Wiegand

Some of our devices look like they’re straight out of hacker movies. For instance, how about a small board you plant behind an RFID reader, collecting access card data and then replaying it when you next walk up the door? [Jakub Kramarz] brings us perhaps the best design on the DIY market, called The Tick – simple, flexible, cheap, tiny, and fully open-source.

Take off the reader, tap into the relevant wires and power pins (up to 25V input), and just leave the board there. It can do BLE or WiFi – over WiFi, you get a nice web UI showing you the data collected so far, and letting you send arbitrary data. It can do Wiegand like quite a few open-source projects, but it can also do arbitrary clock+data protocols, plus you can just wire it up quickly, and it will figure out the encoding.

We could imagine such a board inside a Cyberpunk DnD rulebook or used in Mr Robot as a plot point, except that this one is real and you can use it today for red teaming and security purposes. Not to say all applications would be NSA-catalog-adjacent pentesting – you could use such a bug to reverse-engineer your own garage door opener, for one.

[Glen] might describe his project of opening his garage door by way of an RFID sticker on his bike helmet as simple, but some of the interfacing he needed to do was quite complex. He walks through the project from beginning to end, and there’s plenty to learn from.

When designing an RFID access control system, one has to decide what kind of reader and what kind of tags one wishes to use. They all function more or less the same way, but there are a lot of practical considerations to take into account such as cost, range, ease of use, and security options. After a lot of research, [Glen] decided on inexpensive sticker-style tags and a compatible reader supporting credentials with an ISO14443 UID that could be suitably mounted on a building’s exterior.

The actual opening of the door was the simple part, done by interfacing to a spare remote.

Breakout boards with ready-to-use code libraries exist for some RFID readers, but that wasn’t the case for the reader [Glen] had. He ended up rolling his own code to handle communication with the reader, with a Microchip PIC18F45K50 doing all the work of reading tags and performing access control. His code is on the project’s GitHub repository, and if you also find yourself needing to interface to a reader that uses the Wiegand protocol, you might want to give it a look.

Controlling the actual garage door was the easy part. All that took was soldering two wires across the switch contacts of a spare garage door opener remote, and using a relay to close the contacts. Simple and effective. You can see it in action in the short video, embedded below the break.

Overhead door access control might be a simple concept, but it comes in all shapes and sizes when enterprising hackers start looking for solutions. We’ve seen garage doors given the DIY IoT treatment, and even seen access controlled by a car’s headlamp flashes, which actually turned out to be more secure than it sounds.

Continue reading “RFID Sticker On Bike Helmet Grants Garage Access” →