A tale of 102 RFID cards
A tale of 102 RFID cards: EM4100 protocol cards are factory programed with an 8bit Customer or Version ID, 32bit unique code and some parity information. [..] This gives a total keyspace of 4,294,967,296 (2^32) or 1,099,511,627,776 (2^40) if you are using unique Customer or Version ID’s. At the theoretical minimum transmission speed of 28ms this gives a worst case brute force time of 3.81086182 years or 975.580625 years if using unique Customer or Version ID’s. [..] So with the entire security of the system relying on the strength of the random number generator used to program these cards, lets have a look at two separate packs of 51 cards i bought on eBay from china. [..] 99 of the cards had the same Customer or Version ID of 0×06 with the remaining 3 cards having 0×07.