(project / Guide) RFID login

I wanted a simple way of quickly logging on to my computer without having to typing my password in and did not want to have no security either.

There are various products on the market that would solve this problem from fingerprint readers to proximity dongles but i decided to see what i could knock up with parts i mainly already had.

Looking in my micro stuff i had a RC522 RFID tag reader 3.3v :

Also an 3.3v arduino Leonardo clone aswell based on a sparkfun pro micro which also can act as a USB device such as a keyboard. This is useful as if a 5v arduino was used a level shifter would be required due to the RC522 not being 5v torrent.

How it works

When the chosen cards is presented the arduino will act as a keyboard and simply type the stored password in followed by a carriage return .

Wiring

As mentioned, both devices being the same voltage ,3.3v made wiring so easy !.

 RC522 (3.3v)  Arduino pro Micro
vcc 3.3v
RST pin 5
GND GND
MISO pin 14
MOSI pin 16
SCK pin 15
SDA pin 10
IRG NC

 

Code

I used the Arduino library for MFRC522 by Miguel Balboa , so you will need to add this library to arduino.
Please note this is only a very basic example and the password is stored in plain text in your arduino document ,  so this is very much proof of concept and has just been thrown together. It may also be a good idea after uploading to arduino to and save your arduino document with the password blank.

UPDATE!  Please also see RFID Login software Update ! for the latest software example .

 

//

// Example By Luke (www.ls-homeprojects.co.uk)
// Free to use this code how you like but please link my site
// Modified example for Arduino library for MFRC522. 
// Credit to Miguel Balboa for provided a great library and examples ! https://github.com/miguelbalboa/rfid.

// Please note this is just a proof of concept Example and should not be used for sercuity applications !



#include "Keyboard.h"
#include "HID.h"   // This is required for this to work with window 10
#include <SPI.h>
#include <MFRC522.h> // This can be 

#define SS_PIN 10
#define RST_PIN 5
 
MFRC522 rfid(SS_PIN, RST_PIN); // Instance of the class

MFRC522::MIFARE_Key key; 



//----------- settings ------------------------------------

#define enable_serial 0             // set this to "1" to enable serial port
unsigned long my_UID = 12345;       // This is the id of your card displayed in serial terminal 
//// 


// Init array that will store new NUID 
byte nuidPICC[3];

void setup() 
{ 



if (enable_serial == 1){        // Enable serial port for getting code 
Serial.begin(9600);

while (!Serial) {
   ; // wait for serial port to connect. Needed for native USB port only
 }

}





  
delay(500);
Keyboard.begin();
delay(500);
SPI.begin(); // Init SPI bus
rfid.PCD_Init(); // Init MFRC522 


}
 
void loop() {



  // Look for new cards
  if ( ! rfid.PICC_IsNewCardPresent())
    return;

  // Verify if the NUID has been readed
  if ( ! rfid.PICC_ReadCardSerial())
    return;

//  Serial.print(F("PICC type: "));
  MFRC522::PICC_Type piccType = rfid.PICC_GetType(rfid.uid.sak);
  //Serial.println(rfid.PICC_GetTypeName(piccType));

  if (rfid.uid.uidByte[0] != nuidPICC[0] || 
    rfid.uid.uidByte[1] != nuidPICC[1] || 
    rfid.uid.uidByte[2] != nuidPICC[2] || 
    rfid.uid.uidByte[3] != nuidPICC[3] ) {
   // Serial.println(F("A new card has been detected."));

    // Store NUID into nuidPICC array
    for (byte i = 0; i < 4; i++) {
      nuidPICC[i] = rfid.uid.uidByte[i];
    }
   

// CONVERT UID into Unsigned int as easier to match up to a saved value.
 unsigned long UID_unsigned;
  UID_unsigned =  rfid.uid.uidByte[0] << 24;
  UID_unsigned += rfid.uid.uidByte[1] << 16;
  UID_unsigned += rfid.uid.uidByte[2] <<  8;
  UID_unsigned += rfid.uid.uidByte[3];



  long UID_LONG=(long)UID_unsigned;



  if (enable_serial == 1){        // Enable serial port for getting code 
 Serial.println("UID as a Long int , please make a note of this and :");
 Serial.println(UID_LONG);
  }

if (UID_LONG == my_UID) { // IF Presented card = uid in settings then... type password in !

 delay(100);
  Keyboard.write(KEY_RETURN);  // modify key squence here for other logins other than windows 8/10 !
   delay(1200);
  Keyboard.print("my_password");  //As this is plain text may be a good idea to delete after compiled .
   delay(400);
  Keyboard.write(KEY_RETURN);

    delay(400);

  nuidPICC[0] = 0;  // Simple fix to allow the same card to work with this rc522 Example
}







    
  }
  else //Serial.println(F("Card read previously."));

  // Halt PICC
  rfid.PICC_HaltA();

  // Stop encryption on PCD
  rfid.PCD_StopCrypto1();
}

 

How to use

1) First Set “#define enable_serial” = 1  to enable serial output.
2) Open a serial terminal with 9600 baud
3) Swipe a card and make a note of  UIDs .
4) Add recorded card UID to line 27.
5) Add login information to the keyboard section line 113 , modify the key squence for other OS’s and applications .

Case

I designed and 3D printed the smallest case i could round the arduino and RC522. I will post this up on Thingiverse soon.

wp-1460311853163.jpg

Complete, with the lid screwed on

Ok wires could be shorter !

Ok wires could be shorter haha  !

 

 

 

 

 

 

 

 

 

Future Improvements

1) Able to store multiple login information
2) Passwords stored encrypted
3) Add and modify data without using arduino IDE.
4) limit number of tries
5) Store the password on the Card itself

 

Conclusion

I have found this project really useful and use it all the time. One interesting problem that I had was when using windows 10 , I had to reconnect the USB cable every time the computer booted up but found a simple fix (add #include hid.h). The problem was due to the Arduino acting as keyboard (working ok on desktop using pro micro hid driver) but not as generic hid keyboard so not loading a hid keyboard driver .

COMMENTS

Telemin

Neat, but a word of warning is that this setup is trivially brute-forceable. There is no attempt rate limiting in the sketch so an attacker could quickly cycle through all possible card ids using any rfid-device that can masquerade as a tag, and get very quick access to your machine.

A preferable idea would be to store the password encrypted against the id of the tag, *and not store the correct id on chip*(this is important) so that if someone gets hold of a memory dump of the arduino it is harder to recover the plaintext password. This leads to the system attempting to log in whether or not the correct card is presented, but that is no bad thing as it acts as a form of attack rate limiting.

    Luke

    Telemin, i do completly agree with your points and would not suggest my example is used for anything other than a bit of fun at present. I think there’s a few improvements to be made and will try to atleast limit the number of tries. Also possibly could have the option to send the wrong password that could lock out the user account should the sktetch thought some attack was happening but this would only work if on the system at the time.

    Thanks for your comment
    Luke

Josh Siefer

Nevermind. I was eventually able to fix it. Like I mentioned before, it seems that extra characters were causing some sort of hang-up when compiling. After attempting multiple different methods, I finally got it to resolve. Thanks again for posting this!

    Luke

    Josh , Glad you were able to sort it ! .

    As pointed out in previous comments , the method i have chosen doesn’t limit the number of tries so be aware of this when making your project. I’m planning to to fix this when i have some time …

    Give me a shout if you have any more issues.

    Luke

Brian McEvoy

I do something similar on my computer except I use the cheapo low frequency readers which simply type the serial number. I enter a text string on the keyboard but I don’t press enter then scan my card. The serial number is typed and acts as the second half of my password. It doesn’t have the elegance of a single action and it’s not true two factor authentication.

Ifrit

Hi,

Neat project !

I had a similar idea but never found time to work on the soft side…
Like you I designed a 3d printed box for it, but I gone for a screw-less assembly (if interested, you can find it here: https://www.thingiverse.com/thing:1729028 )
I must admit that I doesn’t warn about the voltage compatibility in the description … I will correct that.

Thanks you for sharing your work, I know what I’ll do this weekend 🙂

Alejandro

Nice!
I was thinking in this project for some time but have a time lack to do it, hehe.
I’ll test yours first.
Thank Your to share 🙂

    Luke

    Alejandro , Thanks glad its been helpful ! Remember to check out my other post with updated code as there is a few improvements i have since made.
    Cheers
    Luke

Ralf rbm78bln

Cool project!

Are you sure the rc522 is not 5v tolerant? I mean the power supply has to be 3v3, but the spi pins can bear 5v?

    Luke

    Hi thanks , glad it’s of some interest . Honestly I’m not sure , when I was researching this project most examples either used level shifters or a voltage devider between to interface with a 5v MCU so with the 3.3v supply just decided to make every 3.3v to simplify things . I can say I never looked at the rc522 datasheet , would be interested if you found some more information ?. Cheers Luke

Leave a Reply to Telemin Cancel reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.