Walrus is an Android app that simplifies using several existing contactless card cloning devices during red team engagements and physical security assessments.
It offers a common interface and database for storing cloned cards. Currently, Walrus supports the industry standard Proxmark 3, Chameleon Mini, Tastic RFID Thief, with more to come. Cloned cards are written to a blank card or emulated on another device, instantly granting the attacker privileged access to restricted areas.
Walrus enables you to use your existing contactless card cloning devices with your Android device. Using a simple interface, cards can be read into a wallet to be written or emulated later. Designed for physical security assessors, Walrus has features that will help you in your next red team engagement.
Walrus is open source, released under the GNU General Public License v3.0.
Demo
As an example, Walrus can be used to tap into the power of the Tastic RFID Thief long range card reader, allowing for walk-by cloning of a victim’s access card in a matter of seconds. The cloned card can then quickly be emulated or written to a blank card via an attached Proxmark.
Design
Walrus is designed with red teaming in mind and hence implements common device functionality that is most useful in real-world usage. This includes basic tasks such as card reading, writing and emulation, as well as some device-specific functionality such as antenna tuning or device configuration.
Features
Multi-device support
Walrus currently supports the Proxmark3 and the Chameleon Mini, with more device support on the way.
Bulk card reading
Bulk card reading continually reads cards from a device until manually stopped, letting you easily capture multiple cards as you move around your target location. Vibration feedback lets you know when you have successfully read a card without the need for any interaction with your card or Android devices. Simultaneous device operation support lets you use different devices at the same time. This can let you read multiple card types all at once, or write a card on a device while you are still reading from another device.
Location awareness
Each time a card is seen, it is recorded with your location, making it easier to determine where the card may grant access to.
Brute-forcing (coming soon)
If you find a physical control (e.g. door or turnstile) with a card reader that needs to be passed, the cards stored in your wallet can be emulated through a device one by one. The cards are ordered in increasing distance between the reader and the location the card was captured, increasing the chances of a matching card being emulated quicker and the reader granting access.
Shareable cards (coming soon)
Cards can be shared between instances of Walrus and exported for external use. This can be useful if there are two testers on an engagement; one tester can be tasked with cloning an access card from an employee in the field while the second tester can write or emulate the access card at a reader.
