The main target group for this device is 26-37bit HID cards. For known card types both the binary and hexadecimal data is displayed directly in the log file for easy badge identification and also in case a clone of a card may be needed. For unknown card types only the raw binary data is shown. The device was made primarily for data logging and while there is a transmit mode, it is an experimental feature. Access to the log files and various settings is provided via a web based interface. The device has WiFi capabilities and can be set up to spawn its own access point or set to connect to an existing network.
- Firmware: ESP RFID Tool Firmware
- Install Guide: Wiring Diagrams and Connector Options
- Other Documentation on ESP RFID Tool Github Main Page
NOTE: Wiegand RFID reader is not included.
What is it?
A universal data logger that captures the raw binary data from a standard 5V Wiegand Interface. The device is capable of logging the credentials for access control systems or nearly any device that utilizes a Wiegand Interface such as RFID card readers, pin pads, magnetic stripe systems, and even some biometric readers. Wiegand Interfaces also do not have to be limited to just access control systems. The main target group for this device is 26-37bit HID cards. For known card types both the binary and hexadecimal data is displayed directly in the log file for easy badge identification and also in case a clone of a card may be needed. For unknown card types only the raw binary data is shown.
Intended use cases
- Security researchers performing red team assessments.
- Capturing card values to later be cloned.
- Replaying raw binary captures.*(see note below)
- Fuzzing access control systems.*(see note below)
- To create a standalone device for testing badges and or card readers without the need for a Wiegand Controller.
- Add a battery and a card reader to make the unit portable.
- Add a benchtop power supply to use for testing hardware.
- Installers troubleshooting issues with a card reader or the data lines out in the field or back in the office.
- Hobbyist experimenting with various systems that utilize a Wiegand Interface.
- Simulating an access control system using multiple units of ESP-RFID-Tool.
Why did you make it?
The designer Corey Harding says,
I designed the original prototype back in September 11, 2016 because at the time no sort of Wiegand logger existed offering WiFi and a web interface. Since then both the software and hardware has evolved drastically and I soon realized this device needed to be marketed so that people out there will have both a simple to use and affordable device to satisfy most Wiegand interfacing related needs. The software is open source and will always stay open source. This means everyone has the opportunity to review the code, in turn knowing that their device is safe to use. You may also modify the software if you so choose to better fit your needs. The software is built using the Arduino IDE so it is simple for both hobbyist and professionals to follow and or modify. This means that as the community grows using the product that the community itself has the ability to submit pull requests to the official Github repository to be reviewed.
What makes it special?
ESP-RFID-Tool can be combined with an RFID reader and a battery to create a portable standalone RFID badge logger, this is useful for security experts performing a red team security assessment but it is also useful for just testing badges on a desk to ensure they were programmed properly or to read the card number. ESP-RFID-Tool can also be integrated into existing systems which are permanently installed in a facility and in this case the ESP-RFID-Tool has no need for a battery and instead draws its power directly from the wiring in the existing installation. This scenario is again very useful for security professionals but it can also be used for installers testing and troubleshooting various issues with a reader, controller, or even the wiring itself. The device can be powered from 4.5V up to 18V. In the case a mistake is made in the settings page you can easily recover the device to factory defaults without losing your log file by bridging J3 while powering on or resetting the device.
The ESP-RFID-Tool is capable of reading the data from nearly any device that contains a Wiegand Interface and which outputs data from 1 bit long up to 4,096 bits long, although anything other than 26-37bit HID should be considered experimental. To read data longer than 52 bits you must increase the bit buffer in the settings page. With 26-37bit HID cards both the Binary and the HEX data will be displayed to easily make clones of a card and to make it simple to identify cards, otherwise for unknown card types, just the raw Binary is displayed, which can later be converted to HEX by the end user.
The ESP-RFID-Tool is also not limited to RFID technologies, many other devices may contain a Wiegand Interface as it is an access control system standard. This includes pin pads(keypad), a magnetic stripe(magstripe), biometric readers, and there are even non-access control related devices that utilize a Wiegand Interface.
The ESP-RFID-Tool also contains an unsupported experimental TX mode as well. In this mode you may transmit the raw Binary of a card or even perform a couple of fuzzing tests, these include alternating bits on the D0 and D1 line and the device also has the ability to send bits on the D0 and D1 line at the same time. Although please note that the device has an output of 3V3 volts so it is not guaranteed to properly trigger all 5V Wiegand controllers. This mode is unsupported and was used for debugging the software while it was being written, TX mode is only being included as a bonus feature. If you decide to use TX mode then do so at your own risk. The primary function of the device is for logging data and or testing a Wiegand Interface.
Software updates will be available from the Github page easily located at www.rfid-tool.com. You may update the software directly from the web interface or by using ESP Flasher R4 by April Brother, there is a compatible pinout on the board for flashing although it is left unpopulated to prevent from interfering with installations.
Both I(Corey Harding) and the team at April Brother hope that our product will bring you both a simple and affordable solution to your Wiegand Interfacing needs.