Arduino RFID Cloner and Texter.
Brought to you by rpigu-i.
This Arduino based RFID snatcher was built for an experiment/PoC for DefCon 26 (August 9 - 12 2018).
The project consists of several core components:
-
An Arduino microcontroller
-
Support for GSM (send SMS)
-
A battery
-
Antenna
-
An RFID shield
-
A cheap SIM for sending SMS
The RFID shield allows you to scan passive devices such as key cards. It will then attempt to crack the card, and will text the cracked key to a cell phone.
The source code is relatively simple and uses some of the default code/concepts provided by many of the Arduino libraries and keys documentation that are available, including:
-
MFRC522 library example: https://github.com/miguelbalboa/rfid
-
Check default keys: https://code.google.com/p/mfcuk/wiki/MifareClassicDefaultKeys
Currently the phone number you wish to SMS to needs to be hard coded into the rfid_gsm_default_keys.ino file on line 157
Example:
char remoteNum[] = "0000000"; // telephone number to send sms
Line 203 contains the check for the MIFAR known keys.
If you wish to just attempt to crack a single known key, this can be hard coced, or the array reduce to a single value:
for (byte i = 0; i < MFRC522::MF_KEY_SIZE; i++) {
key.keyByte[i] = knownKeys[k][i];
}
or for example:
key.keyByte[i] = 0xFF;
This code can be uploaded to your microcontroller through the Arduino IDE.
The following example hardware was used to build the rfidsnatcher.
A small PKCELL LP785060 was used. This is a 3.7v 2500 mAh lithium ion polymer battery.
It clips easily onto the pins the Arduino microcontroller via a 2-pin JST-PH connector and has a small form factor, which is useful when building a case.
These can be picked up for around $15 on sites such as Adafruit:
https://www.adafruit.com/product/328
Any small GSM/Celluar Quad-band antenna should work. The ones with adhesive backing will allow you to easily stick the antenna to the case for your device.
Adafruit carries a number of these, and they range from around $3 - $5 for basic models.
https://www.adafruit.com/?q=antenna+gsm&sort=BestMatch
This device was built using the Arduino MKR GSM 1400.
It has a very small form factor and combines the Arduino microcontroller and GSM functionality into a single device:
https://store-usa.arduino.cc/products/arduino-mkr-gsm-1400
These go for a little under $85 on the Arduino website.
Finally the device uses a RFID-RC522 shield.
These can be picked up on Amazon for around $8 and come with a spare keycard and door fob:
https://www.amazon.com/SunFounder-Mifare-Reader-Arduino-Raspberry/dp/B07KGBJ9VG
The original case for the PoC was printed on a Makerbot. Any custom 3d printed cases made to the approximate dimensions of the finished device should be fine.
This device uses the following pins on the Arduino and shield. These will need to be soldered together using small patch cables.
-
vcc
-
grnd
-
RESET
-
11 (SDA)
-
Pin 10
-
Pin 9
-
Pin 8
The following pins are used on the shield:
-
SDA
-
SCK
-
MOSI
-
MISO
-
GRND
-
RESET
-
3.3v
Wire the Arduino pin on the left, to the shield pin on the right
| Arduino Pin | RFID Shield Pin |
|---|---|
| vcc | 3.3.v |
| RESET | RESET |
| grnd | GRND |
| 11 (SDA) | SDA |
| 10 | MISO |
| 9 | SCK |
| 8 | MOSI |
Connect the antenna to the small metal connector on the Arduino board. The battery connects to the small white battery connection point on the Arduino.
You can purchase a cheap SIM card from a local retailer for sending the SMS to your cell. This plugs right into the small socket on the back of the microcontroller.
Scan a passive RFID device such as a room key with the rfidsnatcher.
If the key card is successfully cracked, you will receive an SMS indicating this.
Remember this is for educational/demo purposes only. Use at your own risk.
If you would like to add to this project, please fork it and create a pull request.