Date : 03 juin 2021 à 15:00 — 30 min.
RFID tags are supposed to be robust to situations such as a quick removal from the powering field when the user swipes a tag over a reader. We'll describe the various physical effects that can happen when an EEPROM write or erase operation is interrupted, and we'll explain how to control these side effects to learn about the inner mechanisms of security features and to challenge them. We'll show how to defeat four types of security features on different tags: erasing OTP bits, recovering a locking password, unlocking a read-only UID and resetting a secure counter. We attacked them successfully thanks to the different tools we developed and we share these tools to the community to facilitate future research.