February 2010 Archives
Medor v0.1 : How to protect your session using RFID tags
The idea is quite simple, at work I often leave my computer
for meetings ... and don't want to have to xlock / unlock my
session.
On login, I start ssh-agent with all my different keys (Work &
Personnal), so leaving a terminal open with them loaded looks
dangerous to me. Medor checks every 5 seconds if my keys with
my RFID tag are present, if they aren't the screen is locked
to prevent somebody to use my session. When my keys are back, the
session is unlocked.
There's another protection, if Medor detects that the
RFID reader is no longer available (somebody tried to unplug
it), the screen is locked, all keys in my ssh-agent are removed and
a XMPP message is sent to my cell phone.
Medor use the RFIDIOT library to access the RFID reader, have a look at my previous article to know how to use it on Debian GNU/Linux.
Here are the 2 main scripts (up-to-date release will be available on my github under dotfiles/openbox/bin/Medor)
Medor.sh
#!/bin/bash # # Medor v0.1 # Alex "laotseu" DE DOMMELIN - http://blog.tuxz.net # # This program is free software. It comes without any warranty, to # the extent permitted by applicable law. You can redistribute it # and/or modify it under the terms of the Do What The Fuck You Want # To Public License, Version 2, as published by Sam Hocevar. See # http://sam.zoy.org/wtfpl/COPYING for more details. # RFID_ID="MYTAGID" CHECK_TAG_SCRIPT="/home/laotseu/.config/openbox/bin/Medor/python-rfid/checkTag.py" SCREENLOCK="xlock" SCREENLOCK_OPTS="-mode blank" XMPP_ALERT="/home/laotseu/.config/openbox/bin/Medor/xmpp_alert.py" function protect() { (ssh-agent -k > /dev/null 2>&1) ($XMPP_ALERT "$(date) Security Alert : RFID reader unplugged" > /dev/null 2>&1) lock; } function lock() { ($SCREENLOCK $SCREENLOCK_OPTS &) } function unlock() { (/usr/bin/killall -9 $SCREENLOCK) } ## Main Loop ## ALERT_SENT=0 while [ 42 ]; do TAG=`$CHECK_TAG_SCRIPT 2>/dev/null` case $? in ############################ ## Reader not present :-( ## ############################ 1 ) if [ $ALERT_SENT -eq 0 ]; then protect; ALERT_SENT=1 fi; ;; ################################# ## No tag present, lock screen ## ################################# 255 ) (/bin/pidof $SCREENLOCK > /dev/null 2>&1) if [ $? -eq 1 ]; then lock; fi; ;; ############################################# ## Tag present, check if allowed to unlock ## ############################################# 0 ) if [ "$TAG" == "$RFID_ID" ]; then (/bin/pidof $SCREENLOCK > /dev/null 2>&1) if [ $? -eq 0 ]; then unlock; ALERT_SENT=0 fi; else (/bin/pidof $SCREENLOCK > /dev/null 2>&1) if [ $? -eq 1 ]; then lock; fi; fi; ;; esac sleep 3 done;
checkTag.py
#!/usr/bin/python import RFIDIOtconfig import os try: card = RFIDIOtconfig.card except: os._exit(1) if card.select(): print "%s" % card.uid else: os._exit(-1)
How to use Touchatag RFID USB reader on Debian GNU/Linux
I've bougth a few month ago a Touchatag RFID reader, a cheap USB device. It's reported to work on Windows / MacOS but not GNU/Linux. Here's a solution to use it on Debian.
You need to install some packages :
apt-get install python-pyscard pcscd pcsc-tools
python-pycryptopp python-serial python-crypto
Then download the latest release of RFIDIOT (RFID IO Tools) here and simply extract it.
Plug-in the reader and start pcsc_scan, you should see something like that :
found one
Scanning present readers
0: ACS ACR 38U-CCID 00 00
The "0:" is the reader id, so ctrl+c out of pcsc_scan, edit RFIDIOtconfig.py, jump down to the readernum= directive, and change that to the correct id given by pcsc_scan.
You should now be able to test your reader using one of the contributed script such as multiselect.py.