Busch-Jaeger key cylinder

Hey there, we recently installed a new key cylinder:

I got this implant: Dangerous Things Desfire NFC-Implantat xDF2
As i wanted the configure it with the key cylinder i recognized that the Busch Jäger Prox Cards are preconfigured/branded and i cant use it. Is there any way to get the configuration from one of the B&J Cards on the implant?

Thanks

Always a good idea to ask before you buy. While the xDF2 may be compatible with the lock, there’s no guarantee you can enroll it without putting the chip through a special provisioning process performed by the manufacturer.

Can you share a scan of the transponder that came with the cylinder here using an app called TagInfo?

Thanks for your answer, i tried to check it before with the company i bought it, but they also were not sure. I just checked it with Taginfo, see image attached, hope that helps?

Hmmm, it doesn’t say if there’s any applications loaded. Are you using an iPhone? Is there any “Full Scan” option with more details.

What is the process for enrolling new transponders on your lock?

Hey, yes it is with the iPhone, i tried another App and got this infos, is that more useful?
If not i can ask a friend with an android phone.

The process id the following

  • activating the add mode in the web interface
  • put the tag ner the lock
  • Tag gets recognized and saved
  • A Serial Number from the tag is shown in the web interface

That scan doesn’t tell us much more than the last one. It’s fine though. It sounds like the lock just checks the UID of the tag. You could try and purchase a test card like this and enroll it on your lock if you want to verify that it will work before you implant.

Okay, thanks for the feedback. How is the process with testcard and the implant than?

Basically you get a card that has the same chip as the one in the implant, attempt to do the whole process with the card, if it works you know it should also work with the implant. The only difference will be how good the coupling is because the implant is smaller, but you can also test that with the field detector keychain. If you already ordered you should have gotten one for free already

Note: the test card I linked is an EV1, while the xDF2 is an EV2. This shouldn’t matter, but there’s a slim chance it might

1 Like

My hunch though is that if they are shipping desfire chips with the lock then they are using the security features of the desfire… otherwise someone would be getting fired as those chips are many times the cost of a crappy mifare classic chip.

oh and don’t think “hey the lock company really wanted to be sure their lock was secure” because really what’s happening is they are leveraging those security features to lock you into having to buy fobs from them and only them… thanks guys!

1 Like

Unless it is specified by someone who doesn’t know what they are doing.

“We use desfire chips, because they are much more secure than MiFare”. But they are just using the UID. I have actually heard a similar argument from a different lock vendor, where they use a newer version of a chip which is much better than the old version… But they are just using the UID, so the actual chip features are irrelevant. (I have also dealt with software vendors who wanted specific, expensive, 3rd party features purchased because “We will be using them in an upcoming release”. Ten years later they still hadn’t used those features.)

I would think the only real answer would be to sniff the traffic using a Proxmark3 and see what is actually happening.

2 Likes

@Satur9 i also checked it with the implant and the key lock, it doesn’t work.

It really looks like that the tag itself stays empty and just the UID / Serialnumber gets recognized from the software. Is there any simple possibility (I Am quite new to this Stuff) to copy the whole information from on of my tags to the implant?

NFC tags usually have an unwritable UID. If the lock is using just the UID you should be able to enroll a new card.

It is possible that they are doing something more complex. Ideally you would use a Proxmark3 to sniff the interaction between the transponder and the lock.

Okay, thank you, i will order the proxmark3 and than get back to you guys here.

2 Likes