Intro

This is a second post relating relay attacks. Initially, I wrote a small introduction to “local” relay against NFC Payments using the RFIDIot library. In this post, we will use the same initial idea to make a relay, but we will implement LoRa technology.

LoRa is a cheap SDR technology to transmit small data in a long distance. If you want to learn more about this technology, you can visit Adafruit site or Sabas’s.

Hardware

To implement a relay attack in distance, a malicious user needs two devices which have to be connected by wire or wirelessly. This type of projects could be expensive depending on which kind of hardware the attacker wants to implement. For our study case, I will use a cheap version of Heltec board and a PN532 board:

heltec-lora-pn532

This Heltec version supports WiFi, Bluetooth and SDR(LoRa) in the same device; adding that has a special OLED to program special messages. This version of PN532 could be use with different configurations: UART, SPI…

Software

To establish a communication with the LoRa boards, we can use the Heltec library. Because I will send and receive packets continuously, the multiple communication code seems adequate. For the reading and emulation part, I used the Adafruit library. I had to add some functions to support emulation(thinking to commit the changes in the future).

PoC

In this PoC, I transmitted NFC data between the two LoRas in approximately 50 meters:

This proof of concept could be improve to have a better reception with low-cost technology. In the next post, I will write about how to use Raspberry Pis and CC1101 to make a different relay with different technology.