Improved keyboard wedge

So, I have a half working prototype of an improved keyboard wedge. So far I can pull a passphrase from a random location on a mifare 1k.

Tomorrow I will start work on the USB keyboard output portion.

This is an RC522 RFID reader attached to an adafruit trinket m0. The trinket is mounted on a small breadboard for ease of use and the white wire is not actually in use it was just plugged in up there to keep it out of the way.

Total parts cost about $15. I was originally going to use a digispark but it wasn’t much cheaper and had a much less capable chip on it.

I will document it more thoroughly once I have the keyboard part working.


Will it be alpha numeric capable?
Any ntag compatibility?

Yes, it should be able to produce any sequence that you can type, the idea is that you can store any valid password and “type” it in for you.

I have tested an Ntag216 and it should work, but that is part of the expanded card work for later.

1 Like

This is so cool, are you planning on publishing the code?
If so, I’ll pick up the parts and make a 3D printed case for it.

Edit: I’m not sure if it was clear, but I’ll post it and send you a few if you want them.

Can you give examples of the uses?


1 Like

I am planning on publishing the code, and it will be open to others to do what they want with it.

I will also provide detailed instructions.

The card reader module is about half the size of a credit card, while the trinket m0 is about 1" x 0.5" (25mm x 12mm)

1 Like

The main intended use is to have a changeable password stored on an RFID chip. The KBR1 only outputs the UID, but that isn’t normally changeable. This allows you to have an arbitrary length of password, with a mix of characters and instead of typing it you scan your RFID card and it pretends to be a USB keyboard and “types” the password for you.

This allows people with more restrictive password policies to use an RFID chip for their password.


I like it!
Please make it simple to implement :innocent:

That’s exactly what I was hopping :+1:
Thanks for working on this.


So, I now have a working keyboard wedge, but I want to do some more testing, and increase the number of card types it can use.

At the moment only MiFare 1Kb cards are supported.

If a card is presented to the reader it looks for the string DNGR and then writes from there until the first null byte out as a USB keyboard, it then sends a return keystroke.

Electronically you need an adafruit trinket m0 and an RC522 RFID card reader with an SPI interface. Seven connections need to be made, and while female to female Dupont wires will work you do need to solder the headers onto the Trinket M0.

The connections from the RC522 to the Trinket are:
RC522 - Trinket M0
SDA - 0
SCK - 3
MOSI - 4
MISO - 2
IRQ - No Connection
GND - Gnd
RST - 1
3.3V - 3V

You will also need a micro USB to whatever format your host USB port is cable.

I will write up a more complete document with pictures and upload it with the Arduino sketch once I have added a few more card types.

I will also see if I can put together a starter guide on how to upload an Arduino sketch to the trinket.

1 Like

Awesome :+1:
Thanks for posting the wiring, I should have my parts by end of week. Hopefully I can have a first run at a box sometime next week …

Also looking forward to your code for other projects :sweat_smile:
I really suck at coding (I mostly do ladder logic), but hardware all day long …

It has struck me that I am handcrafting the tag with the password on it. Do I need to add a mechanism to write a password to the tag?

Triggering that is going to be harder as I don’t believe we have any spare I/O ports on the Trinket M0. (If someone was to create a custom board we could free up some of the I/O ports used internally and add a “write mode” button.)

What about going into the code/IDE when adding/removing tag and passes and re-upload to the chip?
It avoid and tag management and re-write code …

There is no tag management. The KBR1 Reads any tag and outputs the UID so you can use the UID as all or part of your password.

This reads the tag data looking for DNGR(pa$$w0rd)\NULL where \NULL is a zero value byte and (pa$$w0rd) is any password string and it outputs the password string.

So multiple people can use the same wedge to login but different passwords.

Haha I did something similar with a promicro and pn532.

I’m using the 2nd sector of my xsiid so no issues there. The password was generated by the arduino and written to the memory. Now it’s just read :slight_smile:

Should add that the only problem is I’ve lost the sketch so without a way to read from the promicro I can’t replicate :sweat_smile:

1 Like

This version doesn’t care about where on the chip the password is. It is looking for the header DNGR and then taking the next bit as a password. This could be interesting if someone put DNGR on their chip elsewhere, so perhaps I should make it something less likely. ZPKW perhaps…

If the header isn’t found on the chip anywhere I suppose it could look for a blank space and generate a random password to put in there. That doesn’t allow you to change the password at all though.

That sounds cool :+1:
Any way to tweak it to read the UID and generate a password from it?
I’m thinking about this for my work computer, I have to change the pw every 5 weeks (with a bunch of restrictions/limitations) …
If we can do UID to password conversion, I can enter an NFC UID and not worry about how the chip is programmed …

Password generation based on a UID would probably generate the same UID (I mean password) every time.

The Trinket can also act as a USB drive, I wonder if I can have it check for a file and if that is created then it programs the chip with that password. You could then run something like pwgen and generate a password and it would program the next chip with that new password. That would allow you to change your password and then program the password into the chip.

1 Like

Wow, that’s even fancier than I was thinking :thinking:

I was more along the line of “I read UID x so I type password y”
When you want to change the login password, go in the code, change it and re-upload to the wedge …

I don’t want people to have to go into the code or reupload it normally. I want this to be as much as possible a consumer product once it is built.