access control question

N

newalarm

Active Member
Helping out with a building with multiple access control points (key fobs and magnetic cards). Not very familiar with access control. I am not actually doing any work to system but just trying to give them some input.
 
They are trying to audit who has what fobs, but many of the numbers on the fobs are erased. I guess they used the number to input fobs into the computer. I suggested they get a scanner at the computer so that they can simply scan a fob to figure out who it is registered to. I would assume this is feasible?
 
If so, how much do these typically run, and what is the specific name of the device?
 
 
You can use any decent access control software and hardware to decode fobs. Usually there are 2 numbers, the facility code and the card number. If you use a reputable installer / integrator, and even if the system you purchase doesn't have the capability to decode fobs, they can usually take a fob back to their office to decode it or at least decode the facility code. Once you know the facility code you can simply use a reader on the newly installed card access system to get the card number. Just look for an access denied or other error message. This is assuming they are HID compatible. There are some "odd ball" technologies out there that may take "special" readers to read the cards
 
Do you know what system they may be purchasing?
 
How many employees/fobs to be decoded?
 
Can you post a pic of the fob?
 
Curious if they are using HID stuff?
 
Yup here involved in an upgrade of access card systems, multiple regional offices et al.
 
One late night while testing did get myself locked out of one section of one building with no exit; which bugged me a bit for a time....(my fault though for being hands on all of the time).....
 
At my last office building, I would just go swipe an unknown fob then check the logs to see which one it was if the number was unreadable.  In my current building I don't have direct access, so bought a generic USB HID reader that lets me swipe the fob and the number just outputs as if you'd typed it in, so I just open notepad to see what it outputs.  Or swipe it by the Elk's reader and use the decode software.
 
Also note that while somewhat less common, some people will obfuscate the real numbers by using an offset from what's printed on the card vs. the real number that way someone can't just read the numbers and clone the card.
 
HID is actually a lot less secure than I think a lot of people realize... it's way too easy to clone cards or order duplicates with the same number.
 
Work2Play said:
At my last office building, I would just go swipe an unknown fob then check the logs to see which one it was if the number was unreadable.  In my current building I don't have direct access, so bought a generic USB HID reader that lets me swipe the fob and the number just outputs as if you'd typed it in, so I just open notepad to see what it outputs.  Or swipe it by the Elk's reader and use the decode software.
 
Also note that while somewhat less common, some people will obfuscate the real numbers by using an offset from what's printed on the card vs. the real number that way someone can't just read the numbers and clone the card.
 
HID is actually a lot less secure than I think a lot of people realize... it's way too easy to clone cards or order duplicates with the same number.
Click to expand...
 
Are these things not encrypted?
 
HID is just a card that when scanned transmits the facility code and a unique card number.  That combination can make some rather high number of potential card numbers, and only a small fraction of those would be valid at a given facility; that's kinda where your security comes from...  Out of the millions of potential numbers that could be transmitted, only say 6 are valid at your house - or maybe even 200 at a small office (of which many may not have 24x7 access).  Again I don't have the specs in front of me for the length of each, but the combination of Facility code and unique card number must both match.
 
That said, if you were targeting a particular individual and had the slightest clue what you were doing, it's horrifyingly easy to clone their prox card if you can close enough to touch it using a $50 handheld reader/cloner from China.  This may mean bumping into someone wearing a badge or if they have the keychain style, just getting access to their keys for a second.
 
I *might* have recently helped someone I know make a few extra fobs... their apartment complex uses them for pool and gym access but wanted $50/additional fob and wasn't able to get more for a few weeks.  I also not long ago deployed copiers that have badge readers on them (your print job doesn't print until you swipe your badge; similarly you can't copy or scan without swiping - and in swiping it preloads your preferences, accounting codes, and your email address for the scanner) - it was just a matter of dumping the valid codes from the security system and loading those into the secureprint database...  now one keyfob does it all. 
 
For that reason I have no problem using them to open a door but at my home I would still require a key code to disarm the alarm - something that would have to be known.  Or when I worked in a high-security building, we had prox + keycodes - you had to swipe and enter your code before any door would open.
 
Thanks for the responses. Very helpful. I will check to see what kind of system this is. I would imagine it is HID.
 
Easiest would be to have the user(s) with the fobs swipe at a door and watch the real time event list. The numbers on the back of the credential may be the number, they may not because of many reasons. The host system should have the FC code(s) as a system variable, same with the credential numbers.
 
If you don't have access to that, you'll need to know a decent amount about the credential to determine what is truly the format. You can have a 32 bit data card but change the start bits and parity, you've got a whole lot of homework to do.
 
For example, you can run a system with the same FC and same credential numbers but have them attached to 2 individual and unique users...don't ask because it's not fun to determine and then figure out what the CHUID of the 2 credentials are.
 
The basics are, if you don't have a system reader, don't know the FC and cards (or any offset) then you need some basic information, such as what the FC may be, how many bits the credential is, what the start and stop bits are, parity and a whole host of other items, then plug the numbers into the hex calculator in windows to determine what the FC and credential are....you need to know the data structure on the card and host system first.
 
HID, who is the largest manufacturer of credentials, maintains their own DB for anyone who ever ordered cards from them unless they were ordered as a generic item
 
I'd probably ask what the host system and controllers are first.
 
You must log in or register to reply here.

Similar threads

P
Omnipro II, PCAccess, Snap-Link
2 3 4
Replies
53
Views
2K
myyaz33
M
electron
  • Article
CocoonTech turns 20!
Replies
12
Views
873
myyaz33
M
pete_c
Securing the Smart Home Network: The Risks of the IoT
Replies
3
Views
318
sic0048
S
S
Some HAI UPB switches and keypads slowly stop working - over the years
Replies
8
Views
697
pete_c
pete_c
C
Dealer PC Access - Unhandled Exception has occurred - JIT Debugging
Replies
11
Views
915
pete_c
pete_c
Back
Top