Clone a Cruise card?

I have the Next implant in my left hand, I’m on a cruise and the cruise uses nfc cards. I’ve scanned the card with a flipper and it is a Mifare Ultralight C. It says it has password protected pages but does not give me the option to clone it to my hand. Is this possible or no… I’m just trying to open the door with my hand for the week!!

1 Like

Not likely. The ultralight c is the precursor to the ntag family but the admin pages as they are called are NDA protected, meaning you can’t even get documentation about them unless you sign an NDA. They loosened up a bit when it came to ntag chips but the way they work is not the same as ntag so cloning memory contents and features from ultralight c to ntag is not possible. Also the ntag cannot change its serial number either so even basic cloning is out.

1 Like

ok so no you arent cloning this to your implant but you can add it to your flipper maybe. if they’re doing what every other cruise ship has been doing.

you need to enter the key 425245414B4D454946594F5543414E21 and see if it lets you dump it.

if it does you can have it on your flipper but not to your implant unfortunately. unless you have the UMC implant flexUG4

4 Likes

eh?

ultralight C is newer than ntags (2xx family anyway, type4 tags be different but still its not really about age etc)

1 Like

Oh? I really don’t think so…

NXP introduced the MIFARE Ultralight C in 2008

Conversely, I remember the introduction of ntag family chips in 2012 just before launching dangerous things… in fact it was one of the reasons I decided to base the xNT on the ntag216

1 Like

damn i swear it was older, perhaps I’m thinking of aes.

either way, there is fuckery afoot with cruise ship ulc’s it’s a big talking point recently about them using the default BREAKMEIFYOUCAN! key all over the place hahaha

2 Likes

UL-C is old , second guessing @amal is a bad habit. He knows his stuff.

The default key is what it is. Not sure why it would be a big talking point.
If they use it , you can clone the data to another UL-C.
If not you can’t …

Be happy they use it or you wouldn’t be able to do anything fun.

Regarding UL-C, the communication isn’t encrypted which enables you to sniff the traffic and that way extract the data which the readers wants.

UL-AES is a new product going from 3DES to AES.

  • Signature (ECDSA)
  • Autenticated UID
  • Data protection
  • Random ID (RID)
  • Secure CMAC messaging

Its a different beast for sure.

3 Likes

because a 1bn$+ cruise ship is using the default key. that’s discussion worthy at least in the circles i run in.

and yes, i did say i must be thinking of AES. forgive i slip up.

point remains if this person wants to go ahead with trying to clone it they should give the default key a try (now the flipper lets you add a key :pray:)

2 Likes

I guess we run in different circles.

1 Like

Some on the circles I deal with belong in the you know what thread, so both of you are doing better than me.

2 Likes