This post is meant to detail common security issues for various stand-alone access controllers.
H2002D v2.4 (25B14) 125kHz EM410x
Does not respond to 00:00:00:00:00 card IDs (drop)
Rejects FF:FF:FF:FF:FF card IDs (block)
*Only checks last 26 bits (LSB) of EM card IDs
*There are 67,108,863 different value combinations provided by 26 bits. Because the 26 bits which are checked are the last 26 bits (LSB), serialized cards made from the same wafer should all have unique 26 bit LSB values.
H2002C v1.4 (25B12) 13.56MHz ISO14443
Does not respond to 00:00:00:00 card IDs (drop)
Rejects FF:FF:FF:FF card IDs (block)
*Only checks first 24 bits (MSB) of 4 byte card IDs
*Only checks first 16 bits (MSB) of 7 byte card IDs
*The primary problem with this access controller checking only a limited number of most significant bits (MSB, i.e. the first bits starting from the left) is that serialized cards or fobs manufactured with chips that all come from the same wafer are all bound to share a significant number of identical leading bits. The likely outcome is that any card or fob produced with chips from the same wafer will all authenticate successfully if just one of them is added to this access controller as an authorized ID.