Re: HID Proximity Cards: Decoded Versus Undecoded Outputs?


I have searched for the weigand kit. I can't find it anywhere on the
Internet. I would like to purchase one. Anyone have a link?

Roland Moore;44621 Wrote:
There is no decoded and undecoded outputs in the HID Proximity format
you
mention. At its simplest the prox card has a chip inside it creating a
pulse
output. There are many physical forms of "active cards" and "passive
cards"
and fobs and "lick and sticks" etc. The unique card number is
programmed
into the chip inside the card. The HID Proximity format has become an
industry standard so many manufacturers use it since the HID patent
expired.
So the chip inside the card creates the same type output as the
original
Wiegand pulse-generating cards that used bits of wire inside the card
and no
chips. So that's it. It is a pulse. The "pulse" can be different
lengths.
There is the standard 26 bit format, meaning a "pulse" of 26 pieces or
bits
of on or off data. In that output format you have the card number, the
facility code or site code etc. (because the nomeclature varies a lot).
To
make it more interesting one can vary the location of the start bit
location
and scramble things up a little. Different access control
manufactureres
have their own formats. Continental Instrumants 36 bit, Card Key 35
bit,
Infographic Systems 34 bit, CEM 33 bits etc. Therefore what is printed
on
the card may be the actual card number output or something else not at
all
related to the card number in any way. When you get the cards from the
manufacturer there is a *** that cross references what is printed on
the
card versus the actual output.
You can certainly defeat the security of a card access system by using
a
device like the one you saw on TV. You don't even have to be cleaver
enough
to build your own device, you can buy it complete and ready to use
right off
of the Internet and start spoofing.
I don't think that one would install simple weigand cards on a
facility
where high security was a concern. There are other technologies
besides
weigand. One step up would be to use the Indala reader. Indala is now a
part
of HID. You get a more unique communications going between the card and
the
reader that makes it a bit more difficult to spoof.
HID is not stupid. They do make cards that you can't easily spoof and
formats that are unique. The HID iCLASS format, combined with an Elite
class
reader and Corporate 1000 format would pretty much rule out spoofing
or
duplication completely. The iCLASS would mean what the spoofer read
would
not work when "played back" to the reader. It is unique evey time (well
the
challenge repeats every 1.5 million years or some ridiculously long
time)
because there is a two way communication going. The Elite ties the
reader
and the card together so even another iCLASS card won't be acknoledged.
And
the Corporate 1000 means HID will never produce another card with that
number on it so there are no duplicates ever produced by HID.
Does it worry anyone in the industry that Weigand Prox format cards can
be
spoofed? I don't know. If you put a reader on a glass door and have a
strike on a door lock I think not. A prox card is not like a door key
that
works 24/7/365. For the most part a card is programmed to work normal
business hours on a limited set of doors. Even if you spoofed a card
and
antipassback was in play you couldn't just spoof a card of a random
person
passing by and then walk in. In most cases the bad guy wanting in will
pick
up a rock and smash out the glass. If the bad guy is a bit more
resourceful
or skilled he will pick or pry the lock. I have never been made aware
of a
successful (or unsuccessful) spoof attack in real life. If I do I'll
try and
post the video clip of the guy here because I am sure there will be
one.
There are almost always other sorts of security measures to have to
get
around like cameras, or in the reader itself, like PIN numbers,
biometric
interfaces, face matching, etc. Remember we're only talking about
Weigand
Prox formats. There are other formats like MiFare, RFID etc. I think
the
career of a Weigand Prox format spoofer would be very short. But don't
let
me disabuse anyone here from a career choice. I know some guys that
work
with prison ministries and they hear from the inmates that the food is
good
and the sex is great.

"Will" <westes-usc@xxxxxxxxxxxxxx> wrote in message
news:xYOdnVhXn_wZH4DYnZ2dnUVZ_oydnZ2d@xxxxxxxxxxxxxxx
Can someone explain the difference between an HID proximity card's
decoded
and undecoded outputs? My guess is that number printed on the card
is
an
undecoded output, and it's just there to make it easier for humans to
type
in a number to a software application. Probably the real number is
on
the
card as is longer or more complex format? How many digits are
there and
in what format (e.g., alphanumeric only).

I saw a demo on TV recently of some guy who using a home made
circuit
board
was able to swipe any person in his vicinity's prox cards, then
record
that
and play it back to get access through any prox reader. Pretty
scary
stuff, and it's obviously not a very secure architecture if they are
sending
out numbers in a way that doesn't use some kind of private and public
key
exchange.

We are thinking of using the proximity cards as part of a two factor
authentication system to login to computers, which is why I would
like to
understand the length and structure of the number on the card. We
would
be
using PCPROX readers.

--
Will




------------------------------------------------------------------------
View this thread: http://www.wirelessforums.org/showthread.php?t=7501
http://www.wirelessforums.org

.