Is it dangerous that RFID's keys are FFF...?

I’m just a regular student studying computer science. I needed to clone my building’s access card because management charges about 50$ every time I need a new card. I bought a proxmark3 as an investment since I lose the access card from time to time.

So anyway, I found out that the “key” to my building access card and the key fob to my home’s smart lock is just FFFFFFFFFFFF. Isn’t this a major concern?

You’re gonna have to provide more details. Are you referring to mifare classic sector keys?

1 Like

More so if you tell people.

I magine it was a physical key
and the lock was keyed to all zeros

A blank key could open the lock
Raking and picking would be more than simple

BUT

somebody would:
Have a want to open the lock, or
have to be carrying around a blank key, or
Have to carry a basic pick kit, or
have to carry a screwdriver or equivalent,

Or

you dont tell everybody and nobody is the wiser

Or

Make the access administration aware of the vulnerability and suggest you take over the security with your computer science knowledge and it will open up an RFID playground at your disposal…

2 Likes

I would be very interested to learn more about what system they are using…

Is your badge running in EM mode by any chance?

It could be an inherent failure/manufacturer decision like a common rfid relay we use in various projects

I found several others also have the same behavior…

I’d be suprised if your company has any control or implemented those keys

I’d equate it to a lock being able to be comb picked as an analogy… it’s such an obvious oversight and is inexcusable

What is even more interesting is, if your saying your personal badge is FFF…. which is bad… but they might be using it for everyone else’s keys also… which is even more dumb…. Because you just eliminated like 90% of the advantages of rfid access control

2 Likes

From the sound of it, I don’t think this is LF. The pm3 doesn’t display sector contents while dumping, just keys. I believe this is the confusion. (On mifare classic that is)

1 Like

Agreed,
I think it will be a UID only system, so not the most secure, but it’s still something better than nothing

RFID tags are commonplace in buildings here in the UK.
I made a habit of being a broker of “free tag copies” for everyone I know (because those buildings charge between £15 and £30 for each additional tag)…

So far, all the buildings I checked use a single key for all their tags. (each building a distinct key, but all the users have the same key)

That said, I do agree with you completely there!

Right on the bullseye for the UK residential building market.

1 Like

It’s not a physical key, it’s a key fob to a smart lock

It’s using HF 14a? 14443-a

We got that bit.

The “physical key” @Pilgrimsmaster mentioned was a comparative analogy just to provide an easier example.

Essentially a keyfob is a “key”.
Picking an RFID keyfob goes through the same steps and motions as picking a physical key, only with distinct tooling.

Which means that your RFID Key being FFFF… is as much as dangerous as a physical key having all it’s teeth being exactly the same.

1 Like

I see! I’m still learning the lingo I suppose. I only learned enough commands to clone the RFID so I can save myself some money.

2 Likes

Scan it with Taginfo on your phone and it will tell you what type it is. Could be MIFARE Classic. What kind of card did you buy to clone it on to?

2 Likes