Ever wanted to feel like one of those movie hackers from the late 90s? Yes, your basement’s full of overclocked Linux rigs and you’ve made sure all your terminal windows are set to green text on a black background, but that’s not always enough. What you need is an RFID tag that unlocks your PC when you touch the reader with your RFID card. Only then may you resume blasting away at your many keyboards in your valiant attempts to hack the mainframe.
[Luke] brings us this build, having wanted an easier way to log in quickly without foregoing basic security. Seeing as an RC522 RFID reader was already on hand, this became the basis for the project. The reader is laced up with a Sparkfun Pro Micro Arduino clone, with both devices serendipitously running on 3.3V, obviating the need for any level shifters. Code is simple, based on the existing Arduino RC522 library. Upon a successful scan of the correct tag, the Arduino acts as a HID keyboard and types the user’s password into the computer along with a carriage return, unlocking the machine. Simple!
Overall, it’s a tidy build that achieves what [Luke] set out to do. It’s something that could be readily replicated with a handful of parts and a day’s work. If you’re interested in the underlying specifics, we’ve discussed turning Arduinos into USB keyboards before.
Meh, security by obscurity. Anyone can buttgrab and copy his card. no need to even pickpocket.
Maybe in this implementation, but challenge-response RFID tags are also available and should be significantly more difficult to copy.
My company already uses RFID badges. I’d like to set something like this up to unlock my workstation when I enter my cubicle, and lock it when I leave.
You need a specific body odor detector to do that.
For two years I’ve been doing just that at work but with an NFC implant in my hand.
Scan, send ctrl+alt+delete, send password. If scanned again send win+L for locking. It works so great that sometime I approach my hand under the screen only to realize that I’m not on my work computer and don’t have the reader lol.
It’s just anoying to reflash the arduino every 45days on mandatory password change.
Got a link to yours? Sounds very similar to mine, although I’ve incorporated incorporated a reader that’s designed for implants – designed by HackaDay’s own [Mathieu Stephan]. It also has a serial port for updating the password in flash. (I have considered storing the password on the implant instead.)
https://0xfred.wordpress.com/2016/03/04/nfc-login-2-1/
Before anyone jumps on the obvious – it is a device of convenience rather than security. Anything that adds another way to login in can only make things less secure.
I don’t have any link, but I can give you specs :
The implant is the xNT from dangerousthings, an arduino Leonardo (for the HID compatibility, I think some arduino have it and other don’t), and an NFC shield from adafruit .
I did not know there was readers designed for implants ! The one from adafruit can read my implant from ~2cm so that’s enough for me tho.
The code is nothing special, but I ought to add some form of security because one of my colleague is dead set on deceypting my password stored on the arduino lol.
Hey [Coumbaya], instead of storing your password on the arduino, why not make a key that has to combine with your RFID card details to create the correct password? That way, they’d have to get both the RFID details AND the key from the arduino to decode your password ;)
Damn you really went all out on yours ! Custom PCB ! Congrats and well done !
Could an NFC device could also be used for automatic lock/unlock?
Do the company mandated login dance, whatever that happens to be. Then while logged in, it would automatically lock when you move, say, five or six feet from your desk and automatically unlock when you return within range.
I’m not familiar with the technologies used in NFC, so I don’t know if it is passive and would need ‘pinging’, or active and could send a ‘still here ping’ every so often. In either case the interval would be fairly sensitive.
Every heard of blueproximity? Does exactly what you described, but with Bluetooth instead of NFC ;)
Yea, too bad my Pebble is paired to my phone and not my computer.
Every heard of blueproximity?
No, I haven’t. Shocking as it may seem, I’m not a smartphone person. I’ve even been caught using a pencil and paper on occasion. I can’t begin to tell you the fuss that caused :)
>Do the company mandated login dance
Drink verification can.
Nice project, but it should be altered so that the tag contains the password, because that remains in your possession. Otherwise it’s trivial for someone with physical access ( i.e. a colleague ) to extract your password from the device ( and it says so on the blogpage, only PoC ). Security would improve a little if the arduino was mounted inside the ( locked! ) computer case.
Or event better (at least that’s what I think): use your tag as the key to decrypt your password stored on your Arduino. That way you don’t store it anywhere in plain text.
Ooh – that is interesting. A bit more security without too much additional complexity.
Or some way to encrypt the datastream between the leopard (autocorrect xkcd 1031) and your computer so leopard sniffers won’t get at your oh-so-secret documents about security and encryption. (Some kind of ethernet over usb with ssh to encrypt it and screen!)
That was going to be my question.
The build I’ve seen of this has the password in plain text in the arduino.
I just don’t know enough about RFID to know if you can have a unique ID to decrypt the password.
I have been doing similar with a Digispark using it as a USB keyboard for my kids to keep some control over minecraft and games time, instaead of going to the computer I give them the ‘key’ to unlock their machine, they return it to me and play. I had wanted to do RFID or other login/logout where they cant hack the logout by pulling the dongle but that pretty much leads to serial and writing some sort of daemon to watch for /dev/ttyUSB0 disappearing or for the USB KB to disappear and send logout or screen lock commands. Part of the difficulty was never getting the Digispark HID keyboard to send modifier keys like ctrl, alt, and another key concurrently.
Something that might work here is an internal USB port. I’ve seen a few usb expansion cards that have an internal USB, never thought of it as useful, but this might work in your case!
Card. I have one of those NFC dongles that fits on the key-chain.
This is not RFID, this is NFC.
– RFID uses radio frequency (an actual radio wave);
– NFC stands for Near-Field, which is mostly magnetic induction – like a crude air-core transformer.
Actual RFID could be really cool, you wouldn’t have to take the card out of your pocket.
I would except that my name isn’t Woof Banana Glockenspiel Woof-Woof, and so I’m not worthy of the 1337 title or permitted to hack RIFD.
Bluetooth to phone to unlock works well. I configured my work box to auto log into windows whenever i place my phone on my desk. It would log out when the phone was picked up. It had it’s issues but overall worked as expected without too many log offs.