Hidden RFID reader locks workstation unless keys are present

We don’t know how [Kristoffer Marshall] found himself with free time at work, but he used it to beef up his computer security. Above is the finished project. There is literally nothing to see here. He’s rigged up a hidden RFID reader which locks and unlocks his workstation.

The security of the system depends on xscreensaver, which has a password protected lock feature already built into it. When the tag is removed from the reader’s field it fires up the screensaver using a Perl script.

But waking up from the screensaver is a bit more tricky. The package doesn’t allow you to wake it from the command line — most likely for security. He found the xdotool to be of great use here. It is a command line tool which simulates keyboard and mouse entry. His script detects when the xscreensaver password prompt is on the screen and uses the xdotool to fill in [Kristoffer’s] password. Since the script knows what has focus it won’t give away your password by accident.

See the complete setup in the clip after the break.

Continue reading “Hidden RFID reader locks workstation unless keys are present”

Building an ethernet connected RFID reader

For the last few years, [Lt_Lemming] was the president of Brisbane’s hackerspace. Until several months ago, access to the local was done using 125KHz RFID tags and an Arduino board with a prototyping shield. As the hackerspace gained members and moved to bigger facilities, [Lt_Lemming] decided to build himself a more compact and advanced platform.

His Simple NetworkAble RFID Controller (SNARC) is a platform which can be connected to an Ethernet network and different RFID readers in order to implement smart access control functionalities. Through hole components were selected so even solder apprentices may assemble it. The PCB was designed using Fritzing, and development can even be done inside the Arduino IDE as ISP and serial headers are available on the board. Finally, an N-channel mosfet controls the door locking mechanism.

The project is open hardware and software, and all the sources can be downloaded from [Lt_Lemming]’s github repo.

Learning letters, particularly R, F, I, & D

8993376562_55ff3846b3

After [yohanes] picked up a toy at a yard sale – a Leap Frog Letter Factory Phonics – he thought he could do better. The toy originally asked a child to find a letter, and after digging one of 26 plastic characters out of a plastic tub and placing them on the Letter Factory’s sensor, would play a short musical ditty. [yohanes]’ version does the same, but because he made it himself it is infinitely more expandable.

The letters for [yohanes]’ version are RFID tagged. This, combined with a cheap RFID module and a bluetooth module means a Raspberry Pi can read RFID cards from across the room. From there, it’s a simple matter of writing up some Python to ask his toddler for a letter, reading the bits coming from a bluetooth, and keeping score.

The build isn’t over by a long shot. [yohanes] still needs to make his build multilingual by adding Indonesian and Thai. There’s also a possibility of adding a spelling game to make it more interesting.

Hackerspace security system brings RFID, video feedback, and automatic doors

rfid-hackerspace-door-lock

[Will] has been hard at work on a replacement system for his Hackerspace’s RFID door lock. The original is now several years old and he’s decided to upgrade to a much more powerful processor, adding some bells and whistles along the way.

The control box seen above is the exterior component of the system. It’s a telephone service box like you’d find on the back of most houses in the US. They had a few of these lying around and they are a perfect choice because… well… they’re meant to be locking enclosures that brave the elements. [Will] made the jump from an Arduino which has run the locks for the last three years to a Raspberry Pi board. This gives him a lot of extra power to work with and he took advantage of that by adding a vehicle backup LCD screen for visual feedback. You can see it giving the ‘Access Granted’ message he used during testing but the demo video after the break shows that they plan to do some image scripting to display a head shot of the RFID tag owner whenever a tag is read.

There are several other features included as well. The system Tweets whenever a tag is read, helping the members keep tabs on who is hanging out at the space right now. It also patches into a sliding door which one of the members automated using a garage door opener motor.

Continue reading “Hackerspace security system brings RFID, video feedback, and automatic doors”

Turning an $8 RFID reader into something useful

[Fabien] ran across a very, very inexpensive RFID reader on Deal Extreme a while ago and with money to burn, added it to his cart. When the USB RFID reader arrived, he noticed something fairly odd about it (French, Traduction). The RFID reader presented itself to his computer as a USB HID device that spit out characters into a text editor whenever an RFID card was waved above the coil. The only problem was these characters weren’t the hex values recorded on the RFID card. So what’s going on here?

As it turns out (Anglais), this random piece of Chinese electronica sends 10 bytes of data to the computer, just like this well-documented RFID reader. Apparently, both these RFID readers take the hex value of an RFID card, convert those bytes to base 10, and pass each digit through a lookup table. Exactly why it does this is anyone’s guess, but since [Fabien] figured out how it worked, he could also figure out how to reverse the process.

Unfortunately, the RFID reader in question is currently out of stock at Deal Extreme. Seeing as how most of the electronics available there are remarkably similar and differ only in the name printed on the enclosure, though, we wouldn’t be surprised if a nearly identical RFID reader was available elsewhere.

Cracking a SAM7XC cryptographic coprocessor

attacking-RFID-crypto-coprocessor

[Adam Laurie] spent time tearing into the security of the SAM7XC chip produced by Atmel. Even if he hadn’t found some glaring security holes just reading about his methodology is worth it.

The chip is used in a secure RFID system. The chip is added to the mix to do the heavy lifting required when using encryption. [Adam] grabbed a couple of open source libraries to put it to the test. The firmware is locked down pretty tight, but his explorations into the content of the RAM yield a treasure trove of bits. After investigating the sample code for the chip he’s shocked to learn that it uses RAM to store the keys at one point. The rest of his journey has him dumping the data and sifting through it until he gets to the “Master Diversification Key”. That’s the big daddy which will let him decrypt any of the tags used.

He reported his findings to Atmel in September of 2011. Their response is that they have no way of protecting RAM from exploit. [Adam] asserts that the problem is that the sample software wasn’t designed with the vulnerability of RAM in mind. The keys should never be stored there specifically because it is vulnerable to being dumped from a running system.

An attempt to replace multiple RFID cards with a single hacked-together tag

rfid-multipass

It’s kind of a convoluted title, but [Hudson’s] attempt to replace multiple HID Prox cards with one AVR chip didn’t fully pan out. The project started when he wanted to reduce the number of RFID access cards he carries for work down to just one. The cards use the HID Proximity protocol which is just a bit different from the protocols used in most of the hobby RFID projects we see. He ended up taking an AVR assembly file that worked with a different protocol and edited it for his needs.

The device above is the complete replacement tag [Hudson] used. It’s just an AVR ATtiny85 and a coil made of enameled wire. The coil pics up current from the card reader’s magnetic field, and powers the chip through the leakage on the input pins (we’ve seen this trick a few times before). The idea he had was to store multiple codes on the device and send them all in a row. He was able to get the tag to work for just one code, but the particulars of the HID Prox reader make it difficult if not impossible to send multiple codes. The card must send the same code twice in a row, then be removed from the magnetic field before the reader will poll for another combination.