Is there a way to brute-force open "WinkHaus BlueChip" Access Points?

frippel_hz · July 28, 2023, 7:52am

I’m talking about this older version of the Keys and the Access-Points/Key-Reader.

Keys:

Access Point: (The one in the Top Left corner in the first Picture)

I found out that those Access Points work with RFID, but I don’t know if there is any way of, for example, Brute-Forcing it to grant me access to open the connected door. I tried the Flipper-Unleashed Brute-Force ones, but the Access-Point won’t even respond, unlike with the real Keys (those that don’t have the permission to open the door, which the access-Point is connected to), where it starts to beep. The Blue-Chip keys don’t have a Battery and only interact when they are being put into a Lock or onto an Access Point.

I’m fairly new to the whole rfid Subject and would appreciate some suggestions (if it’s even possible).

Sir_Fap_A_Lot · July 28, 2023, 8:35pm

My grandpa had one of those installed when healthcare needed to be able to have easy acces to his place, and i scanned a couple of these fobs, they are all LF tags that are pretty easy to clone, just brute-forcing them i do not think the flipper is the ideal tool for it but something like the proxmark3 and proxbrute firmware from github would be more fit for this, or you have to be bored to port the proxbrute to the FZ.

You could try the fuzzers and try all 0 or 12345 alike and hope that one of these are portential manufracture defaults that could work around it but i have not tried my self so far.

wilddolphin · November 25, 2023, 5:05pm

Was anyone successful in attacking the WinkHaus Blue Compact lock(Its a successor of Blue Chip)?