Those folks at motogadget charge about $40 for their mo.lock (the NFC version) keys–we can do a lot better. And we have : )
The motogadget mo.lock is pretty slick with an idle current usage of 6ma (which is will reduce further as such: 3.2 mA, after 16h 1.5mA, after 8 days 0.75mA), easy installation, +12 vdc compatiblity, and relatively high security compared to literally every other lock using type 2 NTAG transponders.
The catch with mo.lock transponder keys, is that you can’t have NDEF records. Well, technically, you can but phones won’t access them. Memory starting at block 8 up until the config at the end is available–but that only helps advanced users.
What about implants? You’ll all hear more about that in the future.
Ok so.. we can’t tell you what to write because we don’t know! They actually use a password and password-acknowledgement key derivation system based on the UID to determine each, and we have not discerned the algorithm. However, we did file a CVE vulnerability regarding their system;
The fact of the matter is, we can brute force their system using an actual physical mo.lock NFC lock in a brute forcing jig we have here. We run the system on a given implant and lock and once the correct acknowledgment is found, we write it and package the implant for sale. What we can’t do is accept your implant or card or fob and run the brute forcing process. Why? Well it’s not a technical limitation, but it would be “hacking as a service” which carries different legal issues and potential liability issues along with it. By creating new compatible products using a system of trial and error for each tag we sell, there are some key differences;
we are not breaking any “digital locks”, we simply ask the mo.lock “register this one?” and it says “yep” or “nah bro”. In this way we are not reverse-engineering their algorithm and are not (to the best of our assessment) not running afoul of the DMCA et al.
there is no way you could compromise security of an existing mo.lock in the wild with an NFC chip we have pre-configured to be compatible with mo.lock. we are simply configuring the transponder so the mo.lock could register it, if you had the master programming tag and performed the registration process. if we accepted UIDs and produced the proper configuration for the given UID, we have no way to know if you are attempting to clone a sniffed transponder so you can go steal a bike or whatever. by only selling completely new card or implants pre-configured to be simply be compatible with mo.lock, we avoid this legally iffy scenario entirely.
