Flip to down position for silent

 

 

DIP switch SW1-4 – Close Up Photo DIP switch SW1-4 – Close Up Photo

 

With this method, you can turn on your Tastic RFID thief in the parking lot (getting the single loud beep out of the way,) and then enter your target facility.

Method 2 – Deadly Silent – Removing the Beeper by Desoldering

If you are a true professional, you’ll want your RFID hacking equipment completely silent. Fortunately, this is pretty easy to achieve. The actual beeper is a small, circular piece in the top-right corner (to the right of the DIP switches).

 

Tastic RFID Thief - Location of small, circular physical beeper Tastic RFID Thief - Location of small, circular physical beeper

 

By temporarily removing the screw indicated in the image above, you can gently pull the green circuit board out just enough to get behind it and desolder the 2 small solder points holding the beeper onto the device. Alternatively, you can just take a pair of pliers to the small circular beeper and break it off of the board – which isn’t as elegant, but will also work just fine.

 

Beeper Removed to Make Completely Silent
Beeper Removed to Make Completely Silent

In Conclusion

With a couple minor tweaks, you can make your Tastic RFID Thief completely silent. Finally, you’ll have the definitive long-range, silent RFID hacking tool for your physical pentest arsenal.

Topics:Category - TechnicalTopic - Penetration TestingCategory - Research & Tools

Subscribe by Email

Comments