Boscloner RFID Cloning Toolkit
The Boscloner is an All-in-One RFID Cloning Toolkit designed to make RFID badge cloning during a penetration testing engagement lightning fast and super easy, featuring:
- 3ft Read Range
- Rechargeable Batteries
- Bluetooth Support
- Companion App (iPhone and Android*)
- Auto-Clone Technology
The Boscloner’s core functionality set revolves around its ability to capture RFID badges from three feet away, automatically clone captured badges (in seconds!) and allow the penetration tester to reach into a pocket and pull out a cloned and fully functioning badge providing instant access to restricted areas.
Boscloner: Access granted!
The Boscloner Premium Kit includes everything you need to start capturing and cloning LF HID right out of the box!
The Full Boscloner Premium Kit Includes:
- Boscloner Board + Shield
- Rechargeable Battery Pack
- Messenger Bag
- Low-Frequency Antenna
- Maxiprox 5375
- T5577 Rewritable Cards (10 Pack)
Don't need the full kit? Purchase just the Board + Shield.
Already have a Board + Shield and want to upgrade it to a turnkey RFID Cloning Kit? Purchase just the Premium Add-Ons.
Want to build a Boscloner yourself? It's open source! Get the complete bill of materials with build instructions here.
While the Boscloner has become a great tool for penetration testers all around the world, it is still considered by its creator to be a tool primarily for research and demonstrating proof of concept. The Boscloner and its associated mobile applications are open-source and are supported by the security community, and as such, may not receive regular updates by the creator. The mobile applications may not function properly on all Android/iOS version and devices, as the applications have not undergone extensive compatibility testing. While the Boscloner has been used successfully by countless penetration testers around the world and has been used in live demonstrations across the USA at security conferences, the creators cannot offer any guarantees or promises in regards to the compatibility and reliability of the hardware or software due to the Boscloners designation of a Research and Proof of Concept tool.
As is the case with all RFID implementations, environmental factors play a significant role in the reliability, reading/writing, and all other functions of RFID. While the Boscloner's MaxiProx reader can reach a theoretical maximum reading distance of three feet, this is not a guaranteed reading distance under all circumstances. Across testing within a lab environment and on numerous penetration testing assessments, the Boscloner typically is capable of reading distances of between 1.5ft and 2ft on average; however, there are times where the Boscloner may only be able to effectively read other RFID cards at only 6-12 inches due to environmental factors.
Lastly, the Boscloner is a fully legal device in the United States when used in conjunction with explicit written permission from the Point of Contact within the target organization during a penetration test. For any other use cases, check your country and state laws. Neither the creator or the Boscloner organization is responsible for illegal or unauthorized usage of the Boscloner hardware or software.
The Boscloner is one awesome piece of equipment.
Do you need to show your client vulnerabilities with their current access controls? The Boscloner is how you do it.
Mine came ready to go. The messenger bag is the perfect size to hold everything. Cable management is nice and tidy. The writer has a nice, long cable so you can put it anywhere, route it through a jacket sleeve if you want and write to a card already in your hand! The included power pack is beefy and is Velcro'd to the back of the giant RFID reader. This one didn't have a the screen mounted in the reader like the photos show, but that's even better, less "flashy show" if your bag is inspected.
The companion app (I have android devices) worked without any issue. I can't wait to see what the new updates bring.
One thing I did notice was a lack of documentation in the bag. A one page paper with minimal instructions would be good. I made due with watching the youtube video of building your own to see how it all worked. My power brick was set at 20V when I first powered it on, had I not watched the video, I wouldn't have known to set it to 16.5V or maybe it's supposed to be running on 20V now?
5 stars | Highly recommend this to any security researcher, auditor or red team.
I have taken the Boscloner on 4 engagements now and it is impressive what you can do with it. All it takes is a little guts and Social Engineering and no building is off limits.