Artificial truth

The more you see, the less you believe.

[archives] [latest] | [homepage] | [atom/rss]

Cloning my noralsy home badge
Wed 10 May 2017 — download

I've got a nice flat, and one has to pass several doors before getting inside it. One of them can be opened with a badge from noralsy:

Picture of the badge

I got bored, and though that it would be a nice pretext to play a bit with mifare. I bought an ACR122 for a couple of euros, along with a few blank cards, plugged it into an USB port, ran nfc-list, and got this:

$ nfc-list
nfc-list uses libnfc 1.7.1
error   libnfc.driver.acr122_usb    Unable to claim USB interface (Device or resource busy)
nfc-list: ERROR: Unable to open NFC device: acr122_usb:002:011
$

The solution is simply to unload the pn533_usb module (and not only the pn533 one):

$ nfc-list
nfc-list uses libnfc 1.7.1
NFC device: ACS / ACR122U PICC Interface opened
$

Way better.

The keys can be bruteforced with mfcuk with ./mfcuk -C -R 0:A -s 250 -S 250, but it's smarter to try a few obvious keys with mfoc (along with this patch to speed things up) before, like variations of noralsy:

$ python bf.py output.mfd
[+] Found key A: 414c41524f4e
[+] Found key B: 424c41524f4e
[+] Everything was dumped.

Aka ALARON and BLARON: well done noralys.

The weird part is that the card is completely empty, expect the vendor-reserved block 00. The only remaining thing to do now is to check if I can open other noralys doors with my badge. It's also trivial to clone it: nfc-mfclassic w output.mfd output.mfd.

I thought that the whole process would be more complex, so I'm a bit disapointed, but at least I've got fancy badges for my friends now.