ChameleonMini is versatile NFC card emulator, log tool, and a RFID reader in the nearest future. The credit-card shaped ChameleonMini is a versatile tool for practical NFC and RFID security analysis, compliance and penetration tests, and various end-user applications. The freely programmable platform can create clones of various existing commercial smartcards, including cryptographic functions and the Unique Identifier (UID).
It can be employed to assess security aspects in RFID and NFC environments in different attack scenarios, such as replay or relay attacks, state restoration attacks, sniffing of NFC communication, or functional tests of RFID equipment. New firmware for the ChameleonMini can be comfortably uploaded via a USB bootloader. A convenient, human-readable command set allows to configure its behavior and update the settings and content of up to eight internally stored, virtualized contactless cards. During battery-powered stand-alone operation, the integrated buttons and LEDs enable user interaction and feedback.
The new hardware to be developed supports:
- Amplitude-Shift Keying (ASK) modulation (10% and 100%), can generate ASK or Binary Phase-Shift Keying (BPSK) load modulation with a subcarrier, and can decode the requests of an NFC reader.
The ChameleonMini hardware is capable to emulate various:
- ISO 14443,
- and ISO 15693 cards,
- as well as other types of RFID transponders operating at 13.56 MHz.
Cards that the ChameleonMini can emulate in principle include:
- NXP Mifare Classic, Plus, Ultralight, Ultralight C,
- ntag, ICODE, DESfire / DESfire EV1, TI Tag-it, HID iCLASS, LEGIC Prime and Advant, Infineon my-d, and many other NFC tags.
Note that the open-source firmware will initially only support a subset of these tags. The ChameleonMini Rev.G hardware comprises a PCB antenna, which can be driven by power transistors on the board to generate a 13.56 MHz RFID field. This will allow the Rev.G to work as a basic active RFID reader. An on-board Li-Ion battery can be recharged via USB and allows for stand-alone operation for approximately one hour.
The core of the hardware is formed by an Atmel ATXMega128A4U microcontroller. It provides RF encoding and decoding functions, the USB interface. The AES and DES hardware engines in the microcontroller enable very fast computation of these cryptographic algorithms: In our tests, the ChameleonMini performs a 3DES in CBC mode (as used in Mifare DESfire cards) three times faster than the original card (219µs vs. 690µs) and an AES-128 in “chained” CBC mode (as used in Mifare DESfire EV1 cards) five times faster than the original card (438µs vs. 2.2ms). Emulating such cryptographic cards or transponders is only possible knowing the cryptographic keys. ChameleonMini is highly suitable for educational purposes, e.g., for RFID / NFC lab courses teaching practical know-how starting from the physical layer (encoding of zeroes and ones) until to the logic layer (protocols, state machine, crypto algorithms, memory management) for both RFID readers and NFC cards.
The Kickstarter campaign is already funded, backers can get one emulator with a pledge of €49. Estimated shipping is on Aug of 2016.