2026-06-20 –, Grand Salon Opera Language: English
When reverse engineering the proprietary DUOX PLUS intercom system dubbed the ‘most secure in world’ by Fermax, previously Kirils & friends focused on its digital 2-wire signalling and employed such tools like oscilloscopes, logic analyzers and breadboards.
While these attacks are important as they shine light on the internal workings on the system, their application in the field is limited as one would need to acquire access to the 2-wire bus, which is only possible from the inside of the building.
Then we noticed something that was right in front of our eyes - access control panels! These things are out there just on the perimeter! And, when installed on multi-tenant buildings, they have RFID reader modules installed. Fermax offers modules doing EM4100, MIFARE Classic, and MIFARE Desfire.
In this talk we give an overview of previous research and expand on it by exploring the possibilities of entering the perimeter by attacking the RFID dimension of these systems, and exploring card cloning, implanting, and cryptographic attacks together with Iceman.
Attendees will gain insight into decoding and interacting with closed digital protocols, exposing vulnerabilities in real-world access control systems. They also get practically applying RFID attacks to real world systems in use right now.
Kirils Solovjovs is Latvia's leading white-hat hacker and IT policy activist. He began programming at age 7, and by grade 9 was already writing machine code directly in a hex editor during lunch breaks. Renowned for uncovering and responsibly disclosing critical vulnerabilities in national and international systems, he is an expert in network flow analysis, reverse engineering, and social engineering. A lifelong command-line enthusiast, he uses bash daily for hacking, automation, and large-scale data processing.
He is the author of the jailbreak tool for MikroTik RouterOS and played a pivotal role in developing e-Saeima, the world's first fully remote legislative system used by the Latvian Parliament. Today, Kirils serves as lead researcher at Possible Security.
Christian Herrmann, better known in the hacker community as “Iceman”, is a co-founder of AuroraSec and RRG, and has helped develop many of today’s most widely used RFID research tools, including the Proxmark3 RDV4 and the Chameleon Mini.
He is a well-known RFID hacking and Proxmark3 evangelist, serving the community as both a forum administrator and a major code contributor alongside other developers since 2013.
Christian has spoken at hacker conferences around the world, including Troopers, Black Hat Asia, DEF CON, Hardwear IO, SSTIC, NullCon, Pass-the-Salt, BSides Tallinn, BlackAlps, TenguCon, Balccon, TumpiCon, WHY and SaintCon.
He also runs a YouTube channel where he shares his knowledge of RFID hacking with the public.
With over 15 years of experience in bespoke software development, Christian specializes in .NET platforms and is a Certified MCPD Enterprise Architect.
He possesses near-unmatched expertise in the Proxmark3 architecture and various RFID technologies, and has served as an instructor for Red Team Alliance (RTA), including training sessions at Black Hat.