HID proximity cards encode a facility code and internal card number in hex on most cards. Decoding it is extremely easy and should take less than a minute. Equipent Needed: Omnikey Reader (I like the 5025CL) RFIDIOT BRIVO Card Calculator Steps: Run isotype.py from the RFIDIot tool kit and copy the ID: Past the ID into the BRIVO decoder: It is really that simple. A made a quick video demo (that is tinted purple for some reason): https://www.youtube.com/watch?v=0wmRDdAsur0 I have some writeable HID proximity cards on the way and will have a blog up soon on how to completely clone one.
As part of my research into RFID security I came across the "EM4100 RFID Cloner kit" by KBEmbedded which outside of having a terrible name is an amazing low-frequency (125 kHz) self-contained RFID cloner that can store and replay 16 cards. I was lucky enough to be in the Portland area this week and be able to have dinner with Kris Bahnsen who designed the board and he said the that he thinks he could rewrite the software to read and replay HID proximity cards which would make this a must have gadget for all security professionals. As it stands now this is an awesome $25 tool that is amazingly fun to play with and you should order one!
I have recently started investigating RFID security and picked up a Chameleon Mini. It is an amazing project with a ton of potential. In these quick demo videos I will show how to clone the UID of both a Mifare 1K 4B card and a Mifare 1K 7B card using the Chameleon. Cloning the Mifare 1K UID (Aria Card): [embed]https://www.youtube.com/watch?v=zqVXoF7_EqE[/embed] Cloning the Mifare 1K 7B UID (Oyster Card): https://www.youtube.com/watch?v=iv5MKq9RV8I These were both extremely simple to do. In the future I will be demoing how to take full card dumps from an RFID card and load it on to the Chameleon Mini for a "true clone". Tool List: ACR122U ChamelemonMini ZTerm LibNFC Cardpeek Oyster Card Aria Card Hardware Picture: Disclaimer: While cloning the UID isnt a full spoof of the card WAY (READ:MOST) more organizations rely on UID based authentication then should. While the tools say the UIDs have been cloned I have not tested these on any live systems and would not without permission.