The biohack.me forums were originally run on Vanilla and ran from January 2011 to July 2024. They are preserved here as a read-only archive. If you had an account on the forums and are in the archive and wish to have either your posts anonymized or removed entirely, email us and let us know.

While we are no longer running Vanilla, Patreon badges are still being awarded, and shoutout forum posts are being created, because this is done directly in the database via an automated task.

Thoughts on rfid skimmers: Overthinking it.

I've been thinking lately about a little project that I would like to make at some point. I guess I'll see what you guys think about it.

Now as a bit of a disclaimer, yes, I know that this could be used in ways that would be unethical, and even criminal. This is just something I have had on my mind that would be fun to build just for the sake of building it. If nothing else it could be used to show the need for greater encryption on rfid technology. 

So, here we go.

I am a bicycle deliveryman in a college town (MSU campus, East Lansing, Michigan), which means that I spend lots of time waiting outside in the cold for people to come out and pick up their deliveries that I am carrying. In the city where I work, rfid technology is everywhere. EVERYWHERE.

Many local businesses use rfid cards for entry and I pass readers left and right all day long. There is a data entry center that uses EM4200 tags for access, (and it is all too fun to make the reader beep and flash everytime I walk by). Every single hall and dorm on MSU campus has an HID reader outside the door, and most of the fraternities and sororities use rfid entry systems. even the local taco bell has an HID reader affixed to the front door. So I've been thinking...

I've looked a lot into rfid skimming. I've looked into ways of making long range readers portable by running them off batteries, but I want to do something more...

I have this dream of creating a long range rfid/nfc skimmer/cloner that would pick up and store rfid serial numbers, and authentication codes. The device would pick up the information from nearby cards and would transmit the information via bluetooth to my phone. From there, the IDs would be forwarded to my android wear watch for which I would have a program made that would allow me to scroll through the collected information and automatically or manually write the information to my implanted tags by means of an antenna worn over them. I would also have haptic feedback from my watch letting me know whenever a new tag was collected.

Basically this device would allow the user to simply walk past someone exiting a building and instantly have the means to enter it themselves. I am sure that there would be hurdles and challenges along the way, but where there is a will there is a way. I'm really just curious to see how easily the device could be created and whether it could really function as well as I envision.

Thoughts anyone?

Comments

Displaying all 5 comments
  1. To me, this screams strongly of what's called for in the disclaimer. 

    However, this is also sounds very very interesting. :3 The device by itself, regardless of implemented use, still sounds like something that would immediately get you flagged for all sorts of things. regardless of being part of a system that lets you wave your hand or feel the timing. >~<
  2. Agreed. Interesting idea, but might not be the best idea to create.
  3. I would be careful if you do build such a device. It sounds to me like a raid reader with a long range omni-directional attena. Is something similar not used to steal the information on RFID debt/credit cards?
  4. @JohnDoe I feel as though that kind of info is encrypted regardless. I am positive there is a way to skim such data but its seems like it would be much more complicated. Most RFID access cards aren't normally encrypted or anything like that. @Trybalwolf, if I were you I would look into antenna design and the like. I've researched a bit for a device with the same purpose. I believe that I came to the conclusion that it would need a fairly large amount of power to even give the device a useful range. When I say fairly large, I mean probably not feasible to carry around with you on your bike(which is super cool btw, one of my dream jobs) You starte getting into some pretty hardcore EE with this sort of business. Perhaps @ThomasEngi could shed some like
  5. This has been done before, and well documented, .e.g. here is one design.
    It costs a few hundred dollars and a reasonable amount of tech knowledge, but it's not really that hard. I've built one of these systems before.
Displaying all 5 comments