Security researcher [Fran Brown] sent us this tip about his Tastic RFID Thief, which can stealthily snag the information off an RFID card at long range. If you’ve worked with passive RFID before, you know that most readers only work within inches of the card. In [Fran’s] DEFCON talk this summer he calls it the “ass-grabbing method” of trying to get a hidden antenna close enough to a target’s wallet.
His solution takes an off-the-shelf high-powered reader, (such as the HID MaxiProx 5375), and makes it amazingly portable by embedding 12 AA batteries and a custom PCB using an Arduino Nano to interpret the reader’s output. When the reader sees a nearby card, the information is parsed through the Nano and the data is both sent to an LCD screen and stored to a .txt file on a removable microSD card for later retrieval.
There are two short videos after the break: a demonstration of the Tastic RFID Thief and a quick look at its guts. If you’re considering reproducing this tool and you’re picking your jaw off the floor over the price of the reader, you can always try building your own…
Continue reading “RFID Reader Snoops Cards from 3 Feet Away”
[Jeri, Rick and the Technical Illusions crew] have taken the castAR to Kickstarter. We’ve covered castAR a couple of times in the past, but the Kickstarter includes a few new features just ripe for the hacking. First, castAR is no longer confined to a retro-reflective surface. In fact, it’s no longer confined to augmented reality. An optional clip on adapter converts castAR into a “free” augmented reality or a full virtual reality system.
[Jeri] has also posted a video on her YouTube channel detailing the entire saga of castAR’s development (embedded after the jump). The video has a real “heart to heart” feel to it, and is definitely worth watching. The story starts with the early days (and late nights) [Rick] and [Jeri] spent at Valve. She goes through the split with Valve and how the two set up a lab in [Rick’s] living room. [Jeri] also outlines some of the technical aspects of the system. She explains how the optics have been reduced from several pounds of projectors to the mere ounces we see today.
Another surprise addition is the lower level tier rewards of the campaign. The castAR tracking system is offered. The campaign page says the tracking system can be mounted to anything from robots to other VR headsets. The possibilities for hacking are almost endless. We’re curious about setting up our own swarm of quadcopters similar to the UPENN Grasp Lab. The RFID tracking grid is also offered as a separate option. In the gaming system this will be used for tracking tabletop game pieces. Based upon the Kickstarter page, it sounds as if the grid will not only use RFID, but a camera based tracking system. We’re definitely curious what possibilities this will hold.
As of this writing, the castAR Kickstarter campaign is already well past the halfway mark on its way to a $400,000 USD goal.
Continue reading “CastAR Goes Live on Kickstarter”
We don’t know how [Kristoffer Marshall] found himself with free time at work, but he used it to beef up his computer security. Above is the finished project. There is literally nothing to see here. He’s rigged up a hidden RFID reader which locks and unlocks his workstation.
The security of the system depends on xscreensaver, which has a password protected lock feature already built into it. When the tag is removed from the reader’s field it fires up the screensaver using a Perl script.
But waking up from the screensaver is a bit more tricky. The package doesn’t allow you to wake it from the command line — most likely for security. He found the xdotool to be of great use here. It is a command line tool which simulates keyboard and mouse entry. His script detects when the xscreensaver password prompt is on the screen and uses the xdotool to fill in [Kristoffer’s] password. Since the script knows what has focus it won’t give away your password by accident.
See the complete setup in the clip after the break.
Continue reading “Hidden RFID reader locks workstation unless keys are present”
For the last few years, [Lt_Lemming] was the president of Brisbane’s hackerspace. Until several months ago, access to the local was done using 125KHz RFID tags and an Arduino board with a prototyping shield. As the hackerspace gained members and moved to bigger facilities, [Lt_Lemming] decided to build himself a more compact and advanced platform.
His Simple NetworkAble RFID Controller (SNARC) is a platform which can be connected to an Ethernet network and different RFID readers in order to implement smart access control functionalities. Through hole components were selected so even solder apprentices may assemble it. The PCB was designed using Fritzing, and development can even be done inside the Arduino IDE as ISP and serial headers are available on the board. Finally, an N-channel mosfet controls the door locking mechanism.
The project is open hardware and software, and all the sources can be downloaded from [Lt_Lemming]’s github repo.
After [yohanes] picked up a toy at a yard sale – a Leap Frog Letter Factory Phonics – he thought he could do better. The toy originally asked a child to find a letter, and after digging one of 26 plastic characters out of a plastic tub and placing them on the Letter Factory’s sensor, would play a short musical ditty. [yohanes]’ version does the same, but because he made it himself it is infinitely more expandable.
The letters for [yohanes]’ version are RFID tagged. This, combined with a cheap RFID module and a bluetooth module means a Raspberry Pi can read RFID cards from across the room. From there, it’s a simple matter of writing up some Python to ask his toddler for a letter, reading the bits coming from a bluetooth, and keeping score.
The build isn’t over by a long shot. [yohanes] still needs to make his build multilingual by adding Indonesian and Thai. There’s also a possibility of adding a spelling game to make it more interesting.
[Will] has been hard at work on a replacement system for his Hackerspace’s RFID door lock. The original is now several years old and he’s decided to upgrade to a much more powerful processor, adding some bells and whistles along the way.
The control box seen above is the exterior component of the system. It’s a telephone service box like you’d find on the back of most houses in the US. They had a few of these lying around and they are a perfect choice because… well… they’re meant to be locking enclosures that brave the elements. [Will] made the jump from an Arduino which has run the locks for the last three years to a Raspberry Pi board. This gives him a lot of extra power to work with and he took advantage of that by adding a vehicle backup LCD screen for visual feedback. You can see it giving the ‘Access Granted’ message he used during testing but the demo video after the break shows that they plan to do some image scripting to display a head shot of the RFID tag owner whenever a tag is read.
There are several other features included as well. The system Tweets whenever a tag is read, helping the members keep tabs on who is hanging out at the space right now. It also patches into a sliding door which one of the members automated using a garage door opener motor.
Continue reading “Hackerspace security system brings RFID, video feedback, and automatic doors”
[Fabien] ran across a very, very inexpensive RFID reader on Deal Extreme a while ago and with money to burn, added it to his cart. When the USB RFID reader arrived, he noticed something fairly odd about it (French, Traduction). The RFID reader presented itself to his computer as a USB HID device that spit out characters into a text editor whenever an RFID card was waved above the coil. The only problem was these characters weren’t the hex values recorded on the RFID card. So what’s going on here?
As it turns out (Anglais), this random piece of Chinese electronica sends 10 bytes of data to the computer, just like this well-documented RFID reader. Apparently, both these RFID readers take the hex value of an RFID card, convert those bytes to base 10, and pass each digit through a lookup table. Exactly why it does this is anyone’s guess, but since [Fabien] figured out how it worked, he could also figure out how to reverse the process.
Unfortunately, the RFID reader in question is currently out of stock at Deal Extreme. Seeing as how most of the electronics available there are remarkably similar and differ only in the name printed on the enclosure, though, we wouldn’t be surprised if a nearly identical RFID reader was available elsewhere.