An Android app that lets you use your access control card cloning devices in the field.
Clone or download

README.md

Walrus

Build Status GitHub release GPLv3 license Slack invite

Intro

Walrus is an Android app for contactless card cloning devices such as the Proxmark3 and Chameleon Mini. Using a simple interface in the style of Google Pay, access control cards can be read into a wallet to be written or emulated later.

Designed for physical security assessors during red team engagements, Walrus supports basic tasks such as card reading, writing and emulation, as well as device-specific functionality such as antenna tuning and device configuration. More advanced functionality such as location tagging makes handling multiple targets easy, while bulk reading allows the stealthy capture of multiple cards while “war-walking” a target.

Installing

Get it on Google Play

Documentation

Documentation and Getting Started. For end-user information such as what Walrus is, and how it can be used in the field, check out the Walrus website!

Development

Walrus is developed by Daniel Underhay and Matthew Daley (a.k.a. Team Walrus!) and is Open Source

Building

Walrus is a standard Android Studio project. At this stage there are no unusual dependencies or build steps beyond the usual cloning of the repository and opening the project in Android Studio.

TODO: When we refresh and remove the current Google Maps API key from the repo, we'll need to point out that this needs to be generated and set manually if maps are needed.

Testing

We don't currently have a test suite, we're naughty ;_;

Codebase

The current layout of Walrus's source code is as follows:

  • /app/src/main

    • /assets: Any non-resource assets, like the open source license listing.

    • /res: Resource files.

    • /java/com/bugfuzz/android/projectwalrus: Actual code lives here!

      • /card: Code to do with persistent data (i.e. the wallet). The Card class, the base CardData class and various card data type classes, database models and database helpers are here.

      • /device: Device-agnostic and device-specific driver code. The important CardDeviceManager lives here alongside the base CardDevice class and its child classes for various basic kinds of device (serial, line-based, etc.). Code to handle bulk reading is also located here.

        • /proxmark3: Proxmark3 driver code.

        • /chameleonmini: Surprise! Chameleon Mini driver code.

      • /ui: Code to do with other UI.

      • /util: Miscellaneous.

Device Support

Here’s a table of the current devices / card type pairs we support and in what manner.

Key: R = reading, W = writing, E = emulating, WIP = work in progress, NSY = Not Supported Yet (by hardware)

Proxmark3 Chameleon Mini (Rev.G/Rev.E Rebooted)
HID Prox R / W -
ISO14443A - UID WIP E
Mifare Ultralight WIP WIP
Mifare Classic 1K WIP E=WIP
Mifare Classic 4K WIP E=WIP
Mifare Classic 4B WIP E=WIP
Mifare Classic 7B WIP E=WIP
Mifare DESFire NSY NSY

Contributing

We welcome all kinds of contributions and bug reports, big or small! Development takes place at our GitHub repository. There you can file issues (both bugs and enhancement requests) and submit pull requests. Feel free to join our Slack channel.

During the initial development of Walrus, changes to the codebase are likely to be frequent and wide-ranging, so if you want to work on a feature, it's wise to reach out first to ensure that your hard work won't be soon obsoleted. After our first full release we hope to gain stability and bring in some of the additional resources expected of a project today, such as a proper test suite and continuous integration.

One area we'd love your help with is contributing translations! If you think you can help us out translating our Android string resources to another language, please get in touch!