(*****) Uhlmann & Zacher CX2172 NFC / BLE smart door handle review

Sounds like typical non security people trying to make things secure

I recently found out, my company’s access control, is done by HR

…you mean HR tells IT how they want it right?..

Nope
Hr is the one running the access control show, which honestly explains some stuff

1 Like

In this case, I think it’s more a case of some low-ranking guy entrusted with something, playing strictly by the book to avoid trouble.

As for HR running security, that’s the case in my company: the lady who gave me my original access tag didn’t want to hear nothing about cloning, or enrolling my own implant into their system, or anything like that. She gave me THE tag, and just I use THE tag because it’s very special and authorized by the highest security authorities or something. She just didn’t understand anything about RFID and did exactly what the authoritative-sounding guy told her to do.

My school has the same concept of “the mysterious works of keycard”
we receive the card (it is also our photo id) and then have to send it away to another campus to get it programed, i tried to contact them about enrolling my implant or just what chip type was in the card (ended up finding it out via my ACR later) They wanted nothing of it, the concept of questioning anything of the sorts was confusing to them and some suspected me of wanting to break into the school??? (so dumb coz obviously its still registered to me, and their security shouldn’t be that dumb to allow student cards access after hours)

It’s black magic to them. If you show that you understand it, you instantly become a suspicious “hacker” who might very well be able to call WOPR and set off WW3.

That’s why it always almost works better to ask permission to enroll an implant when the guy in charge of access control is an IT type.

3 Likes

Agreed, I’m fine with just cloning it anyway, my teachers don’t mind and no one is gonna mention it so

When I started my “scouting mission”

My first question was, does IT manage it?
…I can reason and negotiate with nerds

…no?.. security? Maybe I can buddy up and get on their good side and … what’s that? It’s not security?

…it’s who?.. HR? …wtf put HR in charge?..
There can be no victory with the bureaucrats

3 Likes

It’s not a question of bureaucracy, or whether HR people are narrow-minded. It’s a question of knowledge.

If I was put in charge of a swimming pool and I was told not to allow kids under 10 in the deep end, I wouldn’t, even if some guy came with his son and told me he has a gold swimming certificate. Because… well, I don’t know why the rule was put in place, I don’t know anything about swimming pool design, maybe there’s something dangerous for smaller individuals in the deep end…

Don’t blame HR, it’s not their job. Someone put them in charge of security badges and they do exactly as they’re told to carry out the task - and probably using excessive authority to deflect objections they have no answer to.

It’s often HR actually because they hire and are the first to know of firings and usually everyone views it at HR’s job to issue and collect “keys to the building”… and yes they see rfid badges as keys.

Yea they actively try to get peoples badges back at work

I seriously want to “loose” my badge and get a replacement, just to test to see if the old one still works

Also, you can imagine my poker face when I was asking to use my chip, and they insist it’s not possible,

After I “tested” my proxmark

For those in Scandinavia (Sweden, Norway, Finland), if you want to get a U&Z CX2172 door handle, you can contact the Finnish distributor that supplied mine: I asked them if I could mention them here, and they said they’d be happy to serve private customers in our neck of the woods.

I can just imagine you asking, them saying no, and then you just using your chip right in front of them on the way out…

I they would probably flip out lol

1 Like

That’s kind of what happened to me: the lady in charge of giving out the tags was adamant they were “high security devices”, they were irreplaceable, that the security company that supplied them had a limited number of them and don’t you lose it, etc.

Then maybe a week later, after I received my xEM, programmed it and implanted it, she started seeing me getting into the building without the high-security tag. She’s been looking at me suspiciously ever since, but hasn’t said anything yet.

4 Likes

My CEO is against implants, but we can bssically do what we want now since we get a new door reader and cards anyway.

One day he tries to show off his cool new keychain which allows him to forget his wallet.
I laughed and showed my implant.
No reaction… just silence…

1 Like

I hadn’t cloned to my chip yet

I had cloned to t5577 card, and pulled the sleight of hand of making it look like I was presenting my work badge, but actually presenting the cloned card

I’ll be testing my chip at some point now that it’s cloned, won’t be a regular because they are dumb, but I can fake having my badge and use my chip
If needed

I half considered showing them if was possible but figured I’d get an emotional reaction not logical that wouldn’t be conducive to my goal

1 Like

Well bummer: I was about to order a second handle for the storage area just outside the company building. It was a perfect fit for that particular door, only I have to drill a couple holes in it to fit it.

So I asked my boss permission first, and he said: “Weeell, now you see, the problem with that storage area is, we kinda built it without asking the other co-owners of the building their opinion, and they’ve been trying to get us to tear it down for the past 20 years. Now we’re in a sort of truce: they don’t like it but they quit bothering us with it for now. So I don’t really want them to see a new handle on the door, because they might go on the offensive again.”

Damn and blast… Now I have to build some homebrew solution that stays hidden on the other side of the door, when there’s a nice commercial option available :frowning:

Disguise the new handle as an old handle lol

Can’t do that: There is no handle right now - just a key. That’s why I have to drill holes: the lock case can take a handle, but none was fitted originally. Right now we open the door only with the key.

What about a xAC activated thing that manually turns the key/knob on the other side?

Yeah that’s what I’ll do probably. There’s a thumbturn on the inside of the door. I’ll probably make a custom one with a big-ass servo in it. The most important thing is that it shouldn’t look geeky or anything: this is not my home, I need to make a really clean install.

1 Like

Question, how do you make the servo turn one way a certain amount and the other a certain amount on alternating activations with just the xAC? Or do you throw an arduino in there as well?