Shopping Cart
Boscloner Pro: All in One RFID Cloning Toolkit
Boscloner Pro: All in One RFID Cloning Toolkit
Boscloner Pro: All in One RFID Cloning Toolkit
Boscloner Pro: All in One RFID Cloning Toolkit
Boscloner Pro: All in One RFID Cloning Toolkit
Boscloner Pro: All in One RFID Cloning Toolkit
Boscloner Pro: All in One RFID Cloning Toolkit
Boscloner Pro: All in One RFID Cloning Toolkit
Boscloner Pro: All in One RFID Cloning Toolkit
Boscloner Pro: All in One RFID Cloning Toolkit
Boscloner Pro: All in One RFID Cloning Toolkit
Boscloner Pro: All in One RFID Cloning Toolkit
Boscloner Pro: All in One RFID Cloning Toolkit
Boscloner Pro: All in One RFID Cloning Toolkit
Boscloner Pro: All in One RFID Cloning Toolkit
Boscloner Pro: All in One RFID Cloning Toolkit

Boscloner Pro: All in One RFID Cloning Toolkit


Sold Out

Preorder pricing for a limited time only. Order quickly to snag the best deal and be first in line to receive your Boscloner Pro unit this Summer! Next price increase $3,499.99

Batch 1: Ships in Summer 2021 (For our earliest supporters!)
Batch 2: Ships in early Q3
Batch 3: Ships in Q3 & Q4 of 2021

What is the Boscloner Pro?

Built by penetration testers for penetration testers, the Boscloner Pro is the most robust RFID testing toolkit on the planet. Within seconds, the Boscloner Pro can identify virtually any Low-Frequency (LF) or High-Frequency (HF), crack the encryption, capture the badge, and immediately copy or simulate this badge, all up to an astounding 6ft away!

In a single, full-featured kit, the Boscloner Pro supports capturing and cloning or simulating the following badge technologies:

  • HID ProxCard II (125kHz)
  • EM4100 (125kHz)
  • HID iClass SS/Legacy (HF)
  • HID Indala (125kHz)
  • MIFARE Classic (HF)

How is this possible?
Boscloner Pro uses a unique and patent-pending combination of custom-built hardware and software, unlike anything ever seen before. Here's how it works...

Meet Thor:

Thor is a completely custom built, dual band (LF/HF), long-range RFID device. With Thor, it is now possible to:

  • IDENTIFY unknown badges while on a client site by scanning the LF and HF badge spectrums, from up to 6 feet away! No more having to blindly guess which badge technology a client uses, it's now possible to dynamically identify the exact badge type in use through Thor's long-distance scanning capabilities. 

  • CRACK encrypted badge technologies, like MIFARE Classic, at long-distances. Thor can leverage known and documented vulnerabilities on affected RFID technologies and automatically perform the steps necessary to crack the badges as quickly as possible, without typing a single line of code! Thor works for you behind the scenes and notifies you when a badge has been successfully captured and stored in your encrypted mobile app library.

  • SIMULATE allows Thor to digitally broadcast an RFID badge from long-ranges. As a penetration tester, imagine possessing the ability to actively simulate a previously captured badge using Thor and walking straight into the target facility without even needing to "badge in" at all, due to the long-broadcasting range of Thor that automatically triggers the RFID door reader on your way into the building!

  • BRUTE-FORCE allows Thor to intelligently simulate a series of badges, one after the other, while positioned near an RFID door reader from these unprecedented long-distances. For example, if you've captured the janitor's badge that gets in you in the front door, but not to the server room, you can use the previously captured janitor's badge as a "starting point" for this intelligent brute-force operation, which will ultimately (and inevitably) lead to an unlocked server room door! Rather than having to physically hold a device in your hand awkwardly as people give you challenging stares, you can now simply stand near the door and have Thor's long-range brute-forcing powers do the rest. Check your Facebook, or snap one for the 'gram, until you hear that all-too-satisfying *click* of the server room door unlocked.

Meet Passport:

Passport is built from the ground up to be completely discreet for your penetration tests, appearing more like a cheap $10 RFID badge holder from Amazon, but underneath its truly clever disguise, it houses one of the world's most sophisticated RFID devices that will inevitably have you start ordering your martinis shaken, not stirred. 

With Passport, you can write, simulate, and brute-force badges that have been captured at a long-range using Thor. No more wrestling with faraday cages, worrying about interference, or getting tangled up in long, messy cables and excessive equipment. You simply wear the Passport around your neck on a lanyard and it does the rest.

In a typical scenario, Thor will dynamically identify/crack/capture a badge on the client site from up to 6ft away. Then, Thor sends the captured badge information to Passport, which can automatically write or simulate the captured badge, allowing you to badge into the doorway without arising suspicion, all within seconds.

Passport is built to be discreet and does not contain any ports, switches, knobs, or LEDs, and can easily pass any physical inspection by security personnel. Passport charges via the industry's Qi wireless charging standard and uses an intelligent low-power Bluetooth mode that can operate in standby mode for months at a time without requiring a charge. It's designed to hold two physical "badges" at a time, allowing you to place a printed Photoshopped veneer badge of your choosing above a rewritable RFID card, like the T5577! If you'd rather not have to deal with writing to a physical badge, you can simply use your veneer badge with the Passport to actively simulate a captured badge of your choosing.

Need some quick badge design templates to get started?

We include several high-quality Photoshop (PSD) template files with your purchase. This allows you to focus more on assessing your client's physical security and less on refreshing your Photoshop design skills. Simply take a selfie and swap it out for the picture in the template, and if desired, change the existing text and colors to your preference. Each template is designed to the exact dimensions and specification required to quickly print at a FedEx, Office Depot, or other printing location and will fit perfectly in your new Passport. We recommend getting them printed on photo-quality paper and laminated for the most convincing appearance! 

Apps, apps, and more apps!

Boscloner Pro App Screenshot

The Boscloner Pro has apps written natively for each supported platform to best make the use of the unique feature set on each. The Boscloner Pro app runs on the following platforms natively: iOS, iPadOS, WatchOS, MacOS, and Android.

Boscloner Pro apps have been written with security at their core, supporting full encryption of captured badge information, while providing the user full flexibility to enable and disable features of their choosing to best fit their unique risk profile and security preferences. 

The Boscloner Pro app supports the following features:

  • Precise GPS coordinates of the location where each badge has been captured.
  • iCloud syncing and backup to use across all of your Apple devices without skipping a beat.
  • Exporting and importing the encrypted badge database to share with your coworkers or your client.
  • FaceID/TouchID/PIN to protect access to the app itself.
  • Cloud backup and data controls are completely transparent to the user. Only you are in charge of your data, not Google, not Dropbox, and not even us.
  • Database sorting and organization by client, project, location, or even your unique session. Give your badges custom names, add them to your favorites, leave notes to stay organized, and so much more.

Thor and Passport can be used individually and along with the mobile app of your choosing depending on the occasion and current requirement. For example, maybe you'll take Thor out for a spin to identify the client's badge type and crack/capture a few badges, then you'll return later with just your Passport. The choice is yours!

Every Boscloner Pro Purchase Includes:

  • Thor
  • Passport
  • Rewritable RFID badges
  • Laptop Messenger Bag
  • Photoshop Badge Templates (Digital Download)
  • 30 days of premium support + one year of standard customer support

Want extended premium support?

For some penetration testers, having access to rapid-response technical support is crucial while actively onsite for an assessment and your time is limited. For this reason, we offer an extended premium support package that provides:
  • Guaranteed response to support inquiries within 24 hours.
  • Phone, video, email support with our Boscloner team of engineers and experts.
  • Free expedited shipping on replacement Boscloner gear within the USA.

Want accidental damage protection?*

With all the travel security consultants do, things can get messy between the TSA inspecting your belongings or with luggage placed in the hands of careless baggage handlers. The last thing we'd want is for your to arrive onsite for your client assessment only find your precious Boscloner has been meddled with and subsequently rendered useless by the TSA (unfortunately, we've heard this from our customers on more than one occassion). With Boscloner's accidental damage protection, you'll get:

  • Expedited shipping on replacement Boscloner gear within the USA
  • Replacement Thor device at only: $799.99**
  • Replacement Passport device at only: $699.99**
  • Covers two total claims per year billed.

* Must be purchased with a Boscloner Pro unit during checkout process and cannot be added on at a later date.
** Must return broken Boscloner gear within 30 days to receive discounted replacement unit pricing.

Frequently Asked Questions

  • Is the Boscloner open-source?

    The Boscloner Classic is completely open-source. As a security tool aimed at penetration testers and security researchers, it is encouraged for the code to be reviewed, forked, and otherwise modified for your specific use case.

    The Boscloner Pro is designed for commerical use on penetration tests for security consultants, as well as for our military and law enforcement customers around the world. This version of the Boscloner is patent-pending, as it uses a unique combination of hardware and software. Therefore, the Boscloner Pro is not an open-source project at this time.

  • Is the Boscloner patented?

    While the Boscloner Pro is patented due to its proprietary combination of custom hardware and software, the Boscloner Classic uses open-source code and off-the-shelf parts; therefore, it is not patented.

  • What is the reading distance of the Boscloner?

    The Boscloner Pro's Thor device can dynamically identify, crack, and capture both high and low-frequency RFID cards from up to 6 ft away in ideal conditions.

    The Boscloner Classic uses an off-the-shelf HID MaxiProx 5375 for its long-range reading operations. HID Global's official spec sheet for the MaxiProx 5375 claims a reading distance of up to 3ft. While it is certainly capable of reaching distances of 3ft, many environmental factors can cause the MaxiProx 5375 to read at distances much less than 3ft, espeically when on-the-go and interference can become an issue. The average distance that can be expected in standard day-to-day situations is about 1.5ft-2ft, but can even be less than that in subpar conditions. Any limitations on reading distance are inherent to HID's MaxiProx 5375 and RFID technology in general. The Boscloner Classic's claims of reading distances "up to 3ft" come directly from HID's MaxiProx 5375 spec sheet:

  • What kind of organizations and individuals use the Boscloner?

    While the Boscloner was originally designed with penetration testers in mind, we continue to see our Boscloner units used by many different customers all around the world. For example, we've sold large quantities of Boscloner units to law enforcement, military, and red teams not only within the USA, but to the international equivalents globally.

  • Is the Boscloner legal?

    While we can't offer legal advice, it is highly recommended that you check with your local laws prior to purchasing and using a Boscloner unit. Generally speaking, the Boscloner falls under the same type of laws that impact a simple set of lockpicks. In many places, lockpicks are legal to purchase and use, but only on locks that you own or have written authorization to pick.

    Simply put, check your local laws and only use the Boscloner on RFID badges belonging to you or on ones that you have written authorization to assess. We are not responsible for misuse of our product and all responsiblity and liability fall in the hands of the user themselves.

  • Do you ship the Boscloner outside of the USA?

    Yes! In fact, half of all of our sales have been sent to our international supporters! During checkout, shipping and tax costs will be calculated for you; however, please keep in mind that certain countries have regulations on products entering their country and may charge an additional tax on your Boscloner purchase before allowing you to retrieve your package. As this varies from country to country, we can't estimate how much tax will be charged by your country -- therefore, our goal is to be transparent in this process and ensure you are aware of this potential charge. This additional charge, if applicable, is not collected or passed on to us in any way.

  • I have a Boscloner Classic, but the reading distance is only a few inches tops. How do I resolve this issue?

    Unfortunately, RFID can be a flaky technology at times and is highly susceptible to interference caused by countless environmental factors. Please be advised, that any issues with reading distance are caused by technical limitations inherent with RFID technology and are not unique to the Boscloner, as the Boscloner Classic utilizes HID's MaxiProx 5375 off-the-shelf reader.

    With that said, there are a few recommended troubleshooting steps you can perform to try to get the best performance out of your MaxiProx 5375 reader in your current environment:

    - Reboot the MaxiProx 5375 by removing the power from the unit, waiting 10 seconds, and reconnecting the power.

    - Ensure the MaxiProx 5375 reader is not near any other sources of power other than the included battery.

    - Ensure the MaxiProx 5375 reader is far away from metal and all other RFID cards when first booted.

    - Please consider only using the laptop messenger bag that is included with your Boscloner Classic purchase. Some bags might contain metal zippers or use a material that may cause unexpected interference, and in turn can limit the effective reading range of the MaxiProx 5375.

    - When the MaxiProx 5375 first boots up, it auto-tunes itself to the environment that it is currently residing in. Therefore, if one were to have the MaxiProx 5375 laid out on a bed in their hotel room and powered on the unit, then placed the unit inside of the messenger bag, took the elevator down 15 floors to the street level, then walked 6 blocks to the client site...the MaxiProx 5375 reader is no longer optimized for your new environment. It is always recommended to power on the MaxiProx 5375 unit in the exact environment you plan to use it in for maximum effectiveness and reading distance.

  • Using the Boscloner Classic, I can't seem to successfully clone/write a captured card to the included T5577 rewritable card. What gives?

    Interference is the likely culprit in this situation. Due to the MaxiProx 5375's powerful reading antenna, this can cause interference when attempting to write/clone any badge ID to the included T5577 rewritable card.

    Fortunately, there are many ways to remedy this common occurrence. You may attempt one or more of the following:

    - Ensure the cable for the low-frequency writer is secure connected at both ends.

    - Double-check that the T5577 card is sitting as closely as possible to the center of the low-frequency writing antenna.

    - Restart the Boscloner Classic Board + Shield by removing and subsequently reenabling power to the unit.

    - Keep the low-frequency write antenna as far away physically from the MaxiProx 5375 reader as possible.

    - Power-off the MaxiProx 5375 reader, but leave the Boscloner Classic Board + Shield combo powered on. This will ensure that the MaxiProx 5375 is unable to cause any unwanted interference while attempting to perform writing operations.

    - Use a Faraday cage to protect the low-frequency antenna and the T5577 card from the MaxiProx 5375's powerful reading antenna. There are a number of excellent products on the market, just look for products that specifically block 125kHz signals and are large enough to house the low-frequency antenna. You may also consider building your own Faraday cage using a cardboard box or paper cup and wrapping the outside of the custom-container in foil (don't let the low-frequency antenna come into direct contact with the foil). While this is very DIY, this method often yields the very best results even when compared against pricier commercial solutions.

  • Is the RFID and access control within my organization secure enough against attackers?

    There are several very secure RFID technologies that exist today that are widely considered to be safe and are not vulnerable to the run-of-the-mill cloning attacks used by the Boscloner suite of products. However, most of the access control used throughout organizations today still utilize decades-old RFID technology that have had documented security issues. The Boscloner Classic, for example, targets HID ProxCard II and leverages the antiquated 125kHz, low-frequency, and unencrypted RFID technology. Unfortunately, users of this highly vulnerable technology have little to no protections against having their badges trivially captured and cloned by malicious actors. In fact, the Boscloner Classic uses HID's own MaxiProx 5375 long-range antenna to perform these attacks!

    While this isn't an exhaustive list, if your organization uses any of the following common RFID card types, you can safely assume that your RFID access control system is vulnerable to common attacks:

    - 125kHz HID Prox (The Boscloner Classic's speciality)

    - 125kHz EM4100

    - 125kHz HID Indala

    - HID iClass Classic / Legacy / Standard Security (The global authentication keys have been leaked online for several years)

    - MIFARE Classic (Primarily vulnerable when configured to use one of the default keys)

    While the Boscloner Classic targets only a single RFID technology, the Boscloner Pro supports all of the above technologies, and many more related features, that are guaranteed to make what was previously impossible for penetration testers...quick, easy, and painless.

    Check out the Boscloner Pro here!

  • If newer and more secure technologies exist, why are so many organizations still using these outdated RFID types?

    That's a great (and logical) question! While there are several factors at play, the three most significant reasons tend to be:

    - Cost of upgrading equipment

    - Lacking awareness of the vulnerability's seriousness

    - The company understands the vulnerability, but has ultimately decided this is an acceptable risk

    Cost of upgrading equipment and acceptable risk:
    Both of these points can be further summarized by discussing both at the same time, since they generally apply to one another. If an organization receives a quote that upgrading their access control system to a more secure alternative would yield a total cost of, let's say, $50,000 - the organization must then choose if $50k would be better spent on upgrading their firewalls, hiring more security personnel, vulnerability management solutions, and beyond. After all, spending so much cash on a single attack vector that requires a malicious actor to be onsite at the organization is typically seen as much less of a risk and likelihood compared to the daily onslaught of malicious actors attempting to compromise the company's internet-facing assets.

    Lack of awareness and the seriousness of the vulnerability:
    Unfortunately, there tends to be a lack of awareness when it comes to the vulnerabilities facing these antiquated RFID technologies. There is a common belief that RFID technology is secure technology as-is or that the chances of a malicious actor capturing and cloning a badge is reserved for targeted attacks funded by foreign governments. Above all else, the Boscloner suite of tools carries the primary mission of increasing security awareness across all organizations and throughout the access control industry to understand the risks that they may face in a way not before seen or actively demonstrated in the real-world.

  • Does Boscloner LLC conduct penetration tests or other cybersecurity services?

    Through our exclusive partnership with Phillip Bosco the creator of the Boscloner and CEO of the cybersecurity consulting firm Security Illusion, we are happy to offer services to help you identify vulnerabilities within your organization!

    Services specifically regarding physical security and RFID access control:

    - Perform an analysis of the card type(s) used at your organization (remotely or onsite)

    - Create a personalized report, summary, executive presentation, etc. of your current access control security posture

    - Provide various remediation and risk mitigation recommendations

    Services and Penetration Testing Assessments Security Illusion Provides:

    - Web Application Penetration Testing

    - Mobile Application Assessment

    - Social Engineering (Phishing, Vishing, Disguises, Fake IDs)

    - Physical Security Assessments (Lock Picking, RFID Badge Cloning, Bypassing Barriers to Entry to Gain Access to Secure Areas)

    - Wireless Network Assessments

    - Internal and External Network Assessments

    - Highly customizable security assessments to fit your organization's unique requirements

    - Security Awareness Training courses designed specially for your organization's employees

  • Still have questions that aren't in the FAQ?

    No problem! Visit our Contact Page or shoot us an email and we'll get your questions answered for you as quickly as possible!