Calculating 26 Bit Wiegand RFID Values with PHP

Photo by George Becker from Pexels

Developed in the 1970s, the Wiegand protocol is still the currently the most widely used protocol in the RFID access control space.

There are various implementations of the Wiegand protocol with the most common of those being the 26-bit implementation. In this implementation the binary data on the card is made up of one error checking bit followed by an 8 bit facility ID (0-255) then a 16 bit unique user or card number (0-65535) followed by an additional error checking bit. This provides 16,711,425 possible unique key combinations. Compare that to a physical pin-and-tumbler lock with five pins and nine available bit depths per pin that has 59,049 theoretical combinations, with only around a third of those being useful. 

Earlier this year I got myself a Proxmark 3 to start playing around with RFID and the cloning of access cards. Part of getting good at doing anything starts with really understanding how it works and while there are plenty of card calculators online, these seem to be typically provided by access control system manufacturers and implementers who I would guess probably don’t want to shine too bright a light on what’s under the hood. Especially since the 26-bit Wiegand implementation is pretty dang insecure when it comes down to it. I wanted to write my own.

Luckily, due to it’s age and popularity, the protocol is incredibly well documented and I found a great implementation of a 26 bit Wiegand key calculator written in C on GitHub. I haven’t touched C since my I was in C.S. classes in 2005 (to be fair even that wasn’t procedural C, but C++), but it was easy enough to figure out how to reimplement it in PHP due to PHP’s origins as a C-based CGI module and it being, well, the language I know the best. The most difficult part was figuring out the way the Proxmark string is encoded (the code comments helped immensely but it still took a bit of trial and error to actually understand what was going on there). 

With the main calculator logic complete for web purposes, I wanted to implement a CLI application as an homage to the C version I used for reference. I leveraged CLImate (probably my favorite composer package for making quick PHP CLI utilities that actually look like they belong on the command line ) and used Box to get everything bundled up as a PHAR. Now I have a command line utility born of my own hand to use in my future RFID hacks and projects. 

❯ bin/wiegand-26bit-php -f 255 -u 999
*********** Wiegand 26Bit Calculator ***********
Facility Code....... 255
Card Number......... 999
Binary.............. 01111111100000011111001111
Hex................. 1fe07cf
Proxmark............ 2005fe07cf

The README for the project has specific requirement and usage details, but assuming you have PHP on your system with the normal assortment of extensions available (zlib, mbstring, etc.) you should be able to just download the binary directly from the releases, make it executable and stick it in your path to get going on the command line. I’ve also included my box.json build file, etc. to tinker with and make it your own. Bug fixes and improvements from fellow RFID weirdos are always welcome; feel free to open a pull request or send me a message if you do anything cool with it. 

Happy hacking. 

Using a Mac virtual audio driver to get a direct Rekordbox audio stream in OBSBig Sur Update

Big Sur Update: I’ve tested and confirmed that, at least for me, Blackhole is still working with Rekordbox and OBS as expected. Rekordbox is not super stable at the moment (it’s usable, but CPU and fan usage is insane and it usually crashes around an hour into a set) however there seems to be an aggressive number of recent updates so I hold out hope.

Everyone and their dog is livestreaming their DJ sets during quarantine. Often the video is great but the audio sounds like garbage because the person is using the built-in mic in their laptop or phone as the audio input. As anyone who’s heard cell phone concert footage can attest, this is less than ideal for captuing loud music being played at fun volumes. 

In order to route audio between applications you need to use a virtual audio driver. I used to use Soundflower for the task of routing audio between applications before livestreaming was even a thing and “fast” 1.5 Mbps internet was $65- a month, so that was the first place I looked, however it’s not compatible with Catalina. Luckily I found BlackHole, which feels like a more polished Soundflower (and it works with Catalina). If money was no object and I wanted even more polish (and support) I’d probably spend the $99 on Rogue Amoeba’s Loopback to fill the same need but as it stands I’ve got it working for free with BlackHole with no issues and it only cost me a couple late nights of figuring it out that might have been avoided if I felt like reading more documentation. ? I usually fuck up IKEA furniture for the same reason – priorities, dude. 

Setup: 

  1. Install BlackHole
  2. In the Sound Preference Pane, select BlackHole 16 for your active device on the Output tab (Note that this is going to send ALL your system audio to BlackHole for the time being, therefore to your livestream. Make sure you exit out of other noisy applications, or at least mute them. As long as “Internal Speakers” is the selected device on the Sound Effects tab of the Sound Preference Pane, you shouldn’t have to worry about system beeps being played in your stream audio, but I try to make it a point to put my Macbook Pro into “Do Not Disturb” before performing regardless as a matter of habit. 
  3. In Rekordbox, head to Preferences >> Audio and tick the box under your Controller output that says “Output audio fron the computer’s built-in speakers and your DJ equipment (PC MASTER OUT).” This is the secret sauce that is essentially the ‘poor man’s booth output’ for those of use with DDJ-400s and allows us to digitally loopback the master audio stream to the system’s BlackHole 16ch audio “device”.

    a screenshot from Rekordbox 6 showing the spilt audio output function under the Audio tab of the Preferences dialog

  4. Now let’s set up OBS to recieve that audio stream by creating a new Audio Input Capture Source from the available BlackHole 16ch device in the dropdown and voila, you should be up and running. Personally, I find the audio stream comes into OBS a little spicy so be sure to check your levels and dial your input gain in OBS back 10-15% if you need to. a screenshot of the Audio Input Capture Properties dialog in OBS

While setting this up I initially experimented with using BlackHole and the DDJ-400 driver to create an aggregate audio device in Audio MIDI Setup and then using that as the output within Rekordbox so as to be more selective with what audio I was slanging to the Audio Input Capture in OBS rather than using the nuclear option of routing ALL system audio, and that method appeared to work superficially however, I found that I lost the ability to use headphone cue on my controller when using this method.

You will need a decent computer to run this setup without issue; my 2018 Macbook Pro’s CPU was hovering around 50% during my most recent stream and I wasn’t able to preview my stream in Chrome from the same computer running OBS and Rekordbox without Rekordbox’s UI becoming frustratingly and near unusably slow and unresponsive as well as some obnoxious audio popping happening in the stream that I wasn’t aware of. Just closing the browser window resolved the issue (after the CPU cooled after a couple minutes) and since I was streaming via OBS keeping the browser window was unnecessary, although if I were more popular I would probably want to interact with my audience. While the video of the stream shows the audio glitches in the first ten minutes or so, the recording from Rekordbox seems to be unaffected. I did not try to direcly record the OBS stream locally and only have the archived stream from YouTube; I’m not really sure the additional performance impact that would have caused.

A better controller with a more powerful soundcard could possibly unlock a more elegant method of achieving this, but I think it’s fair to say the DDJ-400 is probably the most widely used controller out there and since they’re nearly impossible to buy right now, I don’t see that changing anytime soon.