The “BosCloner” is an extremely handy, on-the-fly, RFID badge cloning tool.
Since I’ve had the privilege of using this tool on a few covert entry engagements, I find myself telling people about it in all RFID-related conversations–and we have quite a few.
The product video on the website is pretty accurate in that you can covertly copy a badge ID from the long-range HID reader, instantly write the copied ID to a blank card, retrieve the newly cloned card from the bag, and use it. SUPER cool!
The mobile application gives you the ability to automatically write a cloned card, or the ability to see the log and select which ID you’d like to clone. Very easy to use.
As with most hacker tools, there are always modifications that can be made, or steps to follow to set them up. This tool is no exception to that rule. So, here are a few mods that need to be made before you can use the tool.
External LF Antenna
One of the main features of this product is the ability to instantly write to a blank badge, pull it out of the bag, and use the card. That’s made possible by this LF antenna. You can see the blank card adhered to the antenna with Velcro. The kit comes with multiple blank badges, all with the round Velcro attached to them to make it quick and easy to position them correctly over the antenna.
The first modification needed was to put the external LF antenna, used to write to blank badges, in an RFID-blocking sleeve.
With some tips and guidance from the tool’s creator, Philip, building your own RFID blocking sleeve works better than any RFID-blocking product you can buy. We went through a list of products available on Amazon and other retailers, and luckily for me, Philip had already purchased, tested, and returned the items that failed to hold up–which was all of them.
Creating your own RFID blocker that actually works is easy to do, and requires nothing more than a few layers of heavy duty aluminum foil, tape, and a paper plate or cup to keep the electronics from touching the foil. Just make sure there are no openings.
Ignore the poor craftsmanship. It works. 🙂
There is an internal pocket that holds this antenna perfectly, and it’s very easy to access.
It was very easy to cut a hole in the pocket divider where the Proxmark is, and run the antenna’s cable into this pocket.
Here’s a picture of me using this during a covert physical security assessment:
You’ll also want to create a second RFID-blocking pouch to put the handful of blank badges that come with the kit to prevent the cloner from reading them.
The bag that came with the badge cloner is a shoulder bag with plenty of room.
It holds the cloner nicely, and you can also store other tools within it.
During assessments, I will put other entry tools in the front and rear pockets that I can easily access. So far, I haven’t noticed any interference or reduction in the distance the HID reader works by placing smaller metal tools such as shove knives, J-tool, lock picks, etc.
Top view of the bag.
Snug fit, but it will zip closed.
Power Supply Location
Initially, the power supply is located in one of the external pockets of the bag, leaving it and the power cables visible. I wanted to move them inside the bag where they are out of view–which ended up being a waste of time.
Making a small cut, I ran the cables through the internal divider where the Proxmark is, into the adjacent compartment, and put in a zip tie to hold the power supply in place.
Re-located the power supply:
Unfortunately, the power supply creates too much interference with the badge reader and the LF antenna used to write badges, so I had to put it back in its original location.
Not a big deal at all, especially if you cover it with some black Gaffer tap.
There are also many things that you could enclose the battery in to make it look less suspicious. Creativity is key.
Again, you can see the battery in the external pocket, but it doesn’t draw much attention in crowded areas.
That’s basically it! Those were the only mods that I needed to make. The tool is very easy to use, and the price is worth the speed and convenience of badging in with an actual card as opposed to holding up a Proxmark3 Easy, or some other smaller badge cloning alternative.
The customer support is by far some of the best I’ve seen, and I’m happy to have this tool as a part of my covert entry kit.