InfoSec / RFID / Hak5

The {Authorized} Opening of a Locked Door with a $40 Tool

. 3 min read . Written by Nautilus
The {Authorized} Opening of a Locked Door with a $40 Tool

Hello floppy disk fanatics, welcome to my first blog post. So, a few weeks ago I was browsing the l33t hacker site known as YouTube when I stumbled upon a video by the infamous hacking group known as a̶n̶o̶n̶y̶m̶o̶o̶s̶e Hak5. This video was advertising the Keysy, a tool designed by TinyLabs which can backup up to four RFID credentials into a keyfob or keycard. It was only seconds after viewing this video when the police kicked down my door, stole my VHS tapes, Yu-Gi-Oh deck, and my five pound Maltese.

If you didn’t know, RFID is a system to allow external access and is appealing to many because it’s  essentially “keyless entry”. I don’t really understand the spooky magic of RFID systems, but after using a preinstalled tool on Kali Linux — Google.com, I discovered that “simple RFID tags are described as passive. Instead of containing batteries, they work entirely by responding to the incoming radio waves from the scanner or transmitter“. From these radio waves, there is power to activate the chip, open the door, and walk the dinosaur.

So I purchased this tool online, and it gets delivered to my house in less than a week. Incredible. I can continue to sweat mountain dew and play Mortal Kombat without leaving the safety of my gaming chair.

I’ve attached the video by Hak5 for all of you hooligans who are interested.

BUT. Something that really grinds my gears about this video is that there’s no demo of the Keysy. How am I supposed to know that this tool really works? Did Darren Kitchen pull a fast one and spend my hard earned money to escape to Tahiti?

Big boy testing

The office that I work in has a door (amazing) and I *knew* if I cloned my keycard, I could waltz on into through this door. So, after getting the “okay sir” from my boss, I used the Keysy, the keyfob that came with it, and my trusty keycard.

I was unable to upload videos to Medium, and I was too lazy to upload them to YouTube individually so instead I uploaded them to Imgur. So click here to view me opening the door, or just take my word.

Woah, Nautilus.. That seems really easy!

You’re totally right internet stranger. It’s really that easy to make everyone in the office feel unsafe. I’m a college student which means I have no money to buy a Proxmark3 (the dream). Which means I buy tools that aren’t $300 and test security with them. The Keysy, as I mentioned before is only $40, and although it’s not advertised for pen testing, I believe my video speaks for itself. It’s incredibly easy for anyone to purchase this tool, and possibly gain unauthorized access to a building.

Uncle Ben

I opened this door with permission from my boss. Do not purchase the Keysy, start cloning cards, and opening doors without permission. That’s illegal. If you’re going to purchase the Keysy and perform testing, make sure you have authorization from the appropriate individuals. I’m not responsible for your actions, and we have to keep Peter Parker happy by listening to Uncle Ben.

But surely there’s a way to prevent this?

There is no way to prevent this. Just kidding, yeah there’s a few mitigation's to prevent someone from cloning your card and gaining unauthorized access. I have some testing to do before I go in depth with spooky cryptography and faraday bags. However, while you’re twiddling your thumbs, and playing Runescape 3, waiting for your favorite hacker Nautilus to put out his follow-up article on mitigation’s. You can buy an RFID blocking container such as this.

Thanks for reading if you made it this far. I just set up this website to post my journey through the digital world.

https://www.explainthatstuff.com/rfid.html

https://shop.hak5.org/collections/bfcm2018/products/keysy