Door-in-the-Box Systems
Physical Security Village – DEFCON 31
Door Without PIN Code
-
Using the access cards placed next to the doors, place the card over the reader,
- If it is the correct card the LED lights will change to green.
- If it is the incorrect card, then the door will beep and the LED will stay red.
Figure 1: Door in “Locked” state with red LED lights.
Figure 2: Door in the “Open” state with the green LED light strip turned on.
Door With PIN Code
- Using the RFID card next to the door reader, place the card on top of the reader and then remove it from the reader (you may run into issues if you leave the card on the reader)
-
Then figure out the key by brute force, or by asking a volunteer for the PIN code.
- If the card and PIN were correct, then the LED will light up green.
- If either the card or PIN were incorrect then the LED will stay red.
Figure 3: Place the card onto of reader and then remove the card.
Figure 4: Enter the PIN and the LEDs should turn green.
Cloning RFID Cards
- Identify if the card is low frequency (125 kHz) or high Frequency (13.56 MHz).
- Select the proper cloner depending on the card chosen.
- place the cloner on top of the card and hold it there while having the device read the card.
- Save or emulate the card and use it to open the door.
Figure 5: Reading the RFID card.
Figure 6: RFID card successfully read.
Figure 7: RFID card emulated.
Using the ESP RFID Tool
-
Connect to the SSID: ESP-RFID-Tool-Demo
- Use the password: geranium-ford-GLOAT
- Navigate to http://192.168.1.1
- List the exfiltrated data in the log.
- Copy the card data and the PIN code used from the log file.
- Go to the Experimental TX Mode page
- Paste the binary data that was copied in the previous step and press Transmit.
- Quickly paste the PIN code and press the Transmit button.
- The LED lights should turn green if done fast enough.