Yeah they are desfire but like so many other RFID technology implementers, they are using the security features of that transponder to lock their customers in. They set keys at the factory and create secure applications on the card so that only those cards will work with the cars. That’s how they can sell you a $0.30 RFID transponder for $270.

Summary

CUNTS

It’s even worse than that. It is the nut that holds the steering knuckle to the upper control arm which unlike a axle nut isn’t normally castellated and pinned. What it comes down to is the factory not properly torquing down said nut.

edit: I forgot to mention why it is worse. Normally if you have a wheel fall off you still have somewhat predictable control of the vehicle but when the wheel just falls outwards while still being attached can cause unpredictable behavior which can include loss of control especially at high speeds.

Could Tesla disable in some way the VivoKey Tesla Nak applet to stop the pairing of VivoKey Apex based devices with Tesla vehicles without affecting also their official applet and so the official Tesla key cards from pairing?

Technically yes it’s possible but unlikely.

Hi @amal,
just got my Apex-flex placed yesterday. Ik was surfing around to find if there allready is a javacard applet for BMW available, but couldn’t find any.
I have a 2022 model BMW with NFC lock and am happy to help with any R&D!

Interesting! Do you have a proxmark3? Getting some good sniff data between card and car would be a good start

Nope, I don’t (just yet )
what I can do in the mean time, is do a readout of the card with TagInfo. Would that be of any help?

It’s a start (pun!)

Here you go:
https://www.dropbox.com/scl/fi/3czpusayxfu1qmex702rl/EF-08-06-27_15-aug-24-22-06-04_taginfo_scan.txt?rlkey=laww6j7hxxbtqeneybgenabvo&dl=0

Ok interesting. It’s for sure a smart card so likely uses an applet… but Mifare emulation is also active and there are some custom keys there as well. It’s highly unlikely they use the Mifare stuff at all for the car… but stranger things have happened… a sniff with a proxmark3 is the next step to determine if they used an expensive smart card chip to emulate a terribly stupid Mifare protocol for car access.

Hmmm… the car can also be unlocked with an iphone and afik the iphone doesnt do mifare.
So I’m hoping the security of my car isnt a complete joke

Next step: get me a proxmark3 and check back in for further instructions.

Let’s say an applet is used for unlocking and starting the car: what are the changes that such an applet can be build by the community?

Honestly pretty low but could be possible.

warning, noob question:
such an applet is something that cannot be cloned as a whole from card A to card B?

No it’s not possible. Applets loaded on chips are not extractable.