Internship : Offensive RFID/NFC open-source tools development

Quarkslab is a French infosecurity company. Our expertise lies in combining offensive and defensive security to help organizations adopt a new security posture: forcing attackers, not defenders, to constantly adapt.

Through our consulting services and software solutions, we provide tailored solutions to organizations, assisting them in protecting their assets, sensitive datas, and users against increasingly sophisticated attacks.

We develop two commercial software products: QFlow, for protection against threats and malware, and QShield, for the protection of applications, keys, and data.

We consider internships as opportunities to spot profiles that match how we work. They are intended to guide students to enter the professional world as potential future colleagues if they feel like it. We love interns because they bring fresh air to the company and because we see them grow, not only during the internship but also after, when they are hired and can get to work on so many other topics. There are two goals in every internship we offer:

1. Exploring a topic we don't necessarily know very well, hence training the new expert on the topic;

2. Hiring you after the internship to keep and share your new expertise with colleagues.

Training and growing people in the security industry is part of the company's DNA. That is why we provide in-depth blogposts, tools, trainings, weekly internal conferences (called Fridaycon, guess when they are), we teach in universities and schools, write articles in tech magazines and send our less experienced hires to a 6-month intensive training program (BADGE-RE or BADGE-SO). Sharing is caring, but sharing is also learning. We provide the environment for that the rest relies on you.

For more than 15 years, the Proxmark3 has been the unbeatable Swiss army knife of 125 kHz and 13.56 MHz RFID hacking. Over these years, its software has accumulated a considerable amount of R&D and offensive features. But by today standards, its hardware (AT91SAM and xc2s30 FPGA) is aging and quite limited. A new open-source device based on a nRF52840, the Chameleon Ultra, has a great potential to cover the 125 kHz and the ISO14443A spectrums in a modern, fast-paced environment.

The goals of this internship are to develop a number of offensive features needed to be able to use the Chameleon Ultra as an effective Red Team tool. This involves getting intimately familiar both with the nRF firmware written in C and with the Python client.

This is your chance to experience the satisfaction of developing open-source tools beneficial for the entire infosec community, in close proximity with skilled colleagues having contributed to both projects since years, but also with external contributors.

What you will do

• Get familiar with various NFC/RFID security analysis techniques;

• Improve and add offensive functionalities in the firmware and in the client.

Required Skills

• Proficient in C and Python3;

• Preferably knowledgeable with embedded devices specificities;

• Capable of collaborating with other open-source contributors;

• Good communication skills;

• Prior interest/knowledge into RFID/NFC is highly recommended.

How to apply :

• A resume;

• A cover letter: avoid the generic letter saying that you are so motivated and that we are so interesting. We welcome a more personal letter which explains why the topic is of particular interest to you, why you, and why us;

• Your proposed solution to the assignment attached to the offer you are interested in;

• Your preference between pain au chocolat or chocolatine.

Disclaimer : Any application that does not contain an assignment will be rejected.

Assignment

Write a Python script to decode as much as you can the RFID analog trace recorded in https://github.com/RfidResearchGroup/proxmark3/tree/master/traces/lf_sniff_blue_cloner_em4100.pm3 , created by sniffing a "blue cloner" when it is writing an EM4100 ID on a T5577 tag and a EM4305 tag. You can use existing DSP/SDR libraries if it makes sense, but avoid huge frameworks. The expected modulations are the ones used to write to T5577 and EM4305 tags and their response, read the datasheets!

You will find further information on our blog : https://blog.quarkslab.com/internship-offers-for-the-2023-2024-season.html#rfid