Unlocking PC with NFC implant

Hello,

I was wondering if anyone has had any luck in getting their PC to unlock with these implants ?

Both in a windows domain joined machine and home.

If anyone has a list of kit or info it would be very appreciated.

Also can you use the one implant to unlock your phone and your PC ?

Kind Regards

I personally use an ACR122U for computer login. There are two software packages that work well for Windows login:

ISLOG Community Edition
EIDAuthenticate & NFC Connector

If you’re wanting to use the xNT or flexNT for PC login, then I’d try the first option. It’s free and works well enough. The second option is not free, and possibly a bit less user friendly, but it will become useful in the near future with the release of VivoKey. Also, EIDAuthenticate needs a REG file to be loaded so the PC/SC system recognizes the xNT / flexNT as usable for authentication. Unzip and execute these REG files to register the proper links for x-series tags:

x-series_smartcard_reg.zip (1.3 KB)

2 Likes

Vivo key looks awesome !

Might just get one implant until that’s released .

Will check those out thank you.

Can you easily just clone other tags into the implant with a phone or is it worth investing on a proper reader ?

Instead of replying about cloning, I wrote this post… hopefully it makes sense.

That’s perfect thank you

Edit:
I couldn’t get this to work and was originally asking for help, but managed to get this to work finally so here’s a quick guide for those who run into this in the future and just want to login to windows from their own PC and don’t have a full AD setup.

  1. Install the driver for your ACR122U (I’m not sure if this is critical, but it seemed like the right thing to do)
  2. Install the FREE version of NFC Connector it should be called NFC-CSP-Light (the Enterprise version is kind of a dick and doesn’t play nice with the reg edit provided above and I couldn’t manage to get it to work with it’s own registration software either. That might be because I don’t know what I’m doing though, so if you can figure that out let me know.)
  3. Run the reg edit from above
  4. Open the NFC CSP Smart Card Manager app and add a certificate for your implant
  5. Now install EIDAuthenticate and associate the certificate from your implant with your account in the configuration portion of the installer.
  6. Enjoy sweet victory and login with your hand. Unfortunately yes, you will still have to press enter on the PIN screen even if you don’t use a PIN.
3 Likes

alternatively, you could turn off the password for your account (less secure) or use this as a two step authentication (more secure), you could use some form of Arduino, a relay, and a rc552 reader and wire it up to your front panel port on your motherboard. here’s some links,


I primarily use Linux, and wrote my own scripts to log in, and lock/unlock sessions (https://github.com/Giraut/nfcutils). Under Windows, I use Rohos Logon Key for machines on a domain (not free) and ISLOG Logon NFC Community for standalone machines (free).

I posted a slightly more detailed writeup of what I have going, including a couple of videos, in this thread on the biohack.me forum: https://forum.biohack.me/index.php?p=/discussion/2715

(I hope it’s cool to link to another forum. Otherwise, my apologies and feel free to delete my post…)

5 Likes

Free information exchange is what forums are about :wink:

So, for the NExT they have an automatic code that gets typed out when scanned. You could just change the password on your PC to match. I took apart the USB reader from dangerous things and hard wired it in and mounted it inside my Chromebook to the left of my touchpad. It picks up the tag through the plastic no issues and automatically enters the code and logs in all with one scan. Simple solution if you don’t want to get into the nitty and gritty of trying to encrypt any further.

2 Likes

I had the same idea and had it on my list of things to do, glad somebody has done it successfully.
did you wire directly to the usb port internally? if so does it render the port unusable externally, does it cause any COM port conflict or similar? (the reason/ excuse I haven’t tried it yet)

I also considered placing the reader behind the screen,

  1. Open screen
  2. hand swipe behind
  3. Access granted :keyboard: :old_key:

but I foresee the cable run being the tricky part even with ribbon cable?

Unsure if this should be a new topic or not, I apologize.

I’d like to unlock a domain PC with my NFC chip. I can’t really see convincing my company to install Rohos, and was wondering if I could use a scanner for keyboard emulation, similar to the KBR1.

It would have to read a record off the chip however, rather than the serial, since I can’t use a pin at work. Is there any software out there I could use to say read record 2 off my hand and throw it in the password field with an NFC reader, or is that something I would have to go about setting up myself?

Depending on how exactly your work PC is administered, you may not need nobody’s approval to install Rohos. Just try to install it: if it works, you’re good to go. If it says you need admin rights, well, too bad. But the point is, no need to ask your administrator to try it out, and he’ll be none the wiser one way or the other.

Also, if you’re able to install it and you get flak over it later, remember: it’s easier to ask forgiveness than to ask permission - particularly since the admin themselves would have let you have the right to install it, and it’d be their fault if you shouldn’t have had it :slight_smile:

1 Like

I was thinking about just doing it for the sake of seeing what would happen, but the needing a PIN as well seems tedious. I’m the “I’m too lazy to press enter every once in a while, let me spend weeks writing a program so I don’t have to” type of lazy

1 Like

Well, funny you should mention the PIN number: at my previous work, my Rohos install insisted on it. But at my new workplace, I installed it this morning and it doesn’t for reasons unknown. It’s great: I just have to wake up the PC and run my hand on the reader to log in or unlock the screen.

Maybe it depends on your particular PC / login setup / Windows version or something. Anyway, worth a try. Worst case scenario: you absolutely have to have a pin, then set “0” or some other single-character thing to lower the annoyance factor.

You have the hardware option with the KBR1

Or if you want to use a PC/SC reader like the ACR122U and some keyboard emulation software, I actually made some software that does exactly that;

2 Likes

Sorry I’m not adding to the convo, is there any windows software that you can import your own key to and unlock your desktop? I tried ISLOG logon but I can’t seem to import a key.

It was easier on linux with my bash script.

The KBR only reads the UID though, correct? I’ve got it set up as a PIN on my home PC, but we can’t use PINS at work, and have to change passwords regularly.

Would you be willing to share the source code for your wedge application? I’m purely a database guy, but my coworker may find it super helpful to modify an existing app rather than us tinkering around and learning all this from scratch.

One of my coworkers in the Development department and I are planning on playing around with one of thoese White NFC scanners, and if they read all the records on the chip, are planning on writing a little program to function somewhat like this:

  • Install Program.
  • Select the record that contains your password in a configuration window (record 2 in the attached image)
  • Scan hand

It’s not going to do anything fancy. You scan your hand, and the program will wake the PC, pass in the string, and press enter.

Still need to give Rohos a go today though, because if what Rosco experienced with it not asking for a pin is still a thing, I’d totally use it.

If you mean the serial on your chip, the KBR1 by itself should be satisfactory.

  • Open up notepad, scan your hand into it.
  • Create a windows PIN or change your current password to the string notepad captured
    (Write it down, in case something goes sideways with this setup)
  • Lock your PC, Get to the login screen where the cursor is flashing in the text field, and scan your hand. It should enter the text and press enter for you

I already have an ACR122U I can get the serial using DTwedge but when my PC locks it suspends the service and can’t type anything.