Boscloner Pro: All in One RFID Cloning Toolkit
Frequently Asked Questions
Is the Boscloner open-source?
The Boscloner Classic is completely open-source. As a security tool aimed at penetration testers and security researchers, it is encouraged for the code to be reviewed, forked, and otherwise modified for your specific use case.
The Boscloner Pro is designed for commerical use on penetration tests for security consultants, as well as for our military and law enforcement customers around the world. This version of the Boscloner is patent-pending, as it uses a unique combination of hardware and software. Therefore, the Boscloner Pro is not an open-source project at this time.
Is the Boscloner patented?
While the Boscloner Pro is patented due to its proprietary combination of custom hardware and software, the Boscloner Classic uses open-source code and off-the-shelf parts; therefore, it is not patented.
What is the reading distance of the Boscloner?
The Boscloner Pro's Thor device can dynamically identify, crack, and capture both high and low-frequency RFID cards from up to 6 ft away in ideal conditions.
The Boscloner Classic uses an off-the-shelf HID MaxiProx 5375 for its long-range reading operations. HID Global's official spec sheet for the MaxiProx 5375 claims a reading distance of up to 3ft. While it is certainly capable of reaching distances of 3ft, many environmental factors can cause the MaxiProx 5375 to read at distances much less than 3ft, espeically when on-the-go and interference can become an issue. The average distance that can be expected in standard day-to-day situations is about 1.5ft-2ft, but can even be less than that in subpar conditions. Any limitations on reading distance are inherent to HID's MaxiProx 5375 and RFID technology in general. The Boscloner Classic's claims of reading distances "up to 3ft" come directly from HID's MaxiProx 5375 spec sheet:
What kind of organizations and individuals use the Boscloner?
While the Boscloner was originally designed with penetration testers in mind, we continue to see our Boscloner units used by many different customers all around the world. For example, we've sold large quantities of Boscloner units to law enforcement, military, and red teams not only within the USA, but to the international equivalents globally.
Is the Boscloner legal?
While we can't offer legal advice, it is highly recommended that you check with your local laws prior to purchasing and using a Boscloner unit. Generally speaking, the Boscloner falls under the same type of laws that impact a simple set of lockpicks. In many places, lockpicks are legal to purchase and use, but only on locks that you own or have written authorization to pick.
Simply put, check your local laws and only use the Boscloner on RFID badges belonging to you or on ones that you have written authorization to assess. We are not responsible for misuse of our product and all responsiblity and liability fall in the hands of the user themselves.
Do you ship the Boscloner outside of the USA?
Yes! In fact, half of all of our sales have been sent to our international supporters! During checkout, shipping and tax costs will be calculated for you; however, please keep in mind that certain countries have regulations on products entering their country and may charge an additional tax on your Boscloner purchase before allowing you to retrieve your package. As this varies from country to country, we can't estimate how much tax will be charged by your country -- therefore, our goal is to be transparent in this process and ensure you are aware of this potential charge. This additional charge, if applicable, is not collected or passed on to us in any way.
I have a Boscloner Classic, but the reading distance is only a few inches tops. How do I resolve this issue?
Unfortunately, RFID can be a flaky technology at times and is highly susceptible to interference caused by countless environmental factors. Please be advised, that any issues with reading distance are caused by technical limitations inherent with RFID technology and are not unique to the Boscloner, as the Boscloner Classic utilizes HID's MaxiProx 5375 off-the-shelf reader.
With that said, there are a few recommended troubleshooting steps you can perform to try to get the best performance out of your MaxiProx 5375 reader in your current environment:
- Reboot the MaxiProx 5375 by removing the power from the unit, waiting 10 seconds, and reconnecting the power.
- Ensure the MaxiProx 5375 reader is not near any other sources of power other than the included battery.
- Ensure the MaxiProx 5375 reader is far away from metal and all other RFID cards when first booted.
- Please consider only using the laptop messenger bag that is included with your Boscloner Classic purchase. Some bags might contain metal zippers or use a material that may cause unexpected interference, and in turn can limit the effective reading range of the MaxiProx 5375.
- When the MaxiProx 5375 first boots up, it auto-tunes itself to the environment that it is currently residing in. Therefore, if one were to have the MaxiProx 5375 laid out on a bed in their hotel room and powered on the unit, then placed the unit inside of the messenger bag, took the elevator down 15 floors to the street level, then walked 6 blocks to the client site...the MaxiProx 5375 reader is no longer optimized for your new environment. It is always recommended to power on the MaxiProx 5375 unit in the exact environment you plan to use it in for maximum effectiveness and reading distance.
Using the Boscloner Classic, I can't seem to successfully clone/write a captured card to the included T5577 rewritable card. What gives?
Interference is the likely culprit in this situation. Due to the MaxiProx 5375's powerful reading antenna, this can cause interference when attempting to write/clone any badge ID to the included T5577 rewritable card.
Fortunately, there are many ways to remedy this common occurrence. You may attempt one or more of the following:
- Ensure the cable for the low-frequency writer is secure connected at both ends.
- Double-check that the T5577 card is sitting as closely as possible to the center of the low-frequency writing antenna.
- Restart the Boscloner Classic Board + Shield by removing and subsequently reenabling power to the unit.
- Keep the low-frequency write antenna as far away physically from the MaxiProx 5375 reader as possible.
- Power-off the MaxiProx 5375 reader, but leave the Boscloner Classic Board + Shield combo powered on. This will ensure that the MaxiProx 5375 is unable to cause any unwanted interference while attempting to perform writing operations.
- Use a Faraday cage to protect the low-frequency antenna and the T5577 card from the MaxiProx 5375's powerful reading antenna. There are a number of excellent products on the market, just look for products that specifically block 125kHz signals and are large enough to house the low-frequency antenna. You may also consider building your own Faraday cage using a cardboard box or paper cup and wrapping the outside of the custom-container in foil (don't let the low-frequency antenna come into direct contact with the foil). While this is very DIY, this method often yields the very best results even when compared against pricier commercial solutions.
Is the RFID and access control within my organization secure enough against attackers?
There are several very secure RFID technologies that exist today that are widely considered to be safe and are not vulnerable to the run-of-the-mill cloning attacks used by the Boscloner suite of products. However, most of the access control used throughout organizations today still utilize decades-old RFID technology that have had documented security issues. The Boscloner Classic, for example, targets HID ProxCard II and leverages the antiquated 125kHz, low-frequency, and unencrypted RFID technology. Unfortunately, users of this highly vulnerable technology have little to no protections against having their badges trivially captured and cloned by malicious actors. In fact, the Boscloner Classic uses HID's own MaxiProx 5375 long-range antenna to perform these attacks!
While this isn't an exhaustive list, if your organization uses any of the following common RFID card types, you can safely assume that your RFID access control system is vulnerable to common attacks:
- 125kHz HID Prox (The Boscloner Classic's speciality)
- 125kHz EM4100
- 125kHz HID Indala
- HID iClass Classic / Legacy / Standard Security (The global authentication keys have been leaked online for several years)
- MIFARE Classic (Primarily vulnerable when configured to use one of the default keys)
While the Boscloner Classic targets only a single RFID technology, the Boscloner Pro supports all of the above technologies, and many more related features, that are guaranteed to make what was previously impossible for penetration testers...quick, easy, and painless.
Check out the Boscloner Pro here!
If newer and more secure technologies exist, why are so many organizations still using these outdated RFID types?
That's a great (and logical) question! While there are several factors at play, the three most significant reasons tend to be:
- Cost of upgrading equipment
- Lacking awareness of the vulnerability's seriousness
- The company understands the vulnerability, but has ultimately decided this is an acceptable risk
Cost of upgrading equipment and acceptable risk:
Both of these points can be further summarized by discussing both at the same time, since they generally apply to one another. If an organization receives a quote that upgrading their access control system to a more secure alternative would yield a total cost of, let's say, $50,000 - the organization must then choose if $50k would be better spent on upgrading their firewalls, hiring more security personnel, vulnerability management solutions, and beyond. After all, spending so much cash on a single attack vector that requires a malicious actor to be onsite at the organization is typically seen as much less of a risk and likelihood compared to the daily onslaught of malicious actors attempting to compromise the company's internet-facing assets.
Lack of awareness and the seriousness of the vulnerability:
Unfortunately, there tends to be a lack of awareness when it comes to the vulnerabilities facing these antiquated RFID technologies. There is a common belief that RFID technology is secure technology as-is or that the chances of a malicious actor capturing and cloning a badge is reserved for targeted attacks funded by foreign governments. Above all else, the Boscloner suite of tools carries the primary mission of increasing security awareness across all organizations and throughout the access control industry to understand the risks that they may face in a way not before seen or actively demonstrated in the real-world.
Does Boscloner LLC conduct penetration tests or other cybersecurity services?
Through our exclusive partnership with Phillip Bosco the creator of the Boscloner and CEO of the cybersecurity consulting firm Security Illusion, we are happy to offer services to help you identify vulnerabilities within your organization!
Services specifically regarding physical security and RFID access control:
- Perform an analysis of the card type(s) used at your organization (remotely or onsite)
- Create a personalized report, summary, executive presentation, etc. of your current access control security posture
- Provide various remediation and risk mitigation recommendations
Services and Penetration Testing Assessments Security Illusion Provides:
- Web Application Penetration Testing
- Mobile Application Assessment
- Social Engineering (Phishing, Vishing, Disguises, Fake IDs)
- Physical Security Assessments (Lock Picking, RFID Badge Cloning, Bypassing Barriers to Entry to Gain Access to Secure Areas)
- Wireless Network Assessments
- Internal and External Network Assessments
- Highly customizable security assessments to fit your organization's unique requirements
- Security Awareness Training courses designed specially for your organization's employees
Still have questions that aren't in the FAQ?