2022-07-02
Checking hotel keycard security
For the first time in years I was staying in a hotel again for one night. The key for the hotel was a creditcard sized plastic card so I assumed immediately it was an RFID based card. Years ago I would have needed my linux laptop and the touchatag NFC reader to understand more about the keycard, but we're in some form of the future now, so I used NFC taginfo by NXP on my phone and held the keycard up to the phone. The taginfo app made the happy noise and told me it was an NXP mifare classic card. The app even told me most sectors had a default key of FF:FF:FF:FF:FF:FF. One sector was not accessible due to a different key but with mfoc (Mifare Classic offline cracker) or one of the other attacks on the Mifare classic I could probably get access to that sector. So in theory with something like the proxmark I could clone keycards of other visitors. Or clone the keycard of the cleaning crew which gives a lot more access. Update: A bit of searching finds this: Researchers Find Way to Create Master Keys to Hotels - F-Secure Blog. I don't know if the lock I looked at is the same system as the system in this article.