An analysis of the HID® Indala and Seos™ protocols
Date
2021
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Tartu Ülikool
Abstract
This thesis aims to give a more detailed and comprehensive overview of the two most used
door access control technologies in the University of Tartu buildings: Indala and Seos™, than
what is currently publicly available.
The wireless communication protocols, memory layout, and how they hold up to common
RFID card vulnerabilities were studied to analyse these technologies. Additionally, a Java
card applet was developed to assist further research into Seos™ and other high-frequency
cards.
The research identified that both technologies use very different methods for card
authentication, have contrasting memory layouts and operate on two distinct frequencies. One
significant finding was that Indala cards are susceptible to cloning and replay attacks.
Additionally, it was found that the average Levenshtein distance of the 13 Indala 224-bit
UIDs collected for research was 12 nibbles.
Another important finding was that the RNG used in a Seos™ card might be weak. In an
experiment comparing a large number of UIDs generated both by using the card and the
Python Numpy library, the Seos™ dataset exhibited a statistically unlikely amount of UID
collisions.
Description
Keywords
RFID, access card, Indala, Seos, HID, Proxmark, Java card, smart card, RNG