SiRFIDaL - Simple RFID authentication for Linux

Not currently. It saves the file in a proprietary format in /etc with the UIDs encrypted, for obvious reasons. If you just want it on a server, the easiest is to stick it on a network drive mounted somewhere in the filesystem and symlink to it (or point it somewhere else in the script), or rsync it. If you really want to use LDAP, then I guess you’ll have to implement that bit :slight_smile:


I added support for the ChameleonMini, ChameleonTiny and ChameleonTiny Pro Bluetooth in SiRFIDaL.

You can connect your Chameleon device with a USB-C cable, SiRFIDaL will automatically see it (if you configured it properly), set the slot you chose in reader mode and transparently poll the Chameleon continuously for ISO14443A transponders in the field.

In other words, you can use your Chameleon as a regular NFC reader to log in and out, unlock your screensaver, send automated commands or passwords, emulate a keyboard wedge, and all the other fabulous things you can do with SiRFIDaL. Yeees, you know you want it :slight_smile:

This is pretty useful if you travel a lot with a laptop and you want to authenticate with your implant, but you don’t want to clutter up your laptop bag with a full-size desktop reader. Particularly if you own a ChameleonTiny, because it truly is tiny. Personally, I always carry mine in my pocket. Now it doubles as a reader I can use with my PC also:

I’ll add support for the ChameleonMini / Tiny over BLE when I finally find time to figure out the exact protocol. For now it only works with a USB connection. But at least there’s a rationale for it: you can charge the Chameleon while it serves as a reader at the same time, so it’s not just sitting there doing nothing useful.


That is an awesome addition, Thanks for sharing, I have a Linux Laptop and a Chameleon; I am whatever is less than a Noob with Linux, but I will put this on my list of things to do /learn.

Is it simply reading the NUID?
(Then I will only have to memorise 4bytes as a backup…and not change it)

It is UID-based, but it’s not like a keyboard wedge. It doesn’t “type” your UID. This is a proper PAM module. You can keep your normal password and either combine it with one or more RFID/NFC UIDs to do 2FA, or log with either for ultimate laziness like I do.

1 Like

I added support for the uFR Nano Online NFC reader over Wifi in SiRFIDaL.

The way it works is, you configure the reader to connect to your Wifi router, then you configure it in master mode, enable HTTP POST and point it to the computer address / port the SiRFIDaL server is running on - meaning it should have a fixed IP or a resolvable address on your LAN of course.

You can leave this little reader quite far from your computer, and it doesn’t need to be tethered to it by yet another cable. Nice.

As for the reader’s performances, it’s on par with the good ole ACR122U, despite being half the size. Digital Logic readers usually aren’t short of power. This one reads my IAR glass M1k without any problem:

And of course, like all Digital Logic readers, it has more lights than a Christmas tree, so it’s perfect for the season :slight_smile:

Seriously though, I don’t know why that company has such an obsession with ultra-powerful status LEDs: they’re so bright they’re almost painful to look at. This is my third Digital Logic reader, and each time I’m astonished by how bright the LEDs are.

1 Like

I feel this one, bit of a derail but I have a TCL TV in my bedroom. In their infinite wisdom they decided it should have a white standby LED that burns with the intensity of 1000 suns, and no option to turn it off.

To make it worse, it’s also where the IR receiver is, so can’t just put black gaff over it. Best solution to date has been multiple layers of red electrical tape…

I appreciate status lights, but come on guys, read the room!

I don’t mean to sound boring, but electrical tape is your friend :slight_smile:



1 Like

If a really bright LED is enough of an annoyance to me I’ll pop the case open and either cut it out or modify it to be dimmer.

@anon3825968 Could SiRFIDal be able to do more than just uid matching? Perhaps some cryptographic key or something like the spark 2?

1 Like

It’s setup for UID-only by design: it’s meant to be usable with as many different readers / protocols as possible, at the cost of sticking to the lowest common denominator.

Adding crypto stuff would be possible, but it would be a bunch of work.

I definitely could, I just can’t be bothered clearing out a big enough spot on my workbench to pull the back off a 48” tv when red tape does a good enough job. If it was a smaller TV I would for sure

1 Like


For information, I added support for networked readers that transmit UIDs through TCP, for the few ethernet-enabled readers out there (mostly industrial) and for things like this serial-to-wifi converter that let you use serial readers over TCP. Use this on your own secure LAN of course, as the UIDs are transmitted in clear-text.

1 Like

What about support for an ESP-RFID-Tool?

That’s a Wiegand datalogger. It captures UIDs from another reader and logs them for later retrieval by penenetration testers (or bad guys, depending on the use case). It’s not a reader.

I know what it is, but if it was supported then you could use any Weigand reader, by providing it with power and attaching an ESP-RFID-Tool. I actually use one with an unconnected HID reader as a test platform. I am assuming that you are not supporting Weigand natively, this would be an easy way to expand the supportable readers.

Well kind of. Among other things, SiRFIDaL supports any old reader that shows up as a character device or PTY in the system and outputs UIDs in LF-terminated text lines. So it’s more a hardware problem than a software support problem: if you manage to connect your Wiegand reader and it shows up in /dev, you’re good to go.

Typically, you want to do that with a Wiegand-to-serial converter. Or, you may have some board that reads Wiegand readers and makes the data immediately available through telnet, or with a HTTP server, or with a HTTP client that connects to a fixed server. SiRFIDaL supports all those schemes too.

But the key here is that it should get the UIDs in real-time. To my knowledge, the ESP-RFID just sits there and collects UIDs it sees on the Wiegand interface and stores them in memory, to be retrieved at a later date. That’s not what SiRFIDaL is for at all. Unless I’m mistaken and the ESP-RFID does have a mode to report UIDs in real-time that I’m not aware of, in which case, it might be supported depending on how it’s done.

I would have to check… I will dig mine out and let you know.

I’ve added support for the Halo Scanner to SiRFIDaL, thanks to the help of the manufacturer.

If you think this is cool and you like how they treat our little community, drop them a line next time you order a Halo Scanner.

Of course, video proof is needed :slight_smile: This is me locking / unlocking my session with my xBT:

Incidentally, I recently did a major code cleanup of SiRFIDaL. The new codebase is quite a bit more efficient if you have a lot of readers connected, and more importantly, the settings make a lot more sense.

Also, as a recap, here is the list of devices that SiRFIDaL now supports - quite a bit more than what it started with by now:

  • PC/SC readers (ACR122U and others)
  • Serial readers
  • Halo Scanner
  • HID readers (aka keyboard wedges, e.g. KBR1)
  • NFC-enabled Android devices (e.g. old cellphone you want to turn into a tabletop reader)
  • Proxmark3
  • Chameleon Mini / Tiny
  • Digital Logic uFR, uFR Nano, uFR Nano Online
  • Ethernet readers that push data to HTTP servers
  • Ethernet readers that serve up data as a TCP server

Hi Rosco, are you able to give any clues as to why my ubuntu setup isn’t working?
I’ve enabled my pm3 in the parameters section, and pointed the client part to the git folder (in my home directory)

However, when I run and then interrupt with ^C I get the following msg;

Traceback (most recent call last):
File “/usr/local/bin/”, line 99, in main
with scc.sirfidal_client() as sc:
File “/usr/local/bin/”, line 47, in init
self.connect(socket_path = socket_path)
File “/usr/local/bin/”, line 66, in connect
FileNotFoundError: [Errno 2] No such file or directory

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/local/bin/”, line 142, in
File “/usr/local/bin/”, line 136, in main
sleep(.2) # Wait a bit before reconnecting in case of error or timeout

Also, if I run sudo -a
it returns-
Error: [Errno 2] No such file or directory

This seems to indicate the socket file isn’t found, meaning the server isn’t running. Did you start

You can open another console and start it manually to check that it works, or permanently start it as a service if you followed the installation instructions in the README using systemctl enable sirfidal_server then systemctl start sirfidal_server

Also, the server needs to run as root, in case it wasn’t obvious.

(And yes, I realize at some point I really should package it properly :slight_smile:)