How Keycard Formats Work
Many companies use simple keycard systems to provide access to the office. To facilitate encoding new cards they often buy their own card calculators to cut costs or for the sake of efficiency. However, as we reported in earlier posts, these types of cards are prone to hacking – especially cards based on the Wiegand protocol. Through cloud technology and mobile-friendly software integrations, the world of access control has evolved far beyond physical keycards in most business establishments. But as an IT manager or facilities operator, it might still be useful to have some background knowledge about how keycards are duplicated.
Old school keycards are still in use in a lot of places, particularly older businesses that haven't upgraded their systems to the latest technology.
Here is a video showing how keycard codes are copied and programmed:
As shown in the video, you can see how card calculators make it easy to convert the bit length and Hex value into a bit pattern, assigning them an internal card number and facility keycard code.
Free Keycard Bit Code Calculators
How to Decrypt Keycard Codes
1. The card format is interpreted from the bit pattern. Based on the pattern of zero’s and one’s following each other, we can conclude if it is one of the following formats: Standard 26 Bit, Generic 34 Bit (Even or Odd Parity), HID Corporate 1000 (35 Bit), HID 37 Bit (with or without Facility Code), Casi-Rusco 40 Bit.
2. A note about card numbers: The Internal Card Number is usually the same as the External Card Number (the number printed on the card itself), however it can be offset to increase security (to hinder someone from interpreting the full card code).
3. “Facility Code” is “Company ID Code” in the case of 35 bit (HID Corporate 1000) cards.
How to Calculate Card Format
What are the different formats and why do we need to calculate them?
How card codes are calculated – math translations – decimal, binary and hexadecimal
Since computers always use binary math, each column can only contain a one (1) or zero (0). Binary data is often combined together into convenient four-bit hexadecimal, or hex units called Nybbles. Hex values are displayed as 0 – F. Identisource has a good format and facility (site) code explanation and ID card group provides a great cheat sheet for HID proximity credential cards and the formats. THey also provide an HID prox card programming checklist. Here is a great keycard programming guide
Every card has a consecutive serial number programmed, assigned in your access control software to a card holder. For 26 bit cards, it can be from 0 to 65,535.
How to Manage Keycards
But, what happens if two companies share the same card numbers? Could they access each other's premises? To reduce this risk, a second number, known as the facility or site code is encoded into each card. This number can go from 0 to 255 on a 26 bit format card.
As an example, if Company A has cards numbered from 1 to 1000, with facility code 230, they would be programmed as follows:230 – 00001230 – 00002230 – 00003 …….up to 230 – 01000
Company B could have the same serial numbers, but with facility code 180, and their cards would be:180 – 00001180 – 00002180 – 00003……..up to 180 – 01000
To grant access, an access control system validates the facility keycard code AND the serial number. Company A will reject Company B cards, and vice versa, even if they have the same serial number, because the facility code does not match.
Here is a video showing how to convert facility codes from a decimal value to a hexadecimal value.
With hexadecimal, 24 bits can be represented with only six characters.(1111) ( 1111) (1111) (1111) (1111) (1111) Groups of four bits called Nybbles.￼
Types of Keycard Formats – Wiegand and Standard 26-Bit Format
The Wiegand Format
The Wiegand Format runs on 26 bit and is calculated the following way:
Site code 193 (11000001 in binary)Facility code 12 (1100 in binary)User number 1234 (00000000000010011010010 in binary)The card data is:Q 1 11000001 1100 00000000000010011010010 0(source: Paxton configuring custom wiegand formats)
However as this HID card data format pdf explains:
• A format describes what a number means, or how a number is used. The format is not the number itself
• The number of bits does not indicate the format except for standard 26-bit. For example, there are over 100 different 34-bit formats alone.
• Within a given bit length (34-bit, 37-bit, etc., the size and location of each data element may change. For example:o One 34-bit format may have an 8-bit Facility Code starting with bit #2.o Another 34-bit Facility Code may be 12 bits starting with bit # 21.
• The capability of the access control panel will dictate what formats will and will not work.
If I see a string of numbers, 19495981699 it may mean nothing. If you describe it as a phone number in the United States, then it is immediately understood that 949 is the area code, etc. Knowledge of the format allows you to decode the data. It always appears in the format, (xxx) yyy-zzzz, because telephone company switching equipment specifies it exist in this format.
The Standard 26-Bit Format
If we now calculate the Standard 26 bit number:
For example, if the number displayed was 13175734, enter this into the calculator and then select theBinary display (Bin). This converts the decimal number into Binary. (110010010000101110110110).
The layout is normally Site Code (8 bits) and Card Number (16 bits)
Therefore 13175734 (110010010000101110110110) gives:11001001 (First 8 bits – Site Code = 201)
0000101110110110 (Last 16 bits – Card Number = 02998)
Which Keycard Format is Right?
The format in which a card is programmed is determined by the data pattern that will be compatible with the access control panel. All HID credentials (card, fobs, tags, etc.) can be programmed with the standard 26-bit card data format.
The Standard 26-bit Format is an Open Format.
An Open Format means that anyone can buy HID cards in a specific format and that specific format description is publicly available. The 26-bit format is a widely used industry standard and is available to all HID customers. Almost all access control systems accept the standard 26-bit format. 26-bit originated with true Wiegand swipe card technology.
The HID ordering code number for the Standard 26-bit format is H10301.H10301 has 255 possible facility codes from one to 255. There can be up to 65,535 card ID numbers, from one to 65,535, per facility code. The total number of cards that can use the entire range without duplication is 16,711,425. There are no restrictions on the use of this format. It is not documented by HID and HID does not restrict duplication of card numbers.
HID produces and manages over 1,000 other card data formats, but all of them share the same fundamental concepts as the 26-bit format. Other card manufacturers also have unique, proprietary formats.
H10301 describes binary encoded data. The format is represented in the next figure:
The maximum Facility keycard Code is 255 because if all eight Facility Code bits are set to ones, they equal 255 decimal.
• The maximum Card Number is 65,535 because when all sixteen Card Number field bits are ones, it equals decimal 65,535.
A NOTE ON PARITY: A parity bit is used as a very simple quality check for the accuracy of the transmitted binary data. The designer of the format program will decide if each parity bit should be even or odd. A selected group of data bits will be united with one parity bit, and the total number of bits should result in either an even or odd number.In the example above, the leading parity bit (even) is linked to the first 12 data bits. If the 12 data bits result in an odd number, the parity bit is set to one to make the 13-bit total come out even. The final 13 bits are similarly set to an odd total.
Discover what makes Kisi’s cloud system one of the most advanced and scalable access control solutions on the market: learn more about Kisi