I’m also wondering if it’s possible if using the proxmark 3 just by itself and certain downloaded coding could I actually penetrate the door without previous fob key credentials? What I’m trying to say is do I actually have to have the physical fob key prior to applying the Mark 3 to the card reader is there a code or a program I could download to my proxmark 3 that will allow me to find the credential in order for me to open the door?
The only option would be to stand there for a very long time while you tried to brute force your way through thousands and thousands of card IDs.
3 Likes
Not to say that everything I see in YouTube is bona fide but I think I seen somebody download some firmware and it basically brute forced the door with approxmark 3 and like less than a minute what do you think about that?
Thanks for tolerating my rudimentary questions haha!
IMO if that were the case it must have been a rather terrible system.
Most door readers are 1-way receivers that link to a server and security application (e.g. Paxton), and the security application is what adds and removes RFID tags.
The receiver relays the card data to a centralized Access Control Unit (ACU) or server. The server validates the card against its database of up to 50,000 users, checks access levels and time schedules, and sends a release command to the electromagnet/lock if valid.
You’d need someone very lazy or uninformed that doesn’t use data encoding software or proper access time/restriction levels to poorly set up the system in the first place in order to brute-force 1 of the 50k codes. Not exactly impossible, but not secure by any standard.
I had some cheap door-access software running on a site about 10-15 years ago, and by default if someone tried to tamper with the system (brute force a UID or using a valid UID to brute force a PIN), that reader was locked out for about 5 minutes.
2 Likes