Placeholder Image

Subtitles section Play video

  • This is the lock picking lawyer.

  • And today we're going to use this tiny electronic device toe hack an r F i D access control system.

  • It's some real James Bond level stuff, but first, I have to briefly explain how this mocked up system works.

  • On the far left, we have the power supply.

  • Next is the controller.

  • That's essentially the brains of the operation.

  • This is the button you press from the inside of the door when you want to get out next to the dead bolt that holds the door closed.

  • And finally, we have the card reader.

  • This will take the information off a car door key fob like this transmitted along these wires over to the controller, which verifies the card is authorized and then either grants or denies access.

  • This set up differs significantly from those I featured in videos 10 40 10 45 because all the decision making is done on the secure side of the door.

  • That means I can't open this by bridging wires like I did in those videos.

  • All of the wires that would do that are over here on the controller.

  • There is nothing I could bridge or cut over here.

  • That would cause this bolt to retract.

  • But there is still a significant flaw in the system.

  • Communications between the reader and the controller are not encrypted, and that's something that we can take advantage off.

  • When I take this reader off the wall, I can access the wires behind it, and that's where this little beauty comes into play.

  • It's called an E S P K.

  • And once you press the wires into these self stripping connectors, it will monitor and record all communications on the line.

  • And that's just the beginning.

  • I already have one installed here.

  • There are four connections to supply power and to monitor transmissions between the reader and the controller wants power.

  • This will either connect to a local WiFi network or it will create its own access point.

  • I really connected this to my old cell phone, so let's scan a few cards and then we'll see what the E.

  • S.

  • P key has found.

  • Okay, let's refresh our browser.

  • You can see all of the cards we just scanned, and even better I can have the E S P key replay all of the information that was transmitted in a particular time which will fool the system into thinking authorized card was presented to the reader.

  • Now here's where it gets even more interesting.

  • We have this binary stream right here.

  • If I were to convert that binary stream into decimal, I get eight for 8176 I can use that number and this device to create a cloned card.

  • So right now I have a card that does not work.

  • Let's go ahead and read this card.

  • Edit it.

  • Put in the number 848176 Right that onto the card.

  • And right now, the system can't tell the difference between these two cards.

  • So if you are installing an access control system like this, it is really important to use one that only transmits encrypted data.

  • Otherwise, an attacker can compromise the system with very little effort.

  • In any case, that's all I have for you today.

  • If you do have any questions or comments about this, please put them below.

  • If you like this video and would like to see more like it, please subscribe.

  • And, as always, have a nice day.

This is the lock picking lawyer.

Subtitles and vocabulary

Click the word to look it up Click the word to find further inforamtion about it