Jakub Kramarz Unleashes The Tick — A Feature-Packed Access Control Sniffer for Red Teams
Popping neatly behind the real hardware, The Tick doesn't suck blood — but access credentials and activity instead.
Security engineer Jakub Kramarz has released a gadget he calls The Tick — designed to sit behind contactless card readers and intercept credentials, giving red team security analysis an edge in defeating access control systems.
"The Tick is the next evolution in covert access control system implants," Kramarz claims. "Designed for a seamless integration behind card readers, The Tick silently intercepts, logs, and replays access credentials with greater efficiency and stealth than ever before. Compatible with a wide range of RFID systems, provides invaluable (to red teamers) insights into facility (in)security, while enabling advanced credential injection. Whether for security auditing, red teaming, or mobile access control testing, The Tick delivers a compact, powerful, and flexible solution in an ever-connected world."
Building on the ESPKey project, the heart of the hardware is a ESP32-C3FH4 on an off-the-shelf ESP32-C3 SuperMini module — "I recommend ordering insignificantly more expensive 'Plus' version made by TENSTAR, with an external antenna connector," Kramarz advises, "as some of the regular modules comes with incorrect antenna design, resulting in impressively poor Wi-Fi range" — to which Kramarz' Tick attaches, adding a DC-DC converter to support up to a 25V power input, an RS-485 transceiver, and a level shifter good for data lines of up to 12V or even higher.
Compared to rival designs like the BLEKey and ESP-RFID-Tool, including the ESPKey on which the project is base, Kramarz claims The Tick ticks a lot of boxes: it has configurable data lines, includes both Bluetooth Low Energy (BLE) and Wi-Fi connectivity, enjoys broader power input and data line voltage support, and includes clock-and-data logging in addition to Wiegand operation. The only negative point? The source is, Kramarz admits, "slightly-organized code soup."
Full details, along with hardware and software sources, are available on GitHub, under the strongly reciprocal version of the CERN Open Hardware License Version 2 and the GNU General Public License 3 respectively; user interface libraries and templates are licensed under the permissive MIT license.
