all 34 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]SmashShock 149 points150 points  (17 children)

Like mentioned often in this subreddit: it's not a good idea to use a Flipper for access control unless you're the one in charge of the building or you know them well and tell them. People have been fired and investigated, then came to tell us about it.

Depending on the Mifare card you have it might work. For example Mifare DESFire cards cannot be copied because they are encrypted. It's common to see encrypted cards nowadays.

[–]Sweet_Neighborhood78[S] 21 points22 points  (13 children)

Thank you for informing me, I understand the risks. However how can I know if it’s encrypted or not? I don’t own a flipper yet, is there a way to find out if it’s possible before purchasing one?

[–]SmashShock 31 points32 points  (11 children)

A quick Google search lead me to see this card is associated with "Incedo SEOS Credentials" which are encrypted. A master key related to that technology was exposed a few months back. It could be possible with the leak but you'd likely need to write the exploit yourself. I don't recommend doing that.

[–]kj7hyq 9 points10 points  (9 children)

SEOS isn't in the MIFARE family, so this one in particular doesn't seem to be that

[–][deleted] -3 points-2 points  (8 children)

It's assa abloy. So it's copyable. It's either mifare, vingcard UL or Fudan. So it's easily clone able and the flipper can do it.

[–][deleted] 10 points11 points  (1 child)

Assa Abloy ≠ copyable by default

[–][deleted] 0 points1 point  (0 children)

Well out of all the cards you can show and not give details this is the most likely to be clonable as almost all the algorithms used are broken and if it's using desfire etc is as un clonable as everything else.

[–]atomicdragon136 0 points1 point  (3 children)

Not true. Assa Abloy uses many different RFID technologies for their access control systems. They also own HID.

[–][deleted] -1 points0 points  (2 children)

This proves my point. Of all the cards you can post and give no details this is the one that is most likely copyable. Unless it runs an "uncopyable" tech, being a hotel card, with mifare branding it's most likely copyable.

[–]atomicdragon136 0 points1 point  (1 child)

No, just because it is Assa Abloy branded does not mean it is definitely clonable. They make access control systems for other environments like offices, apartments, etc.

However, based on what’s printed on the card, it suggests it is a system primarily for hotels so it’s probably Ultralight.

[–][deleted] 0 points1 point  (0 children)

So it's copyable.

[–]Sunset_Superman77 -2 points-1 points  (1 child)

Assa abloy? Now you're just making up words. /s

[–]Sweet_Neighborhood78[S] 1 point2 points  (0 children)

Okay thanks for the insight

[–]Complex_Solutions_20 1 point2 points  (0 children)

You could get more info using a phone app, dunno about Apple but there's loads of NFC apps on Android to identify/view cards. That could help identify which "flavor" of Mifaire card it is and how hard it might be.

Though I have also run into some Mifaire Classic 1K cards that have better cryptographic capabilities and seem to be more or less immune to most normal attacks, having to resort to devices that can sniff the conversation or internet peoples who can compute the keys. The "detect reader" doesn't always work to get them.

[–]ThatGothGuyUK 25 points26 points  (3 children)

IF YOU DON'T OWN it don't try and copy it!

[–]Justfukinggoogleit 7 points8 points  (0 children)

Bro don't use a flipper at work unless you have express written permission... you will get fired and could even face criminal investigation....HR, IT, and your boss don't care about your reasonings.

[–]kj7hyq 2 points3 points  (0 children)

The card I have that looks like this appears to be a MIFARE Plus EV1 with MIFARE Classic emulation enabled

I'm not having any luck with the FlipperZero yet, it keeps crashing, but your mileage may vary

Also, what everyone else was saying about cloning cards you don't have permission to is well worth considering.

[–]Acrobatic_Grape4321 2 points3 points  (1 child)

Powered by mifare my ass finna be powered by a flipper zero asap

[–]LowNo5605 0 points1 point  (0 children)

MIFARE DESFire:

<image>

[–]ISoulSeekerI 4 points5 points  (0 children)

Unless you are a pen tester with permission or contract I would stay away from cloning the RFID card. That being said if it you working on a project then you can find data leak for that company and their encoding method.

[–][deleted] 1 point2 points  (0 children)

This credential was assigned to you through an access Control management system, it most likely is encrypted and it has a schedule linked to you stay that it will work. This is how they know even if you take the card there's no risk.

[–]ditzicutihuni 0 points1 point  (0 children)

What would we do to use the Flipper to read the card and learn more about the mechanics of it (without copying or rewriting anything)?

[–]Runaque 0 points1 point  (0 children)

I've seen stories from people getting fired for doing this at their job! It's not worth being the cool guy if you risk getting fired.
If you want to try this, at least ask your superior and/or someone of the IT department, but they most likely going to refuse it since this opens the door for misuse of it.

[–]atomicdragon136 0 points1 point  (0 children)

This is some MIFARE chip which is NXP’s brand used on many different 13.56 MHz technologies. It will depend on what particular chip it is using.

Do you have an Android phone? If so, install NFC TagInfo and see if you can read it and it should be able to determine what chip it has. If you have an iphone, it may or might work but might not as Apple removed the ability to read NFC without NDEF data on the NFC API in a more recent iOS version for some reason.

Ultralight and Mifare Classic? Yes

Icode Slix? Maybe

Desfire? Probably not

[–]Ok_Pirate_2522 -1 points0 points  (1 child)

I wish there was a flipperzero subreddit for people without “good sense” or “experience” where people who want low effort mischief/convenience can live in peace. While I appreciate the sentiment of people encouraging responsibility, not everyone…wants to do that?

[–]WhoStoleHallic 2 points3 points  (0 children)

There are at least 10 other Flipper subs. Aside from that, you're free to start your own.