Testing an RFID blocking wallet.
A couple of years back, when we thought that the covid pandemic might actually be over someday I did some research on RFID blocking fabric to see if it was actually worth anything. Somewhat surprisingly, I discovered that it does actually do what it says it does, within certain parameters (if you don't use something right it won't work; who knew?)
Late last year two noteworthy things happened: First, I finally got my hands on a Flipper Zero after waiting many months for it to arrive (no thanks to US Customs seizing the shipment for unspecified reasons) and spent some quality time playing with it. Second, Hasufin asked me if I'd put another RFID blocking product to the test. His partner, hearing about my talking about the Flipper Zero expressed concern because her debit card and ID have RFID chips in them, and devices like the Flipper Zero are capable of cloning them, among other nifty features. Hasufin had in mind an RFID blocking wallet to mitigate this risk but wasn't sure if it would actually work for that purpose.
One drop shipment later, said wallet was on my doorstep and ready to bring into the lab. The wallet in question was a passport wallet manufactured by Travelon (affiliate link) and features a zipper that closes fairly tightly around three out of four sides, can hold at least one passport, and can also hold a couple of average sized cards.
As before I decided to organize my tests around a series of questions:
Can RFID or NFC chips be read through it...
- when it's zipped closed?
- when it's just folded shut?
- when it's laying open?
Once that was figured out, it was off to my drawers of toys and junk to see what I had laying around. Among my collection of appropriated hotel key cards (I use them as bookmarks as well as for testing things) I found a couple of RFID cards as well as a handful of NFC enabled cards. I also have a couple of Keysy rewritable RFID key fobs (affiliate link) that can be read by pretty much anything but only written to by a Keysy branded device, and a couple of NTAG203 RFID/NFC tags and stickers from Adafruit laying around.
Things to read aside, I then had to lay out devices to try to read them. The obvious one my phone, which is NFC enabled (by way of NFC Tools and NFC Tag Cloner). I also gave my Keysy (affiliate link) a try (it wasn't a good tool for this purpose so I can't really recommend it for experimentation and research), an ACR122U USB reader/writer, and the Flipper Zero of course. Later I ran all the tests again with a Proxmark v3.0, which is pretty much the gold standard for messing around with RFID and NFC devices when used with the Proxmark3 software.
Then it comes down to procedure. How to do what, and in what order. This is where my penchant for putting sticky notes on every relatively solid surface comes into play because there were multiple variables at work. The wallet was going to be in one of three states: Unzipped and open, unzipped but folded closed, and zipped and folded closed. Each test gizmo would be tried in each of three states (with the usual "try reading it in the palm of my hand" as a control to make sure it actually works). Directionality when trying to read a chip can be a factor so I also tried reading everything in two orientations, horizontal and vertical. Just to be safe I also moved each reader over the entire surface of the wallet in each orientation, because some RFID and NFC readers (like cellphones) don't actually say where their read/write antenna is and it wouldn't make any sense to not use the reading bit itself when testing.
I'm not actually sure that I can meaningfully describe what I used the sticky notes for. Suffice it to say that if you play a rousing game of solitaire you're not that far off.
That said, I don't want to draw this out any more than I have to because, to put it simply, no test gizmo could be successfully (and this is the key) read by any reader when the wallet was open, closed, or closed and zipped. There was one anomaly, which was that one of the tags (a T5577) did not consistently register when in the wallet, but when it did respond my readers incorrectly identified it as an HID Indala Proximity FlexCard. So, regardless of the reader or state of the wallet, just enough signal leaked through to tickle the chip and get it to emit garbage. No other test gizmos responded in this way.
What does all this mean? It means that the wallet did what it was supposed to do: Prevent a close-range wireless device inside of it from communicating with a device when you don't want it to. I still don't know what was up with the T5577 borking out some garbage when nothing else did but it was just that: Garbage. Not usable data. So I think I have to say that it's a good one. I give it a thumbs-up.