Hacking vs Cloning

I have found an access system I would like to fit on my front door but first I want to fully understand the vulnerabilities. The specs for the RFID reader are given as:

  • Multistandard 13,56 Mhz
  • ISO14443A/ISO14443B
    (Mifare Classic/Plus/Desfire).

I know that legacy Mifare cards have little or no protection from cloning but I’m not worried about somebody cloning a chip in my hand.

Can the protocols listed above be hacked at the lock without even needing a card? (the digital equivalent of picking the lock rather than making a covert copy of the key.)

Ideally I want a lock protocol that is hard to hack at the lock with cards that can be easily written to a chip.

Just in case anyone still had doubts, I imagine that this question makes it extremely obvious that I came here from bodymoding, not from tech! :rat:


As I understand it:

There’s not really any good way to compromise a good RFID system without:

  • Getting a read on a working credential (The chip in your hand), or
  • Taking apart the lock itself and messing about with the electronicals inside (Often to use it to get a good read on a working credential), or
  • Brute-force trying every possible UID trying to find one that’s accepted
  • And of course you could physically bypass the door/lock somehow

If you have the details on the system you’re looking at, someone may be able to give more specific advice


Someone is more like to throw a rock through a window and climb in than “hack” your access control …


Makes me think of the xAC though. I wonder if some locks out there might have a similar issue. Your common B&E person isn’t going to know that though, they’ll just kick in the door or break a window, unless you’re holding onto some top secret G43 classified stuff.


I wanted to test that woth some of the wireless units like this one:

However, I no longer have a use for one.

1 Like


1 Like

What’s up with the xAC?

Nevermind, I found the related thread :slight_smile:


Let me give you my 2 cents on security, and especially locks.
Usually locks are there to say, stay out.
I do not believe that there is something a human mind invented that cannot be reverse engineered and “hacked”. When such attacks are performed the rule of thumb is to identify the weakest link in the security chan then exploit it. So as @XEMON mentioned, a rock in a window would take 2 seconds, than messing up with a rfid lock. Bear in mind that even physical locks can be picked. For physical access usually vectors are - pick the lock, or break the lock. Both result in gaining access to your “assets”. Of course there are cylinders with diff complexity, thus one or another attack vector can be chosen when time is the critical factor.
Now here is the second thing, as locks (speaking in general) increase the complexity implemented, the price follows.
Here is something else, unless you live in a nuclear power plant or a bank safe, or in a underground bunker or something, investing in such high security locking system may not be needed. I do not want to ruin your day but in case someone decided to go in, and have all skills to do so, chance of success is kinda high. It really depends how far the bad guy wants to go and how much time and effort he would like to invest and what he’ll get in return.
Would you mind sharing what system you were looking at. Here in EU, I have some trouble finding a samsung deadbolt, and I was considering this recently.


Thank you all for your replies. Bottom line: the locks are not the weak link and when we talk about a protocol being vulnerable we are talking about how easy it is to copy a key.

1 Like

A lock is just another layer of physical security to slow down an attacker. Mifare Desfire would be the best option as its the most up to date and not possible to clone. Make sure its not backward compatible to avoid any mifare classic related hacking vulnerabilities.

When you say “not possible to clone” is that going to be a problem for putting the key on a chip?

1 Like

Probably not, usually it’s the other way around, the access controller doesn’t store a “key” on the chip, it just learns the chip’s own information for future recognition

1 Like

If it’s a system you retain total control over then it should be a case of enrolling the chip directly. What you can’t do is clone an existing desfire card directly to a chip (non uid clonable). Therefore you cannot create a backup of an existing keycard to the implant. Each keycard and implant would have to exist as seperate enrollments on the system.

It comes down to understanding what allows a particular card infrastructure to be cloned and how these vulnerabilities are countered in the desfire series. There are ways to make a mifare classic keycard/implant more secure but vulnerabilities will still exist in off the shelf readers that use this tech and thus are just better to avoid or build a custom unit.

So in this case the xMagic’s ability to change its UID would not be enough to enable it to clone a Desfire card because it can only emulate Mifare Classic chips?

But if I have control of the lock’s access system I would be able to enrol the Mifare Classic chip side of the xMagic.

However, if I wanted the extra security of the Desfire chip I would have to implant an xDF2 and enrol that.

Have I got it all straight?

(Oops! added the extra questions into the post before seeing Amal’s reply below)

Correct it behaves like a mifare classic, not a desfire which has totally different commands and memory structure from a mifare chip

1 Like

That’s right :+1:t2:

If you want to go down the rabbit hole a little further you can explore more about 4 byte and 7 byte uids. Mifare classic changeable uid is 4 byte uid. Whilst desfire do 4 and 7 byte cards, the desire implants are 7byte uids.

Existing Implant capabilities are one thing, but there are other generally available chips that may have interesting emulation / cloning features, see for example this standard pack of Lab401. It seems to me that just relying on the UID might not be good enough. Hopefully secure systems actually use solid cryptography™ rather than checking the UID, but I do not know about any.

Useful background article on how the mifare classic cryptography was cracked

And yet its still marketed by the major companies


And another document by (Institute for Computing and Information Sciences
Radboud University Nijmegen) on hacking and reading nonces from mifare classic readers


And a less technical document