Researchers at Ruhr University of Bochum in Germany recently debuted the Chameleon Mini, a versatile contactless smart card emulator. As HackADay’s Adam Fabio notes, contactless smart cards are RFID style devices that also contain a smart card style memory. These cards are often used for payment, replacing mag strip style credit cards.
According to the researchers, Chameleon was designed as a programmable platform to assess security risks in RFID environments, as the device can be used in various attack scenarios.
“The Chameleon is set up to emulate any number of cards using the common 13.56MHz frequency band,” HackADay’s Fabio explained. “Adding a new card is as simple as loading up a new CODEC and application to the firmware. Currently Chameleon can emulate MIFARE cards using the ISO14443A.”
The open source Chameleon – powered by Atmel’s versatile ATxmega192A3 mcirocontroller (MCU) – was built for around $25. As Fabio points out, the 192 is a perfect fit for the Chameleon, because it is equipped with hardware accelerators for both DES and AES-128.
Additional key project specs include:
- Hardware support for ASK modulation (both 10% and 100%) to cover almost any card standard available.
- Hardware support for ASK and BPSK load modulation using a subcarrier.
- Modular firmware structure faclitates easy expandability of other cards and standards.
- Support for quick and reliable firmware update via Atmel DFU boot loader (programming hardware is required only once).
- Can be controlled using a fully documented AT-like command set via CDC using theLUFA USB stack.
- 1MByte of card memory allows for multiple card emulations to reside on the device simultaneously.
- Settings can be switched even without a USB connection, simply by pressing a button.
- Card contents can be easily uploaded and downloaded by means of the command line and X-MODEM. This allows the Chameleon to be interfaced with standard terminal software as well as user written scripts and applications.
Interested in learning more about the Atmel-powered Chameleon? You can check out the project’s official page here.