Cloning Hotel Keycards with Android | by m5kro | CyberScribers | Medium

AI Summary Hide AI Generated Summary

Equipment and Software

The process requires an NFC-enabled Android phone capable of reading MIFARE Classic cards (check for compatibility), a hotel keycard (ideally a MIFARE Classic card), a blank MIFARE Classic card (1k or 4k), and optionally, an external NFC reader. The necessary software is the MIFARE Classic Tool app, with Kali NetHunter and a custom kernel optionally used for external NFC readers.

Cloning Process

First, data is extracted from the hotel keycard using the MIFARE Classic Tool app. The 'Read Tag' option is selected, focusing on 'std.keys', and the data is read (multiple attempts may be needed). This data is then written to the blank MIFARE Classic card using the 'Write Dump (clone)' option. Only the first sector is usually needed, but multiple sectors may be required. Again, multiple attempts may be necessary.

Alternative Tools

If 'std.keys' fails, the tools 'mfcuk' and 'mfoc' are mentioned as alternatives requiring Linux and an external NFC reader. Android implementation would require Kali NetHunter and a custom kernel.

Security Implications

The article concludes that while NFC keycards are a useful security feature, their security can be easily compromised if not properly configured. MIFARE Classic cards are particularly vulnerable due to extensive research and common usage. The best mitigation is changing default keys and preventing card reading.

Sign in to unlock more AI features Sign in with Google
NFC logo

Cloning Hotel Keycards with Android

Most Hotels use NFC keycards. NFC stands for near field communication. It is used in a wide variety of products, from tags to keycards. Most smartphones today have NFC functions built in. Today we will go over how to clone a common hotel NFC keycard with an android phone.

Equipment:

Android Phone — Should have NFC capability and be able to read MIFARE Classic cards, a list of known incompatible phones here

Hotel Room Keycard — Hopefully a MIFARE classic card

MIFAREClassic 1k or 4k card — We will be writing the copied data here

Optional: external NFC reader

Software:

MIFARE Classic tool — Used to read and write cards

Optional: kali nethunter for external NFC reader

Taking Data from the Hotel Keycard

In this demonstration, I will be using a Nexus 5X running kali nethunter. We’ll start by extracting the data we need from the key we want to clone. In the MIFARE Classic Tool app, select the Read Tag option.

MIFARE Classic home screen

In the Read menu only select std.keys. Once std.keys is selected press the Start Mapping And Read Tag button.

Read menu

If it works you’ll see a page with a bunch of numbers and letters. This is the data stored in the card. You may have to try multiple times to get a good read depending on your phone. If you are unable to get anything try the extended keys option.

Once you have completed the steps above you should have the data needed to unlock the door.

Creating the Clone

Take the blank MIFARE Classic card and place it near your phone. In the app, select the write option. In the menu, select the Write Dump (clone) option. Select the dump you got from the previous step. There will be a popup asking for which sectors to copy. Typically only the first sector is needed but occasionally hotels will write to multiple sectors.

Write Menu (dunno why this photo is smaller)

Once you have selected the sectors a menu similar to the read menu will show up. Once again select std.keys or the extended version. The writing process may take multiple tries.

Sector Selector

Once the writing process is finished you can try the cloned keycard on the lock. If everything went well then the lock will open. If it doesn’t work then something must have gone wrong during the reading or writing process.

Key screen for writing

mfcuk and mfoc

If std.keys and the extended version don’t work then use these tools. Mfcuk and mfoc both require Linux and an external NFC reader. To use these tools on an android phone, kali nethunter and a custom kernel will be required.

I will not go over these tools in this article but you can find information on mfcuk here and mfoc here.

Conclusion

NFC keycards are a great security tool. However, a prepared attacker can quickly defeat its security if the card is set up incorrectly. MIFARE Classic cards are especially vulnerable as they have been extensively researched and are commonly used. The best mitigations to the attacks described above are to change the default keys on the card and to prevent the original card from being read.

Happy Hacking~!

Was this article displayed correctly? Not happy with what you see?

See Archived Versions Request Manual Review
We located an Open Access version of this article, legally shared by the author or publisher. Open It
Category: Security
Tags: NFC keycard cloning Android MIFARE Classic Hacking
Tabs Reminder: Tabs piling up in your browser? Set a reminder for them, close them and get notified at the right time.

If you often open multiple tabs and struggle to keep track of them, Tabs Reminder is the solution you need. Tabs Reminder lets you set reminders for tabs so you can close them and get notified about them later. Never lose track of important tabs again with Tabs Reminder!

Try our Chrome extension today!

Add to Chrome

Share this article with your
friends and colleagues.
Earn points from views and
referrals who sign up.
Learn more

Twitter/X
WhatsApp
Facebook
Save articles to reading lists
and access them on any device
Sign In With Google

Share this article with your
friends and colleagues.
Earn points from views and
referrals who sign up.
Learn more

Twitter/X
WhatsApp
Facebook
Save articles to reading lists
and access them on any device
Sign In With Google