With these kind of systems (like a parking meter) you could add a 2-3 second del... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		joshvm on July 22, 2017 \| parent \| context \| favorite \| on: Zigfrid – A Passive RFID Fuzzer With these kind of systems (like a parking meter) you could add a 2-3 second delay between each attempt. Most people wouldn't notice the slowdown, but it would make brute forcing so slow that it would be useless in the field. This also works for things like logins on websites where the time taken to authenticate can be a second or two without annoying the user (vs loading a page which should be instant). There is absolutely no reason why anything RFID controlled, like a door mechanism, should allow key entries at full speed (3k keys/sec someone posted).

ynezz on July 22, 2017 [–]

It's usually easier and faster to get the sniff of the communication between MCU and the reader(UART,I2C,SPI,USB) in some cases you've to dump MCU's flash or EEPROM to get an idea about the keying scheme used in particular product range.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact