For the last few years, [Lt_Lemming] was the president of Brisbane’s hackerspace. Until several months ago, access to the local was done using 125KHz RFID tags and an Arduino board with a prototyping shield. As the hackerspace gained members and moved to bigger facilities, [Lt_Lemming] decided to build himself a more compact and advanced platform.
His Simple NetworkAble RFID Controller (SNARC) is a platform which can be connected to an Ethernet network and different RFID readers in order to implement smart access control functionalities. Through hole components were selected so even solder apprentices may assemble it. The PCB was designed using Fritzing, and development can even be done inside the Arduino IDE as ISP and serial headers are available on the board. Finally, an N-channel mosfet controls the door locking mechanism.
The project is open hardware and software, and all the sources can be downloaded from [Lt_Lemming]’s github repo.
After [yohanes] picked up a toy at a yard sale – a Leap Frog Letter Factory Phonics – he thought he could do better. The toy originally asked a child to find a letter, and after digging one of 26 plastic characters out of a plastic tub and placing them on the Letter Factory’s sensor, would play a short musical ditty. [yohanes]’ version does the same, but because he made it himself it is infinitely more expandable.
The letters for [yohanes]’ version are RFID tagged. This, combined with a cheap RFID module and a bluetooth module means a Raspberry Pi can read RFID cards from across the room. From there, it’s a simple matter of writing up some Python to ask his toddler for a letter, reading the bits coming from a bluetooth, and keeping score.
The build isn’t over by a long shot. [yohanes] still needs to make his build multilingual by adding Indonesian and Thai. There’s also a possibility of adding a spelling game to make it more interesting.
[Will] has been hard at work on a replacement system for his Hackerspace’s RFID door lock. The original is now several years old and he’s decided to upgrade to a much more powerful processor, adding some bells and whistles along the way.
The control box seen above is the exterior component of the system. It’s a telephone service box like you’d find on the back of most houses in the US. They had a few of these lying around and they are a perfect choice because… well… they’re meant to be locking enclosures that brave the elements. [Will] made the jump from an Arduino which has run the locks for the last three years to a Raspberry Pi board. This gives him a lot of extra power to work with and he took advantage of that by adding a vehicle backup LCD screen for visual feedback. You can see it giving the ‘Access Granted’ message he used during testing but the demo video after the break shows that they plan to do some image scripting to display a head shot of the RFID tag owner whenever a tag is read.
There are several other features included as well. The system Tweets whenever a tag is read, helping the members keep tabs on who is hanging out at the space right now. It also patches into a sliding door which one of the members automated using a garage door opener motor.
Continue reading “Hackerspace security system brings RFID, video feedback, and automatic doors”
[Fabien] ran across a very, very inexpensive RFID reader on Deal Extreme a while ago and with money to burn, added it to his cart. When the USB RFID reader arrived, he noticed something fairly odd about it (French, Traduction). The RFID reader presented itself to his computer as a USB HID device that spit out characters into a text editor whenever an RFID card was waved above the coil. The only problem was these characters weren’t the hex values recorded on the RFID card. So what’s going on here?
As it turns out (Anglais), this random piece of Chinese electronica sends 10 bytes of data to the computer, just like this well-documented RFID reader. Apparently, both these RFID readers take the hex value of an RFID card, convert those bytes to base 10, and pass each digit through a lookup table. Exactly why it does this is anyone’s guess, but since [Fabien] figured out how it worked, he could also figure out how to reverse the process.
Unfortunately, the RFID reader in question is currently out of stock at Deal Extreme. Seeing as how most of the electronics available there are remarkably similar and differ only in the name printed on the enclosure, though, we wouldn’t be surprised if a nearly identical RFID reader was available elsewhere.
[Adam Laurie] spent time tearing into the security of the SAM7XC chip produced by Atmel. Even if he hadn’t found some glaring security holes just reading about his methodology is worth it.
The chip is used in a secure RFID system. The chip is added to the mix to do the heavy lifting required when using encryption. [Adam] grabbed a couple of open source libraries to put it to the test. The firmware is locked down pretty tight, but his explorations into the content of the RAM yield a treasure trove of bits. After investigating the sample code for the chip he’s shocked to learn that it uses RAM to store the keys at one point. The rest of his journey has him dumping the data and sifting through it until he gets to the “Master Diversification Key”. That’s the big daddy which will let him decrypt any of the tags used.
He reported his findings to Atmel in September of 2011. Their response is that they have no way of protecting RAM from exploit. [Adam] asserts that the problem is that the sample software wasn’t designed with the vulnerability of RAM in mind. The keys should never be stored there specifically because it is vulnerable to being dumped from a running system.
It’s kind of a convoluted title, but [Hudson’s] attempt to replace multiple HID Prox cards with one AVR chip didn’t fully pan out. The project started when he wanted to reduce the number of RFID access cards he carries for work down to just one. The cards use the HID Proximity protocol which is just a bit different from the protocols used in most of the hobby RFID projects we see. He ended up taking an AVR assembly file that worked with a different protocol and edited it for his needs.
The device above is the complete replacement tag [Hudson] used. It’s just an AVR ATtiny85 and a coil made of enameled wire. The coil pics up current from the card reader’s magnetic field, and powers the chip through the leakage on the input pins (we’ve seen this trick a few times before). The idea he had was to store multiple codes on the device and send them all in a row. He was able to get the tag to work for just one code, but the particulars of the HID Prox reader make it difficult if not impossible to send multiple codes. The card must send the same code twice in a row, then be removed from the magnetic field before the reader will poll for another combination.
This RFID card has a lot of nice features. But the one that stands out the most is the ability to learn the code from anther RFID tag or card.
You can see that the board includes an etched coil to interact with an RFID reader. This is the sole source of power for the device, letting it pick up enough induced current from the reader to power the PIC 12F683 seen on the upper left of the board. The underside of the PCB hosts just three components: an LED and two switches. One of the switches puts the device in learning mode. Just hold down that button as you move the board into the magnetic field of the reader. While in learning mode a second RFID tag is held up to the reader. It will identify itself and the emulator will capture the code sent during that interaction. This is all shown of in the video after the break. We wonder how hard it would be to make a version that can store several different codes selected by holding down a different button as the emulator is held up to the reader?
If you want to build your own card reader too here’s a project that does it from scratch.
Continue reading “RFID emulator card includes a learning mode”