I’ve been playing with reading\/cracking hotel room keys using the Proxmark3 RDV4 lately.<\/p>\n\n\n\n
Most hotel room keys I have collected are MiFare Classic 1K. MOST of them are susceptible to autopwn within a minute or so. Coincidentally, most of my collection are from Hilton properties. Recently I came across a Sheraton room key that didn’t fall within the expected timeframe. <\/p>\n\n\n\n
The “Weak PRNG” method did not work on this particular card, and so pm3 (RRG\/Iceman fork) reverted to a hardnested attack. On my macbook M1 air, that was slated to take 2 days. I moved the task to a more powerful Kali desktop, and it’s now slated to take 9 hours to complete. <\/p>\n\n\n\n
I will update this post when experience either success or failure. I do like a challenge.<\/p>\n\n\n\n
Hours later: The first run stopped in midstream with “Could not connect to Proxmark.” Running it again for good measure.<\/p>\n\n\n\n
Hours later again: Collapsed again after a couple of hours. Might have to try a different approach.<\/p>\n\n\n\n
I learned some stuff in my reading, though. Apparently it’s all a game of spy vs spy. There are RFID systems that will detect cloned cards by attempting to write to block 0. If successful, it’s a writable clone card and the system can deny and alert. There are also more advanced CARDS that can be written and then locked, to defeat those features.<\/p>\n","protected":false},"excerpt":{"rendered":"
I’ve been playing with reading\/cracking hotel room keys using the Proxmark3 RDV4 lately. Most hotel room keys I have collected are MiFare Classic 1K. MOST of them are susceptible to … <\/p>\n