https://irq5-7854a1fdb9f4.pages.dev/tag/u2f/Recent content in U2F on irq5 testen-usFri, 02 Jul 2021 00:00:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2021/07/using-u2f-for-door-access-control-systems/Fri, 02 Jul 2021 00:00:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2021/07/using-u2f-for-door-access-control-systems/<p>I was looking at trying to <em>securely</em> implement a door access control system. This usually involves some kind of card that you tap at a reader and the door unlocks.</p><p>Because it uses NFC, the NFC reader and electronics can be located safely on the inside, leaving no exposed DIY electronics on the outside for attackers to fiddle around with. Here&rsquo;s an example project using a 3D-printed enclosure:</p><p><picture><source srcset=/posts/2021/img/nfc-lock-qtechknow-FFOTW1TI7L6T5HL.jpg.webp type=image/webp><img src=https://irq5-7854a1fdb9f4.pages.dev/posts/2021/img/nfc-lock-qtechknow-FFOTW1TI7L6T5HL.jpg alt="photo of a DIY NFC door lock found on Instructables.com, with all the electronics & parts on the interior side of the door" width=1620 height=1080></picture></p><p>A lot of those DIY projects <em>work</em>, but they are just not secure:</p><ul><li><a href=http://www.instructables.com/NFC-Door-Lock-with-the-Qduino-Mini-under-100/ rel=noopener target=_blank class=external>NFC Door Lock With the Qduino Mini &ndash; Instructables.com</a></li><li><a href=http://keyduino.forumsactifs.com/t4-nfc-drawer-lock rel=noopener target=_blank class=external>NFC drawer lock</a></li><li><a href=https://www.makeuseof.com/tag/diy-smart-lock-arduino-rfid/ rel=noopener target=_blank class=external>DIY Smart Lock with Arduino and RFID</a></li></ul><p>Just look at the code and you will see what I mean. They generally look like this:</p><div class=highlight role=region aria-label="code block" translate=no><pre tabindex=0 class=chroma><code class=language-c data-lang=c><span class=line><span class=cl><span class=kt>uint32_t</span> <span class=n>uid</span> <span class=o>=</span> <span class=n>nfc</span><span class=p>.</span><span class=n>readCardId</span><span class=p>();</span> <span class=c1 translate>// read the card&#39;s unique ID </span></span></span><span class=line><span class=cl><span class=c1 translate></span><span class=k>if</span> <span class=p>(</span><span class=n>uid</span> <span class=o>==</span> <span class=mh>0xAAAAAAAA</span> <span class=o>||</span> <span class=n>uid</span> <span class=o>==</span> <span class=mh>0xBBBBBBBB</span> <span class=o>||</span> <span class=p>...)</span> <span class=p>{</span> </span></span><span class=line><span class=cl> <span class=n>unlock</span><span class=p>();</span> <span class=c1 translate>// YES!! </span></span></span><span class=line><span class=cl><span class=c1 translate></span><span class=p>}</span></span></span></code></pre></div><p>Unfortunately, consumer smart locks like a Yale or Samsung do pretty much the same thing, without hard-coding UIDs of course. When you enroll cards, the door lock will simply record the UID and will unlock when you present a card (or tag) with that UID. <a href=https://learn.adafruit.com/adafruit-pn532-rfid-nfc/mifare rel=noopener target=_blank class=external>MIFARE Classic cards</a> are commonly used for this purpose because they are very inexpensive. They are factory-programmed with a unique identifier stored in sector 0, which is read-only.</p><p><a href="https://irq5-7854a1fdb9f4.pages.dev/2021/07/using-u2f-for-door-access-control-systems/#more">Continue reading…</a></p>