25 thoughts on “RFID Unlock Your PC, Because You’re 1337

  1. For two years I’ve been doing just that at work but with an NFC implant in my hand.
    Scan, send ctrl+alt+delete, send password. If scanned again send win+L for locking. It works so great that sometime I approach my hand under the screen only to realize that I’m not on my work computer and don’t have the reader lol.
    It’s just anoying to reflash the arduino every 45days on mandatory password change.

    1. Got a link to yours? Sounds very similar to mine, although I’ve incorporated incorporated a reader that’s designed for implants – designed by HackaDay’s own [Mathieu Stephan]. It also has a serial port for updating the password in flash. (I have considered storing the password on the implant instead.)
      https://0xfred.wordpress.com/2016/03/04/nfc-login-2-1/

      Before anyone jumps on the obvious – it is a device of convenience rather than security. Anything that adds another way to login in can only make things less secure.

      1. I don’t have any link, but I can give you specs :
        The implant is the xNT from dangerousthings, an arduino Leonardo (for the HID compatibility, I think some arduino have it and other don’t), and an NFC shield from adafruit .
        I did not know there was readers designed for implants ! The one from adafruit can read my implant from ~2cm so that’s enough for me tho.
        The code is nothing special, but I ought to add some form of security because one of my colleague is dead set on deceypting my password stored on the arduino lol.

        1. Hey [Coumbaya], instead of storing your password on the arduino, why not make a key that has to combine with your RFID card details to create the correct password? That way, they’d have to get both the RFID details AND the key from the arduino to decode your password ;)

    2. Could an NFC device could also be used for automatic lock/unlock?

      Do the company mandated login dance, whatever that happens to be. Then while logged in, it would automatically lock when you move, say, five or six feet from your desk and automatically unlock when you return within range.

      I’m not familiar with the technologies used in NFC, so I don’t know if it is passive and would need ‘pinging’, or active and could send a ‘still here ping’ every so often. In either case the interval would be fairly sensitive.

        1. Every heard of blueproximity?

          No, I haven’t. Shocking as it may seem, I’m not a smartphone person. I’ve even been caught using a pencil and paper on occasion. I can’t begin to tell you the fuss that caused :)

  2. Nice project, but it should be altered so that the tag contains the password, because that remains in your possession. Otherwise it’s trivial for someone with physical access ( i.e. a colleague ) to extract your password from the device ( and it says so on the blogpage, only PoC ). Security would improve a little if the arduino was mounted inside the ( locked! ) computer case.

      1. Or some way to encrypt the datastream between the leopard (autocorrect xkcd 1031) and your computer so leopard sniffers won’t get at your oh-so-secret documents about security and encryption. (Some kind of ethernet over usb with ssh to encrypt it and screen!)

      2. That was going to be my question.
        The build I’ve seen of this has the password in plain text in the arduino.
        I just don’t know enough about RFID to know if you can have a unique ID to decrypt the password.

  3. I have been doing similar with a Digispark using it as a USB keyboard for my kids to keep some control over minecraft and games time, instaead of going to the computer I give them the ‘key’ to unlock their machine, they return it to me and play. I had wanted to do RFID or other login/logout where they cant hack the logout by pulling the dongle but that pretty much leads to serial and writing some sort of daemon to watch for /dev/ttyUSB0 disappearing or for the USB KB to disappear and send logout or screen lock commands. Part of the difficulty was never getting the Digispark HID keyboard to send modifier keys like ctrl, alt, and another key concurrently.

  4. This is not RFID, this is NFC.

    – RFID uses radio frequency (an actual radio wave);
    – NFC stands for Near-Field, which is mostly magnetic induction – like a crude air-core transformer.

    Actual RFID could be really cool, you wouldn’t have to take the card out of your pocket.

  5. Bluetooth to phone to unlock works well. I configured my work box to auto log into windows whenever i place my phone on my desk. It would log out when the phone was picked up. It had it’s issues but overall worked as expected without too many log offs.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.