Wiegotcha: Long Range RFID Thieving
Wiegotcha is the next evolution of Long Range RFID badge capturing. Based on previous work by Fran Brown and Bishop Fox (Tastic RFID Thief), Wiegotcha uses a Raspberry Pi in place of an Arduino for the added capabilities and ease of customization. One of the immediate benefits of using an RPi is quick and easy wireless communication with the badge reader.
Before going any further, I want to make sure to acknowledge those who helped this project, without knowing they did so.
- Fran Brown and BishopFox for the original Tastic RFID Thief (https://www.bishopfox.com/resources/tools/rfid-hacking/attack-tools/). Much of the original Arduino code was ported over into wiegotcha.c.
- pidoorman RPi wiegand reader code (http://pidoorman.co.uk/).
- Kyle Mallory for his fork of the above pidoorman code (found at https://gist.github.com/hsiboy/9598741).
- Derek Eder for his csv to html code (https://github.com/derekeder/csv-to-html-table).
- Gordon Henterson for the wiringPi library (https://projects.drogon.net/raspberry-pi/wiringpi/).
Wiegotcha is a simple to build, simple to install, and simple to use tool for capturing RFID badge information from unsuspecting targets. Similar to it's predicessor, the Tastic RFID Thief, the Wiegotcha is designed to be placed inside an HID Maxiprox 5375 (125kHz ProxII cards), Indala ASR-620 (Indala), or an HID R90 (13.56mHz iClass cards). Wiegotcha improves upon previous publicly released long range RFID readers by incorporating wifi out of the box as well as hardware clock for accurate timestamps. Moving from Arduino to Raspberry Pi also means the Wiegotcha is easily customized and improved.
Wiegotcha is intended to be built with a Raspberry Pi 3, but the code has been tested on an B+ and 2 (with external Wi-Fi). Testing has not been done on a RPi zero, but it should work. Check out the associated blog post at: http://exfil.co/2017/01/17/wiegotcha-rfid-thief/.
- eth0 = DHCP
- wlan0 = 192.168.150.1
- ESSID: Wiegotcha
- Pass: Wiegotcha
- (See a pattern yet?)
Do not forget to change default passwords!
Future Plans (I should say hopes):
- GPS Integration?
- Proxmark3 Integration (auto- or semi-auto cloning via web app)
- Push notifications?
Easy mode installation is basically the same as installing Raspbian.
- Download the image from https://drive.google.com/file/d/0B1KiYGoUoNwGem8tZlRxeEVwRHM/
- Check .gz md5 sum: 7f8b0507e0b58cbc301b39550c59e33d.
- Decompress the image.
- Check .img md5 sum: b68d21f1c0e6b200985a29869491fbf0.
- Use dd or whatever windows uses to push the image to your sd card.
- Ensure ethernet cable is connected and boot.
/root/Wiegotcha/fixclock.shto set correct time to hardware clock.
- Proceed to Hardware Installation.
Manual (longer) Mode
"Manual" installation is still fairly straight forward. Feel free to explore install.sh and laststep.sh to fully understand what they do.
- Burn a fresh raspbian SD card. You can use Jessie or Jessie-lite.
sudo su -to become root
apt-get update && apt-get -y install git #Skip this step if you're using full Jessie
- In /root run
git clone https://github.com/lixmk/Wiegotcha
cd Wiegotcha && ./install.sh
- The install script will walk you through everything, including a reboot.
- After first reboot run
screen -dr install(as root)
- Follow instructions to complete final steps of installation.
- Proceed to Hardware Installation.
Thorough instructions: http://exfil.co/2017/01/17/wiegotcha-rfid-thief/
- Place the RTC on the RPi's GPIO starting at pin 1 (top left), going down the left side to pin 9.
- Run RPi pin 4 to Level Shifter HV in.
- Run RPi pin 6 to Level Shifter LV gnd.
- Run RPi pin 11 to Level Shifter LV 1.
- Run Rpi pin 12 to Level Shifter LV 4.
- Run RPi pin 17 to Level Shifter LV in.
- Reader TB1-3 to Battery Ground (Black).
- Reader TB1-1 to Battery 12v (Red).
- Reader TB2-1 to Level Shifter HV 1
- Reader TB2-2 to Level Shifter HV 4
- Reader TB1-2 to Level Shifter HV gnd.
- OPTIONAL: Remove Speaker.
- OPTIONAL: Solder haptic motor.
Links change quite often but I try to keep the BOM list at the bottom of the blog post updated: http://exfil.co/2017/01/17/wiegotcha-rfid-thief/
- Raspberry Pi 3
- RFID Reader (Maxiprox 5375, Indala ASR-620, iClass R90)
- Level Shifter
- DS3231 Real-time Clock
- Micro SD Card (8GB or larger)
- 12v Battery with 5v USB
- Jumper wires (I use 5 Female to Female and 3 Male to Female)
- Short USB Mirco Cable
- Haptic Motor (Optional)