Employee access card

Stillie

Stillie

Expert Member
Joined
Dec 10, 2009
Messages
3,216
Reaction score
308
Location
Cape Town
Hi guys,

i was thinking would it be possible to read those employee cards that some companies have for the staff? Its used for access as well as time tracking? I was just curious what sort of data you get from those cards, especially around an android device?

Can the NFC readers you get on some phones these days read those Access Cards?
 
If the company that set it up had a budget and any awareness of data security it would just be a code. The on site hardware would then relay the code to the time keeping software which links it to an employee.
 
gertvanjoe said:
If the company that set it up had a budget and any awareness of data security it would just be a code. The on site hardware would then relay the code to the time keeping software which links it to an employee.
Click to expand...

yea, i get that, i was just wondering, for interest sake, what ever the data is that i get if i would be able to read it using a standard NFC reader built into most phones?
 
After some reading I concur that most access cards are 125 kHz which Nfc (13.56 MHz) cannot read.
 
The card just has basic data details on it, nothing else. The reader recognizes the card and its identifier and records a timestamp in it's local memory. That is then communicated to a central store via either a node or direct to database depending on the complexity of the system installed. The actual database and associated services utilize the transaction and do the conversion of associating with employee, time-sheets and clocks.

And yes, easy read access is blocked as a security measure on the cards otherwise folks would just clone them, hence the popular move to biometrics.
 
Thanks to gertvanjoe to actually answering the question (after a few attempts) whether or not this can be read on a standard android device with NFC enabled.

To those who took the time to comment, the question was "Can the NFC readers you get on some phones these days read those Access Cards?"
 
envo said:
the question was "Can the NFC readers you get on some phones these days read those Access Cards?"
Click to expand...

No

Binary question,binary answer

I was just curious what sort of data you get from those cards
Click to expand...

Seems people either answered question 1 or 2 or both,why so salty

To those who took the time to comment, part of the question was
Click to expand...

Fixed that for you
 
I wrote my own implementation of this kind of system and generally there are two popular types of tags.

RF tags operating in the KHz range (125KHz as indicated above) and smart cards operating in the MHz range.

The KHZ range tags I've encountered simply contain a hard-coded identifier.
Most of the MHz tags on the other hand contain a microprocessor and can store both data and support encryption (including DES/AES).

I leveraged the fact that Mifare Classic 1k cards could be had for next to nothing (Like R3 a tag) and a compatible reader itself costs on the order of R30.
The cards support 100k+ writes (claim on the datasheet)
(Side note: Mifare classic support encryption but it is completely broken. Even the most advanced Mifare tags that implement AES have been broken recently also)

When a new card was added I wrote to a database:
1) The UID of the card (supposed to be static)
2) A random identifier written to one of the blocks on the card
3) The block address that contains the random identifier

When the card is swiped the UID is used to identify which block to read, which is then read and verified.
If it matches, a new identifier is written to a different address.
The new identifier is read back for verification.
The database is updated.
Access is granted.

Using an identifier/UID alone makes the system quite vulnerable to card cloning IMO.
By "hoping" a code each time you can make it significantly harder to clone and remain undetected.
 
Last edited:
^ This. All RFID cards come with a hard coded serial and the more expensive ones will come with a programmable bank of memory. The easiest and most secure would be linking the serial number to the employer and the software would handle the permissions of that card. Highly unlikely you would get anything of value off of it, but yes you should be able to read it with a NFC device if the card is built to support the protocol ranges.
 
While we are on Nfc. Gym I go to know has Nfc capability on machines. Any one know if this can be set up to id my program and set up as I start. Normally I just see people using it for stats. Don't have brand off head sorry
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X