Can KBR1 read a writeable section?

I just ordered a KBR1 reader, and I am wondering if it can read and print out a writeable section of the chip, rather than the UID? Reason I am asking is that I want to use it for login to my work laptop, which is completely locked to me as user. I am not allowed to use a PIN for login, only passwords. Also, I am required to change password from time to time, which will make UID as password impossible after first period.


Nope, sorry.

Are you also restricted from installing software on this laptop? If not, you could install rohos logon key, and use your implant to log in without worrying about when you change your password or having to set it as a pin code. :slight_smile:

Yes, absolutely. Nothing but approved software can be installed. Then I’m all out of luck.
Is there any other similar reader that can do this?

You could make a small converter box with an RaspPi or something that would read the UIDs at one end, and emulate a keyboard at the other end to type out the corresponding passwords.

Thanks for the tip, but it’s not a very elegant solution. It’s something with having the actual password in your hand. I find it strange this is not possible, the writable sections are readable, so technically there should not be a problem.

Yeah well, there’s nothing elegant about a keyboard wedge and inputting passwords in forms “as if typed by a person”. But absent a better solution, that’s as good as it gets.

Almost all keyboard wedges output the lowest common denominator of all NFC / RFID tags, that is, the UID. Some readers can be more clever and can be programmed to read something at a predefined address and output it as a HID device (keyboard), like the Elatec TWN4. The problem with the TWN4 is, the performances are abysmal with glass implants. It would work well if you have a flex though.

Also, I don’t know where you are, but be advised that keyboard wedges all output US keyboard scancodes. If your computer is using another layout - particular AZERTY or something similarly French - you’ll get a mess of characters instead of hexadecimal numbers.

Thanks for good info! Much appreciated.

You could use a digistump digispark and an RFID reader module to read a specific location and output it directly as though it was a USB keyboard.

This would still use the chip, but it would essentially be a custom KBR1.

1 Like

Thinking about it it would be better to keep the password encrypted on the RFID tag, and decrypt it in the microcontroller and output it as though it was a USB Keyboard.

The issues are going to be encrypting the password to put it on the tag, and placement on the tag. (I would think we would want it placed at the end of the tag so that you can still use the tag for NDEF if you want.

There is no need for encrypiton here. Encryption only makes sense if the chip itself does the decryption with its own, inaccessible decryption key, to foil replay attacks. Here we’re talking about a dumb chip that will always spew out the same unlocking sequence when presented to the reader - be it a special block being read, or an unlock command if using the chip’s own password feature.

The security of this application depends entirely on (1) the reader not being compromised and (2) the user not getting their hand cut off or their implant sneakily read while they’re asleep - which is also why dumb implants are a surprisingly valid authentication proposition for common, low-security applications.

Of course, if the user’s implant is a crypto chip and they can key it, then they can foil (1) too. But at the end of the day, a password in clear will travel through the USB cable to the computer, so it’s kind of moot.

I was assuming that it would be best to encrypt that data so that anyone just sniffing the chip does not get a copy of the plain text password. Particularly if it is being used to carry other data too.

I realise that it is unencrypted between the “keyboard” and the computer, but the question for me is should it be encrypted at rest too.

Yeah but that’s what’s great with implants: sniffing the chip just doesn’t happen - particularly with HF implants. LF implants can be sniffed from a considerable distance, and it’s quite conceivable that an attacker could read my foot or back EMs without me noticing for instance (although they’d have to know they’re programmed as dual-EMs :slight_smile:) But if you try to read any of my dumb NFC chip, there isn’t a snowball’s chance in hell I won’t notice.

Chloroform? Check.
Proxmark3? Check.
Rosco’s current location? Rats, I hate it when a plan falls apart. :laughing:

1 Like

Like I says, it ain’t happening :slight_smile:

Incidentally, have you ever tried to use chloroform? We did with my brother as kids (don’t ask…): it’s the nastiest shit ever. It takes forever to fall unconscious, you go through intense nausea before you do, and when you “wake up” (more like get back to your senses really), you’re left with a sensation like you have a flu for 2 weeks. Chloroform-soaked rags rendering people unconscious in seconds only happens in movies, believe me.

1 Like

I’m more concerned about someone foolishly saying “Here, scan the NDEF data on this tag” and the person scanning it also grabbing the password. If the crypto routines can fit in the space it won’t hurt to have them. One of the Arduino crypto libraries I looked at was claiming speeds of 50ms for symmetric encryption/decryption. The public key times of 2-4 seconds are unusable but I think if it is fast enough it should be good enough.

As you can tell, no. I have knocked someone out before though. :unicorn_anger:

It is security through obscurity. That attacker would have to know the NDEF also unlocks the target’s computer. Pretty unlikely if the target didn’t tell them.

Yeah, if you stick the magic word out of the NDEF, then the attacker would have to read the entire chip and emulate it on the keyboard wedge to be sure - as opposed to simply writing a card with the same NDEF. But honestly… That’s what I’m saying: it’s all really quite unlikely. And if you’re that concerned, then don’t use that implant for anything but unlocking the computer.

Fair enough. Do you think there are enough people who might want a writable password keyboard wedge to make it worth tinkering with the concept (even without crypto) or is it just a non starter? Total parts cost should be somewhere under $10 (possibly under $5).

Oh definitely worth tinkering. Tinkering for the sake of tinkering is always worth the effort.

But for ekt’s application, assuming he doesn’t work at some secure nuclear facility or something, his original problem is supplying a password he can’t change to a Windows computer he can’t install anything on using a keyboard wedge he can’t change the output format of.

In his case, my reading of his problem isn’t so much security as it is translating some midly personal and difficult-to-get-at piece of hexadecimal information (the UID of the chip or a word somewhere in the implant’s memory) into a Windows password. He needs a translation box of some kind between the keyboard wedge and the computer, or a programmable-output reader that can read implants (good luck on that one) or a dedicated reader that he could build himself. But the security aspect of it is strictly physical anyway - i.e. keep your hand off dodgy people and don’t let no-one plug that funky fob on the USB port.

The digispark digistump has libraries and a USB Plug that make it capable of pretending to be a USB keyboard. So if it can get the password from some writable location in the chip then it can just write it out to the computer as though it was a keyboard.

I already have all of the hardware, so it would be just a case of programming.