Read ski pass card (keyCard brand)

I own a ski pass at Le Massif, and I wanted to see what info i could get out of it with the flipper.

The brand that makes the pass is keyCard. My google searches didn’t help…

It seems like there is a 20 chars ID related to it.

Can someone help me understand why it can not be read?


I don’t know how it works, maybe it’s not a supported frequency (13.56Mhz or 125Khz).
But for ski pass there is a “timeout” of couple seconds or minutes each time it’s read. They don’t want people to have 1 ski pass for 2 and just give it to the person behind.

Hello there,

Ski passes have an embedded encoding into them . This differs from brand to brand. There are more secure ones (AES-encryption) and less secure ones. The thing with ski passes is that they communicate with the reader to gain the encryption key. If you manage to read information on them it will most likely be encrypted and to no use to you. Sure, you can try to guess the key but first you have to know what protocol they have implemented on the card. You could find this by checking the vendor for the actual card. Ski-Data uses AES I believe (not sure tho)

Is it possible to hack the ski passes in order to gain ‘free’ access to the slopes?

The pass is just ‘a electronic key’. If you’ll get something free depends on the system. Most times the value is not stored on the card, it is stored on the backend server. The card tells the access terminal where to search on the server.

This is the abstract theory, the valuable knowledge.
Doing this is illegal. Even trying is illegal. Don’t do this.
Except you own a ski slope, in this case, feel free to mess around. The vendor of the RFID access system will happily tell you more about the access mechanism.