Using U2F for Door Access Control Systems

Fri, 02 Jul 2021 00:00:00 +0000

I was looking at trying to securely implement a door access control system. This usually involves some kind of card that you tap at a reader and the door unlocks.

Because it uses NFC, the NFC reader and electronics can be located safely on the inside, leaving no exposed DIY electronics on the outside for attackers to fiddle around with. Here’s an example project using a 3D-printed enclosure:

A lot of those DIY projects work, but they are just not secure:

Just look at the code and you will see what I mean. They generally look like this:

uint32_t uid = nfc.readCardId(); // read the card's unique ID
if (uid == 0xAAAAAAAA || uid == 0xBBBBBBBB || ...) {
 unlock(); // YES!!
}

Unfortunately, consumer smart locks like a Yale or Samsung do pretty much the same thing, without hard-coding UIDs of course. When you enroll cards, the door lock will simply record the UID and will unlock when you present a card (or tag) with that UID. MIFARE Classic cards are commonly used for this purpose because they are very inexpensive. They are factory-programmed with a unique identifier stored in sector 0, which is read-only.

Decoding BCARD Conference Badges

Sat, 13 Apr 2013 01:28:00 +0000

Last month, I had the opportunity to fly halfway around the world to attend RSA Conference 2013. Everyone was given a lanyard and badge which contains your information entered during registration. When you visit booths, they can then scan your badge to collect your information and follow up by sending you spam.

The scanner varies across different booths, but mostly it’s an Android device that ran a custom software. Since it had a large NXP logo, let’s try to read it with the NFC TagInfo app. Looks like the tag identifies itself as a NDEF message but the data is gibberish.

NFC on irq5 test

Using U2F for Door Access Control Systems

Decoding BCARD Conference Badges