Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
project project walrus walrus

Project Project Walrus Walrus Make the most of your card cloning - PowerPoint PPT Presentation

Apr 25, 2023 •227 likes •673 views

Project Project Walrus Walrus Make the most of your card cloning devices Make the most of your card cloning devices Whois Team Walrus Daniel Underhay Matthew Daley @dunderhay bugfuzz.com Security Consultant at Aura Information Security

  1. Project Project Walrus Walrus Make the most of your card cloning devices Make the most of your card cloning devices

  2. Whois Team Walrus Daniel Underhay Matthew Daley @dunderhay bugfuzz.com Security Consultant at Aura Information Security Senior Security Consultant at Aura Information Security

  3. Backstory – More Red Teaming J • Phishing and social engineering attacks targeted at staff • Bypassing lock and access control systems • Attempts to physically access the premises • Attempts to remove sensitive data • Assessment and attempted infiltration of any internet-connected services or devices • And more...

  4. Access Control Systems • Restrict entrance to a property, building or room to authorized persons • Electronic locks • Card or biometric access readers and software • Some of these cards are easily cloned

  5. Where Do We Find These • Building entrance • Elevators • Office doors • Areas that require additional privilege: q Server rooms q Secure rooms

  6. Card Cloning Devices

  7. Proxmark3 • Created by Jonathan Westhues • Industry standard card cloning device • Low Frequency: 125kHz and 134kHz (HID Prox II, HITAG, and EM4100) • High Frequency: 13.56Mhz (Mifare Classic/Ultralight, and iClass)

  8. Chameleon Mini • Created by Kasper & Oswald • Portable tool for ISO14443/ISO15693/NFC security analysis • Emulate and clone contactless cards • High Frequency: 13.56Mhz (Mifare Classic 1K/4K 4B/7B/Ultralight)

  9. Tastic RFID Thief • HID Maxiprox 5375 • Long range RFID card reader • Modified by Bishop Fox • Low Frequency: 125kHz (HID Prox II) • Range ~ 0.5 meters

  10. Difficulties with Card Cloning • No common tool that controls all the devices • No common database to store cloned cards • Cloning cards surreptitiously can be tricky • Existing standalone mode on Proxmark3 is sketchy (no feedback) • Devices are often not very ‘user friendly’

  11. An Idea

  12. PoC || GTFO

  13. Wireframing

  14. Introducing Walrus • Walrus provides a common interface for your card cloning devices • Cards are stored in a common wallet instead of in separate databases • Reliable card cloning during red team engagements using your Android phone instead of your laptop – much less suspicious • No need to use your device’s limited physical interface or a cumbersome command prompt – use a simple, quick GUI instead • Easy to use, rated for users aged years 3+ on Play Store

  15. Cloning Cards with Walrus - Proxmark3

  16. Walrus - Proxmark3

  17. Walrus - Proxmark3

  18. Walrus - Proxmark3

  19. Walrus - Proxmark3

  20. Walrus - Proxmark3

  21. Walrus - Proxmark3

  22. Walrus - Proxmark3

  23. Walrus - Proxmark3

  24. Walrus - Proxmark3

  25. Walrus - Chameleon Mini

  26. Walrus Bulk Read Mode (Walrus- Driving)

  27. How Many Devices Can It Take?

  28. How Many Devices Can It Take?!

  29. Tastic RFID Thief to Walrus? ?

  30. Tastic RFID Thief + Bluetooth + HC-06

  31. Tastic RFID Thief BLE Edition

  32. Disclaimer • Bad actors ahead • Only clone cards if you have been given permission to do so • UI is out of date and has been upgraded

  33. Video of lumpy

  34. Help us Test! Open alpha release on Play Store now! Search for “ Walrus cloning ” or visit https://play.google.com/store/apps/details?id =com.bugfuzz.android.projectwalrus

  35. Future Plans • Modify the Bishop Fox Tastic RFID Thief PCB • Add features: q Brute force emulation mode q Sharing cards between Android devices q Gamification? • Add support for additional devices: q Generic Wiegand support via Team Walrus Arduino software q Magspoof q BLEKey q ESP-RFID-Tool q More?

  36. Tastic RFID Thief PCB

  37. PCB Modification

  38. Gamification (Maybe) • Wie-Gotta Catch ‘em All • Not a public database

  39. MagSpoof v2 • Created by Samy Kamkar • Commercialized by Rysc Corp • Emulate magnetic stripe or credit card data

  40. BLEKey • Created by Mark Baseggio and Eric Evenchick • A Bluetooth Low Energy (BLE) enabled tap for the Wiegand devices • Installed in a reader to passively sniff Wiegand data • Data can be offloaded to a phone via Bluetooth • Inject card data • Cheap • Emulate cards on that reader

  41. ESP-RFID-Tool • Created by Corey Harding • A Wi-Fi enabled tap for the Wiegand devices • Installed in a reader to passively sniff Wiegand data • Data can be offloaded to a phone via Wi-Fi AP • Inject push-to-exit signal • Cheap HTTPS://GITHUB.COM/RFIDTOOL/ESP-RFID-TOOL HTTPS://BLOG.APRBROTHER.COM/PRODUCT/ESP-RFID-TOOL

  42. Thank you! Getting Started: http://project-walrus.io Open alpha release on Play Store now: https://play.google.com/store/apps/details?id= com.bugfuzz.android.projectwalrus Open source (GPLv3). Code is on Github: https://github.com/megabug/Walrus

Recommend

Sasha McFarland Lisanne Aerts Sheyna Wisdom The Chukchi Sea ~56% is shallower than 50 m

Sasha McFarland Lisanne Aerts Sheyna Wisdom The Chukchi Sea ~56% is shallower than 50 m

Sasha McFarland Lisanne Aerts Sheyna Wisdom The Chukchi Sea ~56% is shallower than 50 m Covered by sea ice >8 months of the year, with partial coverage through the summer Pacific Walrus in the Chukchi Sea Pagophilic

834 views • 29 slides
Run your Research On the Effectiveness of Lightweight Mechanization C Klein, J Clements, C

Run your Research On the Effectiveness of Lightweight Mechanization C Klein, J Clements, C

Run your Research On the Effectiveness of Lightweight Mechanization C Klein, J Clements, C Dimoulas, C Eastlund, M Felleisen, M Flatt, J A McCarthy, J Rafkind, S Tobin-Hochstadt, R B Findler 1 The Koala, the Orangutan, and the Walrus ftp>

800 views • 50 slides
Akie Project Akie Project Akie Project Akie Project & & Kechika Regional Project

Akie Project Akie Project Akie Project Akie Project & & Kechika Regional Project

Akie Project Akie Project Akie Project Akie Project & & Kechika Regional Project Kechika Regional Project Kechika Regional Project Kechika Regional Project February 2020 February 2020 February 2020 February 2020 1 Legal

458 views • 33 slides
Kartepe Project Location Kartepe Project Features Kartepe Project Flat Detail

Kartepe Project Location Kartepe Project Features Kartepe Project Flat Detail

KARTEPE PROJECT Kartepe Project Advantages Kartepe Project Location Kartepe Project Features Kartepe Project Flat Detail Kartepe Project Technical Details Kartepe Project Advantages Kartepe Project Advantages Kartepe Project

301 views • 28 slides
evaluations An unsuccessful project? An unsuccessful project? An unsuccessful project? A

evaluations An unsuccessful project? An unsuccessful project? An unsuccessful project? A

Effective post project evaluations An unsuccessful project? An unsuccessful project? An unsuccessful project? A successful project? Agenda for today Who are LCMB? The context for post project evaluation The project lifecycle Post project

483 views • 32 slides
PROJECT CONCEPT 2 Project Introduction 13 Mar 2017 Project Location and Access 4 Project

PROJECT CONCEPT 2 Project Introduction 13 Mar 2017 Project Location and Access 4 Project

PROJECT CONCEPT 2 Project Introduction 13 Mar 2017 Project Location and Access 4 Project Location Site plan Modern Theme and Architecture PROJECT CONCEPT 7 Perspectives Perspectives Perspectives PROJECT CONCEPT 10 Perspectives

326 views • 29 slides
February 2012 DAWEI Sea Port Project DAWEI PROJECT DAWEI AND THE REGION PROJECT LOCATION

February 2012 DAWEI Sea Port Project DAWEI PROJECT DAWEI AND THE REGION PROJECT LOCATION

February 2012 DAWEI Sea Port Project DAWEI PROJECT DAWEI AND THE REGION PROJECT LOCATION Kunming India Middle East / Europe Dawei Africa Asia Regional Hub DAWEI Sea Port Project DAWEI PROJECT DAWEI PROJECT OVERVIEW PROJECT OVERVIEW AND

412 views • 40 slides
Project Planning and Project Management Week 2: Project Life Cycles Kay Dudman 1 Last week

Project Planning and Project Management Week 2: Project Life Cycles Kay Dudman 1 Last week

Project Planning and Project Management Week 2: Project Life Cycles Kay Dudman 1 Last week Definitions What is a project? What is project management? Project manager: roles and responsibilities Project management activities

587 views • 22 slides
PROJECTS Team work Scientist/researcher Programmer/coder (Matlab, C,..)

PROJECTS Team work Scientist/researcher Programmer/coder (Matlab, C,..)

PROJECTS Team work Scientist/researcher Programmer/coder (Matlab, C,..) Documenter/publicist (web page) Manager PROJECT 1. : PROJECT 2. : PROJECT 3. : PROJECT 3. PROJECT 3. PROJECT 3. PROJECT 3. PROJECT 4. : PROJECT 4.

737 views • 27 slides
III. Project Specific Matters Project Area, Methodologies, Water Use Statistics Water

III. Project Specific Matters Project Area, Methodologies, Water Use Statistics Water

III. Project Specific Matters Project Area, Methodologies, Water Use Statistics Water User Participation Project Information Project Team STRATEGIC MANAGEMENT OPERATIONAL MANAGEMENT Project Area Location Project Area Project

541 views • 37 slides
Project Roundtable Project Roundtable What Keeps Project Managers What Keeps Project

Project Roundtable Project Roundtable What Keeps Project Managers What Keeps Project

Project Roundtable Project Roundtable What Keeps Project Managers What Keeps Project Managers Awake at Night? Awake at Night? Presented by: Presented by: Graduate Students, Graduate Students, CMIS 540 CMIS 540 Project

69 views • 6 slides
National Hydrology Project National Hydrology Project National Hydrology Project National

National Hydrology Project National Hydrology Project National Hydrology Project National

National Hydrology Project National Hydrology Project National Hydrology Project National Hydrology Project BY D. S. CHASKAR DIRECTOR, NWA NATIONAL HYDROLOGY PROJECT NATIONAL HYDROLOGY PROJECT HP HP-I (1995 I (1995-2003) 2003) HP-II

672 views • 24 slides
Project X and TeamCenter Chuck Grimm 30 July 2013 Project X and TeamCenter Project X and

Project X and TeamCenter Chuck Grimm 30 July 2013 Project X and TeamCenter Project X and

Project X and TeamCenter Chuck Grimm 30 July 2013 Project X and TeamCenter Project X and TeamCenter Project X and TeamCenter Project X and TeamCenter Project X and TeamCenter https://fermi.service-now.com/fsc/

527 views • 10 slides
BPR4GDPR Project Presentation Project ID Project acronym: BPR4GDPR Project title:

BPR4GDPR Project Presentation Project ID Project acronym: BPR4GDPR Project title:

BPR4GDPR Project Presentation Project ID Project acronym: BPR4GDPR Project title: Business Process Re-engineering and functional toolkit for GDPR compliance Contract number: 787149 Funded under the H2020 call DS-08-2017

423 views • 22 slides
Presentation Agenda Project History/Background Project Overview Current Project Status

Presentation Agenda Project History/Background Project Overview Current Project Status

Presentation Agenda Project History/Background Project Overview Current Project Status Project Opportunities 1 1 Pre-Solicitation Conference June 2018 www.newnicebridge.com 2 Welcome and Introductions Project Team MDTA

777 views • 38 slides
PROJECT CONCEPT 1 Serena 24 Aug 2016 Master plan view PROJECT CONCEPT 3 Project Location and

PROJECT CONCEPT 1 Serena 24 Aug 2016 Master plan view PROJECT CONCEPT 3 Project Location and

PROJECT CONCEPT 1 Serena 24 Aug 2016 Master plan view PROJECT CONCEPT 3 Project Location and Access Arabian Ranches Serena Arabian Ranches 2 AlWaha Layan Mudon 4 Project Master Plan 5 Type A 3 Bedroom + Maid Semi Detached PROJECT

571 views • 20 slides
Do Code Clones Matter? Software Engineering Seminar Spring Semester 2010 Dan Tecu Paper

Do Code Clones Matter? Software Engineering Seminar Spring Semester 2010 Dan Tecu Paper

Do Code Clones Matter? Software Engineering Seminar Spring Semester 2010 Dan Tecu Paper presented today: Do Code Clones Matter? Juergens, E.; Deissenboeck, F.; Hummel, B.; Wagner, S. ICSE'09, May 16-24, 2009, Vancouver, Canada 09 th of March

632 views • 24 slides
Clone Objectives Describe how to make a copy of a reference type ICloneable interface

Clone Objectives Describe how to make a copy of a reference type ICloneable interface

Clone Objectives Describe how to make a copy of a reference type ICloneable interface Clone method Object.MemberwiseClone method Discuss special cases string field reference field inheritance 2 Motivation:

643 views • 24 slides
Pseudorandom States, No-Cloning Pseudorandom States, No-Cloning Theorems and Quantum Money

Pseudorandom States, No-Cloning Pseudorandom States, No-Cloning Theorems and Quantum Money

Pseudorandom States, No-Cloning Pseudorandom States, No-Cloning Theorems and Quantum Money Theorems and Quantum Money Zhengfeng Ji (UTS:QSI) QCrypt 2018, Shanghai 1 . 1 A Joint Work With A Joint Work With Yi-Kai Liu Fang Song (NIST and

262 views • 24 slides
Lecture 26 Empirical Studies of Clone Evolution Clone Genealogies EE 382V Spring 2009 Software

Lecture 26 Empirical Studies of Clone Evolution Clone Genealogies EE 382V Spring 2009 Software

Lecture 26 Empirical Studies of Clone Evolution Clone Genealogies EE 382V Spring 2009 Software Evolution - Instructor Miryung Kim Todays Agenda (1) Class Presentation Meiru Che Amal Banerjee Course Evaluation I

533 views • 26 slides
Sub-clones: Considering the Part Rather than the Whole Robert Tairas Department of Computer and

Sub-clones: Considering the Part Rather than the Whole Robert Tairas Department of Computer and

Sub-clones: Considering the Part Rather than the Whole Robert Tairas Department of Computer and Information Sciences University of Alabama at Birmingham Jeff Gray Department of Computer Science University of Alabama This research is

492 views • 18 slides
Automatic Mining of Functionally Equivalent Code Fragments via Random Testing Lingxiao Jiang and

Automatic Mining of Functionally Equivalent Code Fragments via Random Testing Lingxiao Jiang and

Automatic Mining of Functionally Equivalent Code Fragments via Random Testing Lingxiao Jiang and Zhendong Su Introduction Functional Clones EqMiner w/ Evaluation Conclusion Cloning in Software Development How New Software Product

503 views • 38 slides
Java Language Constructs II Department of Computer Science University of Maryland, College Park

Java Language Constructs II Department of Computer Science University of Maryland, College Park

CMSC 132: Object-Oriented Programming II Java Language Constructs II Department of Computer Science University of Maryland, College Park Announcements Regarding TA Room Usage No food or drinks are allowed in the TA room. Please do

590 views • 12 slides
Time Protection: The Missing OS Abstraction Qian Ge, Yuval Yarom, Tom Chothia, Gernot Heiser

Time Protection: The Missing OS Abstraction Qian Ge, Yuval Yarom, Tom Chothia, Gernot Heiser

Time Protection: The Missing OS Abstraction Qian Ge, Yuval Yarom, Tom Chothia, Gernot Heiser qian.ge@data61.csiro.au www.data61.csiro.au Top secret Time Protection: The Missing OS Abstraction qian.ge@data61.csiro.au 2 Enforcing time

1.08k views • 40 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.