Arduino RFID login

20160316_114913-600

Luke has published a new build:

I wanted a simple way of quickly logging on to my computer without having to typing my password in and did not want to have no security either.
There are various products on the market that would solve this problem from fingerprint readers to proximity dongles but i decided to see what i could knock up with parts i mainly already had.

Looking in my micro stuff i had a RC522 RFID tag reader 3.3v :
Also an 3.3v arduino Leonardo clone aswell based on a sparkfun pro micro which also can act as a USB device such as a keyboard. This is useful as if a 5v arduino was used a level shifter would be required due to the RC522 not being 5v torrent.

More info¬†at Luke’s project page.

Join the Conversation

3 Comments

  1. This is a neat little box, but a word of warning is that this particular setup is trivially brute-forceable. The authentication is just checking that the card ID is correct and there is no attempt rate limiting in the sketch so an attacker could quickly cycle through all possible card ids using any rfid-device that can masquerade as a tag, and get very quick access to the target machine.

    A preferable idea would be to store the password encrypted against the id of the tag, *and not store the correct id on chip*(this is important) so that if someone gets hold of a memory dump of the arduino it is harder to recover the plaintext password. This leads to the system attempting to log in whether or not the correct card is presented, but that is no bad thing as it acts as a form of attack rate limiting.

  2. yes, what Telemin says. Also, those cheap RC522 boards (I have one) only work for the lower-power NFC tags like the Midfare S50 and NTAG2xx series. The matched filter on the antenna is wrong, which means it is not capable of supplying enough power to operate a secure tag like a DESfire even though the RC522 chip is protocol-compatible with those tags.

    Clearly, reading just the tag ID is really insecure, because the ID can be read by anyone and it’s easy to create a tag (or tag-emulator) that responds with the chosen ID.

Leave a comment

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.