Unlocking your Computer with a Leonardo and an NFC Shield

Manually typing your login password every time you need to login on your computer can get annoying, especially if it is long and complex. To tackle this problem [Lewis] assembled an NFC computer unlocker by using an Arduino Leonardo together with an NFC shield. As the latter doesn’t come with its headers soldered, a little bit of handy work was required.

A custom enclosure was printed in order to house the two boards together and discretely mount them under a desk for easy use. Luckily enough very few code was needed as [Lewis] used the Adafruit NFC library. The main program basically scans for nearby NFC cards, compares their (big-endianned) UIDs against a memory stored-one and enters a stored password upon match. We think it is a nice first project for the new generation of hobbyists out there. This is along the same lines as the project we saw in September.

(You’ll notice I made this post without mentioning the you-know-what project!)

21 thoughts on “Unlocking your Computer with a Leonardo and an NFC Shield

  1. I managed to do that with a simple NFC reader, a blank card, and a good old Linux. You can set PAM to accept an NFC UID as the password for su, sudo or login. It will log you automatically as long as you put the card on the reader.

  2. I’ve got a similar (but neater) project planned for when my nXT implant arrives. I was hoping to base it on a MSP430F5529 and get it small enough to embed inside a keyboard and include write only USB mass storage to change the password. Prefixing the password with Ctrl-Alt-Del would be sensible for windows use. It would make it a single operation for unlocking.

    The project that shall not be mentioned was definitely inspiration for me.

      1. I’ll definitely share once I have something worthwhile. Doing something much like this using a MSP430F5539 Launchpad and an off-the-shelf reader would be the proof of concept. Making a custom F5529 board (including a USB hub chip so it can be slipped into an existing keyboard) would be the end goal.

    1. As in this case he’s just reading the ID from an NFC tag, so I suppose this is just high frequency RFID (13.56MHz) rather than NFC.

      I’ve never really dug into the details but I always think of NFC as a standard that specifies some stuff you can do using this very short range 13.56MHz link (e.g. specify a URL to open, read/write sectors of the card, do some secure 2-way communication with your bank card, etc.)

      Happy for someone with more detailed knowledge to correct me.

    2. Moin,

      > What is the bonus of NFC over RFID?

      The most profound answer to that question, and I’m not joking, is: The acronym is shorter by one letter.

      Both are terms that are almost never used correctly, and both have, in a general sense, something to do with communicating or radioing.

      Let’s start with the older term: RFID is just “radio frequency identification”. It’s not defined beyond being a combination of these two attributes and, if you are so inclined, you could cite the “Identification Friend or Foe” systems invented for military airplanes in the 1930s as one of the earliest RFID systems. (I got that example from Dr. Melanie Rieback, who does so in all her talks.)

      In modern times, the term RFID is almost always used to imply a system consisting of few relatively complex ‘readers’ and a larger number of relatively, or very, simple ‘transponders’, with some sort of radio signal being used to indicate the identification, or at least presence (1-bit “identification”), of the latter to the former. Now, that’s still quite abstract, so let’s add further characteristics, at each step going in the direction of the systems that most people actually mean when they say RFID with no further qualification:
      + The transponder could be active (have its own power source) or passive (be energized by the reader using some physical effect), the latter is what’s on most peoples minds in the context of RFID.
      + A passive transponder can be communicated with with radio waves through radar backscatter (ultra-high frequencies, range in the hundreds of meters, very little power available to the transponder) or, again the more often referenced approach, be inductively coupled (low to high frequencies, range less than a couple meters, possibly high power available).
      + An inductively coupled transponder could operate on a non-standardized low frequency (LF, ~120-140kHz) in a proprietary system, the standard high frequency (HF, 13.56MHz) in a proprietary system, or, most uses of the term RFID, the 13.56MHz frequency using an ISO standardized protocol.
      + The 13.56MHz RFID ISO protocols are ISO 15693, vicinity coupling, defined range less than a meter, and, more often referenced in the context of “RFID”, ISO 14443, proximity coupling, defined range less than ten centimeters.

      Note that this is domain specific: Warehouse management applications often deal with ISO 15693 and even more often with Gen 2 EPC, which uses ISO 18000-6, which in turn is a passive backscatter specification in the 860-960MHz frequency range.

      In conclusion, the vast majority of uses of the term RFID in our context with no further indication actually mean ISO 14443. A smaller percentage refers to proprietary LF systems, and even less people mean ISO 15693. It’s a shaky definition process, but at least once you have determined that you are talking about ISO 14443 you’re on quite firm ground. Note that this only gets us to establish communication with a tag and transmit bytes back and forth. The actual command set implemented by the tag is a completely different horseride altogether.

      Now, on the subject of NFC, this is even less well defined, or better, depending on how you look at it. It’s a relatively new term, so there’s no firm default interpretation you could use, beside it having to do something with “near-field communication” (e.g. inductive coupling, and some sort of information transfer). There are, however, a couple of well defined things that bear the name NFC (none of which are usually exlusively intended by someone using the term):
      + NFCIP-1, also known as ISO 18092 (dual-published as ECMA-340), which is an air interface for half-duplex communication between two entities using inductive coupling on 13.56MHz, at least one of which must be actively powered
      + NFC Forum which is an industry association that publishes a set of standards, among them are:
      + NFC Data Exchange Format (NDEF) which is binary data storage and serialization format
      + NFC Record Type Definition (RTD) which is a specification format for NDEF message formats
      + A couple of RTDs that define both the message format and expected semantics of common use cases such as smart posters, business cards, etc.
      + NFC Tag Type definitions (1 through 4) that define a set of protocols for passive data storage tags and how to access NDEF messages on them

      Now comes the fun part: NFCIP-1 is, not by accident, compatible with ISO 14443 where appropriate. Full-on NFCIP-1 devices generally can implement both sides (now called Initiator and Target) of the communication, and so are compatible both with ISO 14443 readers (by emulating a tag) and ISO 14443 tags (by behaving as a reader). As an aside: Most vendors, while they’re on the 13.56MHz frequency anyway, also implement all the usual 13.56MHz RFID protocols in the things they call NFC chipsets, which is not at all helpful when trying to untangle the standards salat.

      And even better: The NFC tag types correspond to existing 13.56MHz RFID tag products, but sometimes in a generalized version. For example tag type 2 is essentially NXP Mifare Ultralight (the memory map table in the NFC tag type definition is essentially a copy of that in the Ultralight datasheet, however, you will find the words “mifare” or “ultralight” nowhere in the tag type definition document), but where Ultralight has a fixed 64 bytes of memory, the tag type 2 allows arbitrary sizes bigger than 64B. And indeed, you can now buy NFC Type 2 Tags that are not NXP Mifare Ultralight and have ~160 bytes of memory.

      So, by NFC most people mean, depending on context a tag type or message format from the NFC ecosystem, or the NFC chip in their phones, even when they are using it with any old ISO 14443 tag (the single most widespread ISO 14443 transponder type is Mifare Classic, which is not an NFC Forum tag type, but, confusingly, works with most NFC implementations in mobile phones as though it was), which, closing the loop here, is what most people mean when they are referencing RFID.

      Henryk Plötz
      Grüße aus Berlin

      1. ^^ This is why we need a karma button. That’s got to easily be the best (most informative, relevant and well written) comment that I’ve ever seen on HaD. Henryk; +1 Sir!

  3. I think that writing your password and pressing Enter is not a very good way to unlock your computer, since changing the password will require you to recompile and reflash the code. It’s possible to someone to open Notepad, put your card on the reader, and learn the password.
    Windows 7 users can use a complicated process to create a Credential Provider (http://msdn.microsoft.com/en-us/magazine/cc163489.aspx) to unlock the station without typing the password. Linux users can simply run “gnome-screensaver-command -d” to unlock the station.

    Well, Windows users will suffer a little more than Linux users.

    1. Yeah – that’s great as long as you set your password to the ID of the card. Also, it’s 125kHz RFID which is fine if that’s what you intended, but not if you want to use NFC (e.g. most NFC-enabled phones can emulate a tag).

      This device can be configured to output data read from a defined sector of the NFC card. That would seem to be a bit better – although I doubt it can do the Ctrl-Alt-Del that I’m after.
      (This is HACK-a-day though, not buy-a-product-a-day. Zero hack points if you buy one.)

  4. NFC is awesome, but to unlock a computer? Maybe. I would say for definite home use only. Obviously it would be too insecure in a work/corp zone due to social engineering, NFC skimming, etc. Like I said before though, sounds like a fun little home project.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.