[sudo-access] Omni door

Jake jake at spaz.org
Sat Jan 21 23:14:51 PST 2017

the problem is that the way our card reader is currently configured makes it
impossible to differentiate between good reads of readable cards, and the
myriad ways the card reader says "I WAS UNABLE TO READ THAT CARD PROPERLY"
because the software takes the KEYBOARD SCAN CODES sent by the reader (because
it pretends to be a keyboard) and HASHED THE SCAN CODES SEQUENCE through a
trapdoor algorithm... so we have no way to know what was scanned.

this means that many people had the door code equivalent of "CARD READ ERROR"
which meant that anyone could swipe any card in the reader, in a way where it
would say "CARD READ ERROR" or whatever, and get the door open.

we hacked a kludge into the software a while ago that would count the number of
keyboard scan codes that came from the card reader, before they go through the
trapdoor algorithm, and just throw out anything shorter than 100 characters,
which presumably includes the error codes.

i have no idea how your card could have been mangled in a way that it's still
reading (which means its checksum is intact) but that it's different from
before.  I think it means that the present reading of your car is an error code
(that's longer than 100 bytes i guess)

don't worry, it's not your problem.  we'll eventually figure out a way to fix
it i guess.  we're certainly going to add an RFID system, hopefully with a
more sustainable design, and maybe someday phase out the magstripe cards
entirely?  I don't know.

note:  door access email list is CC'd to this message.


On Sat, 21 Jan 2017, Alan Rockefeller wrote:

> I will try when I get back there.
> The card I was using to get into Omni did not change - The checksum
> changed, but it was definitely the same card - my old, scratched up credit
> card.
> I think what happened is I stored two cards right next to each other in my
> wallet, and a bit flipped.
> Thanks for looking into this!
> -Alan

More information about the access mailing list