So here's the story. To get into my building's garage, I need to wave an rf-enabled key at a reader. Problem is that I ride, so I have gloves on. I have to stop just before the gate, take a glove off, fish the key out of my pocket, stuff it into my other glove, put the first glove back on, then ride up to the gate, scan, and ride in with it still in my glove, fully expecting it to fall out on the way.
I don't know how many commas I used enumerating that long sequence of events. Clearly too many. Something must be done. Think of the children.
So, I know that people are getting teenty-tiny rfid chips crammed into their hands. What if I could glue/sew one of those onto my gloves? (Spoiler: I ended up going a different way.) Then I could just ride up, wave my glove, and ride on in!
Step one was to try to duplicate the key at all. So I popped over to eBay and looked for a duplicator. The popular match (a blue thing from China) says it's for 125 KHz and a quick search on the interwebs indicated that my keyfob likely is one. They all come with a few blanks included, even. I found a US shipper and committed twelve dollars to the experiment.
It arrived, I tried it out (beep boop!) and the duplicate fob it made worked just fine on the garage. (And the building front door and the elevator.) I enlisted friends and made copies of their keys for them -- those also worked!
Alright, now to duplicate my key onto a teeny-tiny chip. That did not go so well. I mean, I completely got the wrong type of chip, had no idea what I needed, and utterly failed. (Though now I know exactly which one I needed.)
Back to the project though. During my research I discovered that you can actually get a ring with a chip in it! Add to cart! Ship it!
And ... success! Now when I ride, I put on my ring, and opening the garage is just a wave of my hand. Total cost of the parts (that worked) is under fifty bucks. And my friends love me because I can make them spares, too. This was a good project!
I couldn't let it rest until I knew everything there is to know. I'm now using the amazing Proxmark3 with iceman's firmware. Also, if you find you can't rewrite tags that the silly blue cloner wrote to, it's because they now have a password. The password is 51243648 and you can wipe the tag, removing the password in the process, with lf t5 wipe -p 51243648 on the pm3 command line. (The password is required for the wipe operation to work.)
I have now done a couple of presentations around this story. I talked at PanacakesCon 3, and I gave a fifteen minute talk at ShmooCon.
Post a Comment