Sniffing and cloning contactless cards: a simple buy on kickstarter

February 18, 2016 // By Julien Happich
Having secured more than six times its initial €22,222 goal and still counting with over a week to go on Kickstarter, the ChameleonMini from German startup Kasper & Oswald GmbH should stir up the debate about poor smartcard implementations.

The open source project launched by co-founders Timo Kasper and David Oswald (note that the company's logo reads like chaos) promises a freely programmable, standalone tool for NFC security analysis. The smartcard-sized device can emulate and clone contactless cards, read RFID tags and sniff transiting data.

That's all what you need to assess the security aspects of your RFID and NFC equipment or to perform functional tests. But the ChameleonMini Rev.G (which integrates a PCB antenna and can operate as a basic active 13.56MHz RFID reader) also makes an attractive proposition to many would be fraudsters willing to perpetrate different attack scenarios, such as replay or relay attacks, state restoration attacks, or simply to sniff NFC communication and clone other cards.

The platform can create perfect clones of various existing commercial smartcards, including cryptographic functions and the Unique Identifier (UID). The small board can emulate various ISO 14443, NFC, and ISO 15693 cards, as well as other types of RFID transponders operating at 13.56MHz, including NXP Mifare Classic, Plus, Ultralight, Ultralight C, ntag, ICODE, DESfire / DESfire EV1, TI Tag-it, HID iCLASS, LEGIC Prime and Advant, Infineon my-d, and many other tags. New firmware can be uploaded via a USB bootloader and a human-readable command set allows to configure the card's behaviour and update the settings and content of up to eight internally stored, virtualized contactless cards.