And today we're going to use this tiny electronic device toe hack an r F i D access control system.

It's some real James Bond level stuff, but first, I have to briefly explain how this mocked up system works.

On the far left, we have the power supply.

Next is the controller.

That's essentially the brains of the operation.

This is the button you press from the inside of the door when you want to get out next to the dead bolt that holds the door closed.

And finally, we have the card reader.

This will take the information off a car door key fob like this transmitted along these wires over to the controller, which verifies the card is authorized and then either grants or denies access.

This set up differs significantly from those I featured in videos 10 40 10 45 because all the decision making is done on the secure side of the door.

That means I can't open this by bridging wires like I did in those videos.

All of the wires that would do that are over here on the controller.

There is nothing I could bridge or cut over here.

That would cause this bolt to retract.

But there is still a significant flaw in the system.

Communications between the reader and the controller are not encrypted, and that's something that we can take advantage off.

When I take this reader off the wall, I can access the wires behind it, and that's where this little beauty comes into play.

It's called an E S P K.

And once you press the wires into these self stripping connectors, it will monitor and record all communications on the line.

And that's just the beginning.

I already have one installed here.

There are four connections to supply power and to monitor transmissions between the reader and the controller wants power.

This will either connect to a local WiFi network or it will create its own access point.

I really connected this to my old cell phone, so let's scan a few cards and then we'll see what the E.

S.

P key has found.

Okay, let's refresh our browser.

You can see all of the cards we just scanned, and even better I can have the E S P key replay all of the information that was transmitted in a particular time which will fool the system into thinking authorized card was presented to the reader.

Now here's where it gets even more interesting.

We have this binary stream right here.

If I were to convert that binary stream into decimal, I get eight for 8176 I can use that number and this device to create a cloned card.

So right now I have a card that does not work.

Let's go ahead and read this card.

Edit it.

Put in the number 848176 Right that onto the card.

And right now, the system can't tell the difference between these two cards.

So if you are installing an access control system like this, it is really important to use one that only transmits encrypted data.

Otherwise, an attacker can compromise the system with very little effort.

In any case, that's all I have for you today.

If you do have any questions or comments about this, please put them below.

If you like this video and would like to see more like it, please subscribe.

And, as always, have a nice day.