NFC st25ta support

[SkalkaA]

Description of the feature you're suggesting.

Bought a smart lock ROTHULT made by IKEA, which uses st25ta 14443A cards for access. Currently it is not possible to emulate these cards with a Flipper.

It is possible to read/emulate them, and to extract the password using a Proxmark3 in standalone mode by touching the lock itself, thereby making a copy of the master card*. It would be great if something similar could be done on the Flipper.

*This shows the cloning mentioned: https://www.youtube.com/watch?v=Q08qhJ3TOM8&ab_channel=QuentynTaylor

Anything else?

No response

[skotopes]

Yep, we have it in backlog. We'll come back to it a little bit later.

[woodyc79]

Interesting: If i go to NFC/Detect Reader, the IKEA lock will open/close!

[zeano]

Hello, i noticed the same thing using Detect Reader on my IKEA lock.

[SkalkaA]

The lock can save any? NFC tag in its memory to use as a new access card. This saving function (as stated in the manual) is available when a new card is used a under a minute after the lock has been locked/unlocked with the included master card. I'm guessing that's what's happening here.

Any progress on the cloning of the master card? EDIT: Sorry, closed this on accident. Also thank you for the amazing job, I'm loving the continuous development you guys are doing!

[MichaelGrafnetter]

Interesting: If i go to NFC/Detect Reader, the IKEA lock will open/close!

@woodyc79 @zeano This is expected behavior, as in the unlocked state, the ROTHULT device can be locked with any other card and then re-opened with itsame card (same UID). And the Detect Reader feature of Flipper just emulates a Mifare card with a constant UID.

[ChrisD0lpgr3n]

I have the same problem: Emulating cards are not recognized But that's not a main problem with the lock: a tag that I had previously cloned (RFID Tools and PN532) to a Magic Tag, worked

I'll test whether it works if I clone the card/chip read with Flipper onto a Magic Tag using the Zero

[ChrisD0lpgr3n]

I have the same problem: Emulating cards are not recognized But that's not a main problem with the lock: a tag that I had previously cloned (RFID Tools and PN532) to a Magic Tag, worked

I'll test whether it works if I clone the card/chip read with Flipper onto a Magic Tag using the Zero

Now the chip, read out with a flipper, is written onto a magic tag, which Rothult opens and closes Emulating the same chip doesn't work

(I can't test with the original Ikea cards, the Magic Tag doesn't accept them)

[skotopes]

Looks like this issues already solved.

[bettse]

I think this may been closed prematurely. If the OP was asking for support of the st25ta chip. The issue gets confused because the ROTHULT locks have both master keys, as well as support any 14a UID emulation. It doens't help that the OP's video link was to github and not to the actual video: https://www.youtube.com/watch?v=Q08qhJ3TOM8

The key pieces to supporting the ROTHULT's st25ta seem to be:

• Detecting it by ATQA/SAK (https://github.com/RfidResearchGroup/proxmark3/blob/master/armsrc/Standalone/hf_tcprst.c#L103-L106)
• Saving partial data
• Emulation of UID back to lock and capture of 16 byte password (akin to NTAG's password capture I think)
• General type 4 NDEF reading support (https://github.com/RfidResearchGroup/proxmark3/blob/master/armsrc/Standalone/hf_tcprst.c#L77C7-L88)

[skotopes]

@bettse true, we'll take a look into st24ta implementation. However we still lack cards and systems that uses it.

@doomwastaken can you take a look on it, we need cards and this lock.

[bettse]

Are their IKEA anywhere nearby? https://www.ikea.com/us/en/p/rothult-smart-lock-white-00429619/ (comes with lock + 2 st25ta 'master' cards)

[skotopes]

Surprisingly not. Ikea japan is not selling this lock.

[doomwastaken]

I will order them to one of the offices

[doomwastaken]

Ordered it, will have in few hours

[SkalkaA]

I do have a Proxmark3, IKEA lock and the cards. Flipper also, of course. If you need help beta testing, I definitely could try.

[afroewis]

I bought a Rothult and a Flipper Zero and confirm that Flipper is not able to unlock the Rothult by emulating the shipped card. In my case, it also doesn't work one minute within opening the lock with the shipped card.

Would be awesome if you could implement this at some point. Anyway, thanks for all your work!

[skotopes]

@SkalkaA @afroewis please ping @gornekich