the personal website of nick brogna



Calculating 26 Bit Wiegand RFID Values with PHP

Photo by George Becker from Pexels

Developed in the 1970s, the Wiegand protocol is still the currently the most widely used protocol in the RFID access control space.

There are various implementations of the Wiegand protocol with the most common of those being the 26-bit implementation. In this implementation the binary data on the card is made up of one error checking bit followed by an 8 bit facility ID (0-255) then a 16 bit unique user or card number (0-65535) followed by an additional error checking bit. This provides 16,711,425 possible unique key combinations. Compare that to a physical pin-and-tumbler lock with five pins and nine available bit depths per pin that has 59,049 theoretical combinations, with only around a third of those being useful. 

Earlier this year I got myself a Proxmark 3 to start playing around with RFID and the cloning of access cards. Part of getting good at doing anything starts with really understanding how it works and while there are plenty of card calculators online, these seem to be typically provided by access control system manufacturers and implementers who I would guess probably don’t want to shine too bright a light on what’s under the hood. Especially since the 26-bit Wiegand implementation is pretty dang insecure when it comes down to it. I wanted to write my own.

Luckily, due to it’s age and popularity, the protocol is incredibly well documented and I found a great implementation of a 26 bit Wiegand key calculator written in C on GitHub. I haven’t touched C since my I was in C.S. classes in 2005 (to be fair even that wasn’t procedural C, but C++), but it was easy enough to figure out how to reimplement it in PHP due to PHP’s origins as a C-based CGI module and it being, well, the language I know the best. The most difficult part was figuring out the way the Proxmark string is encoded (the code comments helped immensely but it still took a bit of trial and error to actually understand what was going on there). 

With the main calculator logic complete for web purposes, I wanted to implement a CLI application as an homage to the C version I used for reference. I leveraged CLImate (probably my favorite composer package for making quick PHP CLI utilities that actually look like they belong on the command line ) and used Box to get everything bundled up as a PHAR. Now I have a command line utility born of my own hand to use in my future RFID hacks and projects. 

❯ bin/wiegand-26bit-php -f 255 -u 999
*********** Wiegand 26Bit Calculator ***********
Facility Code....... 255
Card Number......... 999
Binary.............. 01111111100000011111001111
Hex................. 1fe07cf
Proxmark............ 2005fe07cf

The README for the project has specific requirement and usage details, but assuming you have PHP on your system with the normal assortment of extensions available (zlib, mbstring, etc.) you should be able to just download the binary directly from the releases, make it executable and stick it in your path to get going on the command line. I’ve also included my box.json build file, etc. to tinker with and make it your own. Bug fixes and improvements from fellow RFID weirdos are always welcome; feel free to open a pull request or send me a message if you do anything cool with it. 

Happy hacking. 

Leave a Reply

Your email address will not be published. Required fields are marked *