Chameleon Mini: A freely programmable, standalone tool for NFC security analysis: emulate & clone contactless cards, read RFID tags and sniff RF data.
-
https://www.kickstarter.com/projects/1980078555/chameleonmini-a-versatile-nfc-card-emulator-and-mo -- This looks like a good project and it should be well documented, delivered and fully hackable!
The TLDR; here from the NFC Ring perspective is the NFC Ring has "physical" security IE it's more difficult to clone because the person trying to access it will lack physical access due to the private information being "away" from the reader.
The chameleon project goes further into security by doing full RF replication (replay) and also I imagine will provide some libraries for brute forcing of Desfire etc. keys.
Ultimately you need a Crypto enabled IC w/ RNG such as SLE77 or SP5 to provide "true" challenge response security. The disadvantage of such ICs is their operating range due to increased power requirements.
So it's a trade off. Operating Range Vs Security. The current NFC Rings 2013 and 2016 provide two different operating ranges and different security models.
Moving forward we will be moving security and crypto onto the IC but to do that we have to ensure the operating range ensures the ring is still usable for the majority of our target use cases (access control, contact sharing, payments) without any other compromises.
You can see our roadmap for more info http://nfcring.com/roadmap
-
Just imagine for a moment that you made a fake contactless reader case with one of these in it, that fit over a normal contactless reader.
Fun times..
