False Security William H. Payne Abstract “Why 130 million Wiegand cards are in use throughout the world . The most secure of all access card technologies. HID Wiegand cards are virtually impossible to counterfeit... any attempt to alter them destroys them! ... Since no direct contact with the card is required, they are totally enclosed, making them absolutely immune to the elements and a frustration of vandals. ... The secrets to the security of an HID Wiegand card are those little enclosed wire strips. Once corrupted, they won't work.” Access Control & SECURITY SYSTEMS INTEGRATION, September 1998 www.prox.com http/www.securitysolutions.com http://www.securitysolutions.com/ Bullshit. Fumble, Bumble and Inept Funds Electronic Lock Breaking at Sandia National Laboratories. Zola http://zolatimes.com/ Would this be worth some bucks? Want another FUN article? http://www.zolatimes.com/v2.29/bw1.html http://www.aci.net/kalliste/bw1 I would need a BRILLIANT EDITOR to help polish the ms. http://www.aci.net/kalliste/ On the other hand, we POSSSIBLY could get this UNFORTUNATE MATTER SETTLED before it gets WORSE. biru copyright bill payne 9/30/98 7:27 PM Counterfeiting Wiegand Wire Access Credentials Bill Payne October 16,1996 Abstract Wiegand wire access credentials are easy and inexpensive to counterfeit. Access Control & Security Systems Integration magazine, October 1996 [http://www/securitysolutions.com] published the article, Wiegand technology stands the test of time by PAUL J. BODELL, page 12 Many card and reader manufacturers offer Wiegand (pronounced wee-gand) output. However, only three companies in the world make Wiegand readers. Sensor Engineering of Hamden Conn., holds the patent for Wiegand, and Sensor has licensed Cardkey of Simi Valley, Calif., and Doduco of Pforzheim, Germany, to manufacture Wiegand cards and readers. ... A Wiegand output reader is not the same thing as a Wiegand reader, and it is important to understand the differences. In brief, Wiegand reader use the Wiegand effect to translate card information around the patented Wiegand effect in which a segment of a specially treated wire generates an electronic pulse when subjected to a specific magnetic field. If the pulse is generated when the wire is near a pick-up coil, the pulse can be detected by a circuit. Lining up several rows of wires and passing them by a cold would generate a series of pulses. Lining up two rows of wires - calling on row "zero bits" and the other "one bits" - and passing them by two different coils would generate two series of pulses, or data bits. These data bits can then be interpreted as binary data and used to control other devices. If you seal the coils in a rugged housing with properly placed magnets, and LED and some simple circuitry, you have a Wiegand reader. Carefully laminate the special wires in vinyl, and artwork, and hot-stamp a number on the vinyl, and you have a Wiegand card. IN THE BEGINNING Wiegand was first to introduce to the access control market in the late 1970s. It was immediately successful because it filled the need for durable, secure card and reader technology. Embedded in the cards, Wiegand wires cannot be altered or duplicated. ... Bodell's Last statement is incorrect. Tasks for EASILY counterfeiting Wiegand wire cards are 1 Locate the wires inside the card to read the 0s and 1s. 2 Build an ACCEPTABLE copy of the card. Bodell's clear explanation of the working of a Wiegand card can be visualized zero row | | | one row | | binary 0 1 0 0 1 representation Solutions to Task 1 A X-ray the card B MAGNI VIEW FILM, Mylar film reads magnetic fields ... Edmunds Scientific Company, catalog 16N1, page 205, C33,447 $11.75 is placed over the top of the Wiegand card. COW MAGNET, Cow magnetics allow farmers to trap metal in the stomachs of their cows. Edmunds, page 204, C31,101 $10.75 is placed under the card. Location of the wires is easily seen on the green film. Mark the position of the wires with a pen. Next chop the card vertically using a shear into about 80/1000s paper-match-sized strips. Don't worry about cutting a wire or two. Note that a 0 has the pen mark to the top. A 1 has the pen mark at the bottom. Take a business card and layout the "paper match"-like strips to counterfeit the card number desired. Don't worry about spacing. Wiegand output is self-clocking! Tape the "paper-match - like" strips to the business card. Only the FUNCTION of the card needs to be reproduced! History Breaking electronic locks was done as "work for others" at Sandia National Laboratories beginning in 1992 funded by the Federal Bureau of Investigation/Engineering Research Facility, Quantico, VA. The FBI opined that this work was SECRET/NATIONAL SECURITY INFORMATION. Details of the consequences of this work are covered in Fired Worker File Lawsuit Against Sandia Specialist Says He Balked When Lab Sought Electronic Picklock Software, Albuquer Journal, Sunday April 25, 1993 State-sanctioned paranoia, EE Times, January 22, 1996 One man's battle, EE Times, March 22, 1994 Damn the torpedoes, EE Times, June 6, 1994 Protecting properly classified info, EE Times, April 11, 1994 DOE to scrutinize fairness in old whistle-blower cases, Albuquerque Tribune, Nov 7 1995 DOE boss accelerates whistle-blower protection, Albuquerque Tribune, March 27, 1996 DOE doesn't plan to compensate 'old' whistle-blowers with money, Albuquerque Tribune September 27, 199