I decided to audit my large collection of RFID hotel keys I’ve collected over the years. Just to get an idea what’s out there, and look for patterns and anomalies.
One strange set I found is from the Waldorf Astoria in Park City. Didn’t respond to HF or LF search, but it clearly says right on the card, “hold key within 1/2 inch of locking device.” I wonder what they’re using if it doesn’t register at all on the Proxmark? I have four of them, maybe I’ll see if I can crack one open to see what’s inside.
The Hilton cards, for the most part, revert to hardnested attacks, but fall rather quickly, as opposed to the Sheraton card I was battling earlier in the week.
I guess I have about 75 card dumps in total now, about 40 of which are Hilton.
I’ve been playing with reading/cracking hotel room keys using the Proxmark3 RDV4 lately.
Most hotel room keys I have collected are MiFare Classic 1K. MOST of them are susceptible to autopwn within a minute or so. Coincidentally, most of my collection are from Hilton properties. Recently I came across a Sheraton room key that didn’t fall within the expected timeframe.
The “Weak PRNG” method did not work on this particular card, and so pm3 (RRG/Iceman fork) reverted to a hardnested attack. On my macbook M1 air, that was slated to take 2 days. I moved the task to a more powerful Kali desktop, and it’s now slated to take 9 hours to complete.
I will update this post when experience either success or failure. I do like a challenge.
Hours later: The first run stopped in midstream with “Could not connect to Proxmark.” Running it again for good measure.
Hours later again: Collapsed again after a couple of hours. Might have to try a different approach.
I learned some stuff in my reading, though. Apparently it’s all a game of spy vs spy. There are RFID systems that will detect cloned cards by attempting to write to block 0. If successful, it’s a writable clone card and the system can deny and alert. There are also more advanced CARDS that can be written and then locked, to defeat those features.
For those who choose to join us, Social House in South Riding/Chantilly. We’ll try to get our usual outdoor table. Tonight’s topics are badge artwork and stickers. 1830, first one there grab the big table.
Some of you might have been subject to my old-man ranting about how difficult it has become to install software that “just works.” My raging against the cloud, against everything-as-a-subscription, and against software that requires the capability of phoning home, either during install or on a continual basis.
My task was to install MS Office in a closed lab network, so that the users doing the work in the lab could write reports, etc., without having a separate machine just for that purpose. This network does not connect to the internet. It is a self-contained lab network with only what is needed for the lab installed on it.
It’s been a while since I fucked around with Microsoft products, and I naively assumed it would be a piece of cake. Just install it, give it a key, and be good to go. I was warned by those who had gone before me that it’s no longer that simple. Everything in Microsoft-land requires internet, they told me. “Surely they understand that a use case exists for no internet/no cloud,” I started to respond, before reliving the trauma of having to kill Atlassian when they made their on-prem product completely out of reach for small groups/businesses.
So I started down the road. I bought 12 licenses for “standalone” office 2016, went through the process of installing it on one of the lab machines, and yep, it requires internet to activate. OK, I’ll play along. We use FOG to image these lab workstations, so I set up a fresh install on a golden image candidate, activated it over the internet (very ugly process, by the way, if you buy multiple licenses), confirmed it was functional, and then captured an image of it. Rolled it out to other workstations, only to find that each new clone required its own activation. Well, this will never work.
I managed to get MS to refund the product after a lengthy discussion with a support rep. I decided I wanted to go the way of a volume license, only to learn that the KMS server too needs to touch the internet. I kept reading and reading and learning, and finally came across vlmscd, which is a linux-based open-source KMS server. Its only job is to say yes. When configured as the KMS server for a workstation (using DNS or manually via slmgr), any activation requests received by that KMS server are simply approved.
So I built one, making sure our licensing is properly paid for and accounted for,I of course. I added the SRV record for announcing the KMS service to the closed-network DNS, and installed the VL version of Office. Initially, running OSPP.VBS from the Office16 directory reported that the software was under a grace period with <30 days remaining, but after a reboot it reported it was fully licensed.
I wish vendors would provide a bit more flexibility in their product offerings, and understand that there are use cases that are outside the norm. I understand their need to protect their software from piracy, but this kind of heavy-handed control really makes it difficult for some of us who, for various reasons, don’t want to connect every network in our enterprise to the internet. We still exist.
Tune in to the Discord voice channel at 1830. Good chance to get to know some of us if you haven’t been to an in-person, or to participate in summer camp decisionmaking if you’re a regular.
We’ll be meeting up in the Discord voice channels on Monday evening @ 1830. We will likely break off into at least one non-public channel for badgedev discussion, but please feel free to join us in the main meeting channel anyway.
We’ll be in person at the Social House tonight. Social House is a restaurant — not my house, FYI. Will have the Malort if anyone’s feeling stupid. Will have last year’s badge to compare and discuss w/r/t planning and measuring for this year’s badge.
We’re linking up at Social House in South Riding this evening, 1830. Please let us know (preferably on the Discord) if you’re attending so we know how big a table we’ll need.
I wanted to take a moment to digress a bit and go into what makes modular synthesis so rewarding to folks with a hacker mindset.
I’m not a musician. I have dabbled in bass, guitar, keys and drums, but as for formal training, I’ve had guitar and djembe lessons, and not a whole lot of them. But the thing about music is, if you LOVE music, it will find a way to move you in one direction or another.
I’ve had many thousands of dollars worth of equipment over the years from Korg, Kawai, Yamaha, Casio, Nord, Alesis, Peavey, PRS, Epiphone, Tascam, Moog, Ableton and many more. And they’ve all been very rewarding in their own way. But none of them has given me the sustained high that exploring modular synthesis has given me. My first exploration was a Moog Subharmonicon, which quickly grew into the entire Moog semi-modular trio of Subharmonicon, DFAM and Mother32. I realized that being able to tweak and modulate sounds and sequences on the fly on an intuitive basis would more than make up for the fact, for me anyway, that I have limited musical playing ability.
And when I expanded that setup to include specialized Eurorack modules like Clank Chaos, Castor & Pollux, and utility modules like mults and LFOs, I realized this was the space I needed to be in. The limiting factor for making music, for me, was always that without musical skill, there was only so much variety I was able to create in realtime. Sure, I could layer multiple track and create sonically rewarding pieces, but look — I work in tech all day long, and I pursue tech hobbies on the side as well. The last damn thing I want to do when I make music is drill down into menus and learn advanced software tools. I wanted something far more tactile, and something closer to magic. Rather than directly crafting a particular sound, I find value in combining functionalities and making the different components “influence” each other in unique and interesting ways. I find that when I start a session with modular equipment, it never ends up in the same place twice. Sometimes I’ll start with a keyboard CV value to start, and route it into one or five places. Sometimes I’ll take the audio from one component and throw it into another for further manipulation. I’m particularly drawn to the modules with an element of randomness or surprise, like the Clank Chaos or the QuBit Bloom.
I credit another DC540 member for triggering me to make some changes and fall even deeper down the modular rabbit hole. Now the semi-modulars are on their way out, and I got a new case to replace the non-portable homemade Ikea rack I was using before. I find myself imagining how this configuration could be taken completely portable, and actually considering replacing the brand new 24-channel mixer I just bought a few months back with something similar that fits in the box.
For a while I had a friend’s Minimoog Voyager. I loved how it combined the best of both worlds. You could easily choose presets, but you could make vast modifications to those presets by twiddling knobs, and then save those changes to your presets. A bit out of my league pricewise, though, unless I sacrificed much of my other gear.
