Title: Cloning my noralsy home badge
Date: 2017-05-10 22:00

I've got a nice flat, but there are several doors to pass before getting
inside it. One of them can be opened with a badge from
[noralsy](http://noralsy.com):

<a href="./images/mifare.jpg">
<img alt="Picture of the badge" class="half_img" src="./images/mifare.jpg">
</a>

I got bored, and though that it would be a nice pretext to play a bit with
[mifare](https://en.wikipedia.org/wiki/MIFARE).
I bought an [ACR122](http://www.acr122.com/) for a couple of euros, along with
a few blank cards, plugged it into an USB port, ran `nfc-list`, and got this:

```
$ nfc-list
nfc-list uses libnfc 1.7.1
error	libnfc.driver.acr122_usb	Unable to claim USB interface (Device or resource busy)
nfc-list: ERROR: Unable to open NFC device: acr122_usb:002:011
$
```

The solution is simply to unload the `pn533_usb` module (and not only the
`pn533` one):

```
$ nfc-list
nfc-list uses libnfc 1.7.1
NFC device: ACS / ACR122U PICC Interface opened
$
```

Way better.

The keys can be bruteforced with [mfcuk](https://github.com/nfc-tools/mfcuk)
with `./mfcuk -C -R 0:A -s 250 -S 250`, but it's smarter to try a few obvious
keys with [mfoc](https://github.com/nfc-tools/mfoc)
(along with [this patch](https://github.com/nfc-tools/mfoc/pull/32) to speed
things up) before, like variations of `noralsy`:

```
$ python bf.py output.mfd
[+] Found key A: 414c41524f4e
[+] Found key B: 424c41524f4e
[+] Everything was dumped.
```

Aka `ALARON` and `BLARON`: well done *noralys*.

The weird part is that the card is completely empty,
expect the vendor-reserved block `00`. The only remaining thing to do now is to
check if I can open other *noralys* doors with my badge.
It's also trivial to clone it: `nfc-mfclassic w output.mfd output.mfd`.

I thought that the whole process would be more complex, so I'm a bit
disapointed, but at least I've got fancy badges for my friends now.
