|
Posted by asrbktkd on December 22, 2007, 3:31 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I have searched for the weigand kit. I can't find it anywhere on the
Internet. I would like to purchase one. Anyone have a link?
Roland Moore;44621 Wrote:
> There is no decoded and undecoded outputs in the HID Proximity format
> you
> mention. At its simplest the prox card has a chip inside it creating a
> pulse
> output. There are many physical forms of "active cards" and "passive
> cards"
> and fobs and "lick and sticks" etc. The unique card number is
> programmed
> into the chip inside the card. The HID Proximity format has become an
> industry standard so many manufacturers use it since the HID patent
> expired.
> So the chip inside the card creates the same type output as the
> original
> Wiegand pulse-generating cards that used bits of wire inside the card
> and no
> chips. So that's it. It is a pulse. The "pulse" can be different
> lengths.
> There is the standard 26 bit format, meaning a "pulse" of 26 pieces or
> bits
> of on or off data. In that output format you have the card number, the
> facility code or site code etc. (because the nomeclature varies a lot).
> To
> make it more interesting one can vary the location of the start bit
> location
> and scramble things up a little. Different access control
> manufactureres
> have their own formats. Continental Instrumants 36 bit, Card Key 35
> bit,
> Infographic Systems 34 bit, CEM 33 bits etc. Therefore what is printed
> on
> the card may be the actual card number output or something else not at
> all
> related to the card number in any way. When you get the cards from the
> manufacturer there is a sheet that cross references what is printed on
> the
> card versus the actual output.
> You can certainly defeat the security of a card access system by using
> a
> device like the one you saw on TV. You don't even have to be cleaver
> enough
> to build your own device, you can buy it complete and ready to use
> right off
> of the Internet and start spoofing.
> I don't think that one would install simple weigand cards on a
> facility
> where high security was a concern. There are other technologies
> besides
> weigand. One step up would be to use the Indala reader. Indala is now a
> part
> of HID. You get a more unique communications going between the card and
> the
> reader that makes it a bit more difficult to spoof.
> HID is not stupid. They do make cards that you can't easily spoof and
> formats that are unique. The HID iCLASS format, combined with an Elite
> class
> reader and Corporate 1000 format would pretty much rule out spoofing
> or
> duplication completely. The iCLASS would mean what the spoofer read
> would
> not work when "played back" to the reader. It is unique evey time (well
> the
> challenge repeats every 1.5 million years or some ridiculously long
> time)
> because there is a two way communication going. The Elite ties the
> reader
> and the card together so even another iCLASS card won't be acknoledged.
> And
> the Corporate 1000 means HID will never produce another card with that
> number on it so there are no duplicates ever produced by HID.
> Does it worry anyone in the industry that Weigand Prox format cards can
> be
> spoofed? I don't know. If you put a reader on a glass door and have a
> strike on a door lock I think not. A prox card is not like a door key
> that
> works 24/7/365. For the most part a card is programmed to work normal
> business hours on a limited set of doors. Even if you spoofed a card
> and
> antipassback was in play you couldn't just spoof a card of a random
> person
> passing by and then walk in. In most cases the bad guy wanting in will
> pick
> up a rock and smash out the glass. If the bad guy is a bit more
> resourceful
> or skilled he will pick or pry the lock. I have never been made aware
> of a
> successful (or unsuccessful) spoof attack in real life. If I do I'll
> try and
> post the video clip of the guy here because I am sure there will be
> one.
> There are almost always other sorts of security measures to have to
> get
> around like cameras, or in the reader itself, like PIN numbers,
> biometric
> interfaces, face matching, etc. Remember we're only talking about
> Weigand
> Prox formats. There are other formats like MiFare, RFID etc. I think
> the
> career of a Weigand Prox format spoofer would be very short. But don't
> let
> me disabuse anyone here from a career choice. I know some guys that
> work
> with prison ministries and they hear from the inmates that the food is
> good
> and the sex is great.
>
> > Can someone explain the difference between an HID proximity card's
> decoded
> > and undecoded outputs? My guess is that number printed on the card
> is
> > an
> > undecoded output, and it's just there to make it easier for humans to
> type
> > in a number to a software application. Probably the real number is
> on
> > the
> > card as is longer or more complex format? How many digits are
> there and
> > in what format (e.g., alphanumeric only).
> >
> > I saw a demo on TV recently of some guy who using a home made
> circuit
> > board
> > was able to swipe any person in his vicinity's prox cards, then
> record
> > that
> > and play it back to get access through any prox reader. Pretty
> scary
> > stuff, and it's obviously not a very secure architecture if they are
> > sending
> > out numbers in a way that doesn't use some kind of private and public
> key
> > exchange.
> >
> > We are thinking of using the proximity cards as part of a two factor
> > authentication system to login to computers, which is why I would
> like to
> > understand the length and structure of the number on the card. We
> would
> > be
> > using PCPROX readers.
> >
> > --
> > Will
> >
> >
------------------------------------------------------------------------
View this thread: http://www.wirelessforums.org/showthread.php?t=7501
http://www.wirelessforums.org
| 
XML site map