

Copying a hotel keycard onto an NYC MetroCard - daeken
http://www.youtube.com/watch?v=Q3iqAp5aaJc

======
vegasbrianc
Not exactly ground breaking. This is standard functionality of most card
readers/encoders. You can do the same with your credit/debit card with the
same results. The information on the mag stripe is not encrypted and just
plain text.

~~~
daeken
You're certainly right that there's nothing groundbreaking here; tons of
people have done similar things. I just thought it was interesting to clone it
onto a random metrocard. However, the data _is_ encrypted, you just don't need
to care about the encryption when you're doing a bit-for-bit clone.

------
X-Istence
Major Malfunction had a great class at Black Hat: USA last year, and has been
at DefCon/SchmooCon as well showing how insecure these systems are.

Check out <http://rfidiot.org/> for some of his research into RFID, mag strip
cards and all that jazz. It is all very interesting.

~~~
dfox
Fact that you can copy magstripe keycard has no security implications. The
whole idea behind hotel keycards is that each guest gets unique code on
keycard and thus cannot use his copy after leaving hotel. In fact it is pretty
secure design: you don't defend against copying, you simply expect that
copying is possible.

~~~
X-Istence
Except it is easy to fake the key, there are videos of Major Malfunction
changing the key to lock out all other keys, to lock out "older" keys and all
kinds of other neat tricks.

Copying and modifying the data is too simple, there is no real security on
those cards. The data is not encrypted on the card, it is just a proprietary
format. Once you get a couple of cards it becomes easy to understand the
various different data fields and what they mean.

------
nrr
First off, this is way too hilarious even several hours after the fact. :)

Perhaps one thing needs to be said about the whole high-coercivity thing on
transit passes. I kind of figured that the MetroCard (and likewise with, at
least, the CTA Transit Pass and the St. Louis MetroLink weekly/monthly passes)
used such a strip because of the generally carefree nature that people take
with their magstripe tickets for public transit. I can't recall the last time
I've handled anything like that with care, but at the same time, it pretty
much just works no matter how badly I manage to treat it.

I guess what I'm trying to say is something like "lawl hax." Now, the trick is
to do stupid stuff with the data on the card. ;)

------
dalore
Not really news. They will change the code anyway after you move out whether
you've returned all the keycards or not.

------
rit
There's a great article on similar situations at:

[http://www.berghel.net/col-
edit/digital_village/dec-07/dv_12...](http://www.berghel.net/col-
edit/digital_village/dec-07/dv_12-07.php)

He talks about being brought in to help the cops figure out why they kept
arresting hookers, crooks, etc with pocket fulls of hotel room keys. It turned
out they were encoding stolen credit & atm cards on them.

------
kierank
Did the hotel keycard have anything interesting encoded in the magnetic data?
I've heard stories about credit card numbers and the likes being stored in the
clear on them.

~~~
alnayyir
Daeken's a cool guy, but the more time you spend here, the more you'll learn
that he'd do a press release for an exceptional ham sandwich.

~~~
stcredzero
I'd be interested in a really good ham sandwich.

(It's my lunchtime!)

------
thmz
Could be handy when they charge you for an extra keycard.

But we already did this 10 years ago with a cheap card reader/writer. So the
news part is a bit missing here...

------
jared314
They both have magnetic strips. Ha...I don't get it.

~~~
daeken
The funny part for me is the fact that the original keycard was lo-co and lost
its magnetism in a day of moving around and having it next to another magnetic
strip, where as the cloned MetroCard remained perfectly functional. Not to
mention that (with the vendor the hotel is using), an encoder capable of
handling hi-co is twice the price of the standard encoder, or about 16x the
price of the MSR805 used for the cloning (which does low- and hi-co).

------
fuxx0r
What a great hack!

We need more ppl who makes hacks to hardware. Technical stuff can always be
hacked by us :)

I love it!

