As part of looking at RFID and the
Internet of Things. I decided to look at RFID Door Access Control Systems and how they could be compromised. I wanted to show it is relatively easy to capture the RFID tags data and be able to clone them.
 |
| ADM2000-M Door access controller |
The use of the Access Door Controller as a RFID sniffer was based on the work done by Kevin Bong, owner of the MiniPwner website and his
minipwnerrfid article. Kevin's article describes an early version of the AD2000-M door controller than is currently available.
I used a AD2000-M access controller with an "Access Control V3."0 circuit board, which used a Nuvoton w78e052ddg 8-bit microcontroller, there is also an unidentified "ID module" attached to the circuit board. The ID module had a number of inputs and outputs which are labelled as follows.
| GND |
OUT |
DR |
CFE |
VCC |
| GND |
CY |
ANT2 |
ANT1 |
|
Pins from the module were traced back to the Micro-controller pins 15 and 16, pin 16 was identified by Kevin in his article as being transmitting the captured TAG details to the Micro-controller. By sniffing this signal it is possible to read the submitted Tags serial numbers.
 |
| Part of AD2000-M Circuit - showing test pins |
This is indicated that although the circuit board was visibly different from that in Kevin's article, the sniffer software should work. As the signals passed through, what looked like a set of unpopulated test pins, I soldered a set of pins to the board to make easier to connect to the circuit board.
 |
| Location of unpopulated test pins |
 |
| Underside of the circuit board with header soldered in place |
 |
| Header soldered to the circuit board |
After soldering the header to the circuit board the GND and Out connections were connected to the Arduino as per Kevin's article
 |
| Header pins connected to a breadboard |
 |
| Arduino connected to the Access Control unit |
The Arduino sketch from Kevin's web site was uploaded to the Arduino and the serial monitor used to capture the scanned tags.
 |
| Serial Monitor display showing captured TAG numbers. |
The next part of the project will be to clone or spoof the RFID tags.
Very interesting the board and very nice keyboard construction is safe and Strings
ReplyDeleteHello! I would like to provide a huge thumbs up for any excellent info you’ve here within this post. I will be coming back to your blog site for more soon. white house market
ReplyDelete