Archive for February, 2010


The Omnikey 5321 USB

February 28, 2010

It’s been a fun time setting up my brand-new Omnikey 5321 USB smartcard/RFID reader.  I worked with one a year or so ago, and was duly impressed.  This new one is just as solid.  HID makes quality equipment, and has acquired companies that make quality equipment.

HID provides drivers for use under Windows, Linux, and Mac OS X.  The completeness of those drivers decreases in that order.  I acquired this reader to work with contactless smartcards, including Mifare and iClass cards.  The cards I have to test with at the moment are an ISO14443b card and an EMV (PayPass) token.  All of these operate on the 13.56Mhz ‘standard’ RFID frequency, but are not all equal in the eyes of the 5321.

I first borrowed a Windows laptop to make sure the reader worked.  HID provides a driver and a test application for Windows that I am familiar with.  Once it was set up and the USB driver changed to the HID factory driver, I tested the cards.  The 14443b card came up with the right Card ID and ATR.  The EMV token was detected as an ISO14443b device.  The Card ID and ATR looked right.  All is good on the Windows front.  Unfortunately, I don’t have a Windows machine of my own to do development on.  In each case, bringing the card near the reader resulted in the activity light flashing as the card was read.

My next adventure was to try out the OSX driver bundle.  Mac OS X uses pcscd to talk to smartcard readers.  HID provides a CCID-style driver bundle, currently version 1.0.0 released March 2009.  It loaded up fine, and detected the reader.  As promised by HID on their specifications page, the OSX driver does not work with contactless cards.  In fact, the reader does not respond at all when cards are brought near it … the activity light does not flash.

Finally, I loaded up the Linux driver bundle, version 2.7.0 from February 2010.  I was fortunate to have read up on installing pcsc-lite ahead of time, which kept me out of trouble by instructing me to configure with –enable-libusb and –disable-libhal.  After installing the driver and loading up pcscd, the reader was correctly identified.  The 14443b card was read without any problem.  The Card ID and ATR were both as expected.  However, the EMV token was not read at all.  Just like with the OSX driver, the activity light didn’t flash when it was brought near.

It’s clear that the Windows drivers allow the reader to use all of its capabilities.  The Linux driver fails to read at least one type of RFID token.  The HID-provided OSX driver is nearly useless — the stock PCSC-Lite CCID drivers provide the same functionality in the 5×21 series of readers.

I’m hoping that the Linux drivers will work with the Mifare and iClass cards that are on their way.  If not, I’m going to have to get a Windows machine working.  That would be a shame.


Proximity Card Answers

February 26, 2010

What’s a “static proximity card”?

Proximity cards used in physical security applications generally work on low frequencies, and are energized by ‘proximity’ to a reader.  Upon being activated, a static proximity card will respond by modulating the signal to send out a sequence of bits.  Static cards have no handshake, no ‘smarts’, and will always spit out the same sequence of bits to anything that manages to energize them.  They are a single-purpose ID code transmitter.

What’s wrong with static cards?

Static cards will broadcast their ID anytime they are activated.  They cannot determine if the signal activating them is from a legitimate reader or not.  Conversely, static card readers cannot verify that the ID code they recive is from a legitimate card.  The ID code, once intercepted, can be used in place of the card to gain surreptitious access for the entire lifetime of the original card in the security system.  In addition to stealing ID codes from cards, an attacker can attempt to guess codes by using the readers in the system.  While static protocols claim between 44 and 128 bits for the ID codes, the differences between cards enrolled in the same security system can be as low as 16 bits.

Why pick on HID?

It’s not personal.  HID is the single most common vendor of proximity card physical security systems I’ve come across.  There’s an industry of other manufacurers that make equipment compatible with the static “Prox” and “Prox II” protocols that HID created.


Why Static Proximity Cards Are Dangerous

February 26, 2010

I’m setting up another HID Prox security demonstration.  I’ve cleaned up my equipment so it doesn’t look quite so hacked-together.  I’m working on some long-range antennas and the code to safely support them.  Once it is all working, I hope to be able to…

  • Sniff cards being read across the room by a legitimate reader
  • Flash a room and read card responses
  • Brute-force desired bits on a proximity card

Already I can read a card to capture its number at short-range with a variety of readers.  With the card’s number, I can easily retransmit to a reader.  Basically, the existing system I’ve assembled lets me read your card and use it later at my leisure.