Request for an external app/plug-in as the RFID and 1Wire Fuzzer but this time for NFC UID fuzzer/brute force !
Thanks.
1 Like
wasn’t it you saying flipper looks bad by promoting it’s usage in suspect ways? adding a fuzzer to the default firmware would be more than enabling and promoting crime as that’s basically the only reason you’d need the fuzzer unless you were doing a pen test audit even then readers aren’t so much addressed in this way
I’m just making this reques here because i do know that devellopers of apps/other firmware branches do read here and to have a full set of tools (now that an 1-wire and an RFID fuzzer already exist) it would be nice to have the same tool by the same authors using the same method of attack on NFC UIDs.
One can allways create a list of UIDs and try them one by one.
the only list of UIDs that work on multiple systems are buildings that have the postal service deliver to often to need a badge because they are enrolled onto the companies badge readers and so on so forth with the next. obtaining and putting use to these lists that cover all of 10km radius each would be highly illegal as you’re using stolen federal property to break into buildings.
(this of course not being the only source of lists that work on multiple sites but it’s not like there is a “default” credential entered into every system at any point it’s just a random uid from whatever card they have)
Think about other sort of devices like vending machines that use Mifare classic but only cares for UID … some tech guys “might” add stuff like FF FF FF FF / 00 00 00 00 to test the machines, etc …
Also in the majority of PT colleges they use Bank Card UIDs (EMV) to open the doors … the reader/locks only care for the UID. There are possibility that testers/IT people do enter numbers like 00 00 00 00, 00 00 00 01, etc on system for testing … and leave those there … To have an app to send those codes instead of sending them by hand (one by one) from a list of saved files it’s helpfull …
Also my problem is with the way Flipper is advertized and not with flipper itself. Flipper is a testing tool/hacker tool so makes sense to have those option.