Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2016-08-09 17:19:25

Boscloner
Contributor
Registered: 2016-08-09
Posts: 1

Hello!

Hey everyone!

I saw some talk on this forum about the Boscloner: All-in-one RFID cloning device and wanted to make myself available to answer any questions about it. The project has been in the works for just about a 1 1/2 years, and has officially been launched at DEFCON 24 during the demo labs presentation. The Boscloner is a mix between the Bishop Fox Tastic RFID Thief, and of course, the Proxmark.

As a penetration tester, I perform many physical assessments where cloning an RFID badge (typically HID) is necessary. I've successfully executed assessments using both the Proxmark (hard as heck with the limited read range) and the Tastic. The Tastic worked very well at capturing badges, but did not provide me with notification of a successful badge capture. The only way to determine if a badge had been captured was to find a private area, grab the SD card from the inside of the Tastic, pop that into a computer, take the badge signature, paste it into the Proxmark terminal, copy it, confirm it, package everything back up, and take that badge and try it on a doorway. The Boscloner aims to streamline that whole process for penetration testers. On engagements with the Boscloner, I have gone from having no building access to having the security guard's all-access badge and walking into a restricted area in under 15 seconds.

As you see, I am not making any money off of the Boscloner. It's open source, and all the research prior to the Boscloner was open source and free also. I am only providing the information necessary to build your own if one desires. I wanted to expand on the awesome RFID related research that others have done, while creating a new launching platform for other to build upon what the Boscloner accomplishes.

If you have any questions, please let me know. Thanks everyone!

Offline

#2 2016-08-09 18:39:13

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Hello!

Welcome to the forums!

Offline

#3 2016-08-09 18:40:47

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Hello!

And there is another thread talking about your project if you haven't found it already.

Offline

#4 2016-08-10 03:00:00

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: Hello!

Hi Boscloner,
Allow me to express my humble opinion.
You state "As you see, I am not making any money off of the Boscloner. It's open source, and all the research prior to the Boscloner was open source and free also."

I have no problem with someone enthusiastic, energic, problem-solving, coming on the Proxmark forum and proposal new way, new idea, new programming skill, new coding optimize technique to improve the solving of already known RFID solutions in a leaner, faster, eleganter, more efficient way. I would applause such a person. If the person also sincere and modest I would say that sector is lucky to earn a great researcher\a competent student.

But I think the way you have chosen to do it, has cause contradiction in itself,
You may have a great idea, you do turn the lame proxmark and primitive Bishop project in very fast, very lean, very clean, very shiny bosproduct so you think you have the right to tell the world from the  DEFCON podium about a great bosproduct, that is the first wrong. As a penetration tester you would deeply know that.   

You think the world earns to know your idea, earns the right to see your product demos, which you would push it out as open source, you sincerely think "I am not making any money off of the Boscloner" ... all is good, but hang on, you don't see why you break your mind every day to optimize to puthing together for nothing, why should you empty your pocket to get a proxmark, a Bishop Pro static thief, to buy wire, to solder so you push the trolley out as a kickstart project I would say unbelievably brave but that could also be the second wrong taint on your white shirt

As a penetration tester you test if computer passwords are strong ? if server would do good enough job to protect datas, wifi password are strong enough? You would know team, researcher spending years, sleepless night to give us all the tools in open source. I like to make a comparision, for some reason you are bored to see those reseachers are such lame ducks, so sad they did the coding crunching PW in parallel programing technique, harness GPU power on slow running IBM, on primitive windows OP, cheap linux machine they don't even bother to look up the latest laptop model in Sear, in Dixon, So one day you came a long with FPGA rack, 16 GPUs, lated CPU fgeneration or even you got the latest generation of MAC processor, you then taken the code off those lame backwards primitive suckers, why not all are open source they said, and beat the big drum " Hey people Look at me, with my XYZ machine I can break in the pentagon data base tomorrow, I will messed up the federal reserve bank security in 30 min, This (mine) machine will help you empty the account of your enemy whoever you hate". What that has got to do with boscloner, I think you can work out yourself very well

I think with the three wrongs you unknowingly naively cause very bad light shining on the PM3 people or Bishops team year long quiety slow developing effort. There are so many unsolved issues in RFID, but unfortunately you haven't set your talent onto them, with the step to DEFCON, your own call on kickstart you haven't helped us much more too ... You set your eyes on EM, HID and prouldly declare "On engagements with the Boscloner, I have gone from having no building access to having the security guard's all-access badge and walking into a restricted area in under 15 seconds" you said you are not making any money of the boscloner, are you really sincere to yourself? Dont you think you tainted the reputation of Young Jules, Rule, Westhue, and many more people good names?

Now you are here and you are upset about some people remarks, you are here to answer what ever they want to ask you. It is very easy to make mistake, it is harder to learn from mistake, to be sincer to one's soul, to one's conscience. The great man in the world is not the person who triumphed "Look, isn't my atom bompb great, so powerful killing the most in the 5 miles radius instantly...", or the researcher who admitted. "I am sorry I invented I worked on atom energy, I regretted I could not influenced the development differently, I could not stop them killing humanity."

Offline

#5 2016-08-10 09:19:17

Jason
Contributor
Registered: 2016-07-21
Posts: 55

Re: Hello!

I do agree with you @ntk. I just like to add my comment to "this" with a link to Iceman's thread about this "thing": http://www.proxmark.org/forum/viewtopic.php?id=3423, where a added my 50 cents.

Offline

Board footer

Powered by FluxBB