Breaking the Dormakaba Saflok: A Master Key in Your Pocket

TLDR: Researchers at DEF CON 2024 demonstrated a critical vulnerability in dormakaba Saflok hotel locks, enabling unauthorized access to any room in a property. By reverse-engineering the proprietary key derivation function and data encryption, they developed a method to forge master keys using standard RFID hardware. This attack highlights the dangers of relying on insecure legacy protocols like MIFARE Classic and underscores the need for robust, modern cryptographic standards in physical access control systems.

Physical security often feels like a black box to those of us who spend our days hunting for web vulnerabilities or analyzing binary exploits. We assume that if a door is locked, it stays locked. The research presented at DEF CON 2024 on the dormakaba Saflok system shatters that assumption, proving that even the most ubiquitous hotel locks are vulnerable to a well-executed, low-cost attack. This isn't just a theoretical exercise; it is a masterclass in reverse engineering and hardware exploitation that every security researcher should study.

The Anatomy of the Attack

The Saflok system, found on millions of doors worldwide, relies on RFID key cards to manage access. The researchers discovered that the system’s security model is fundamentally flawed due to its reliance on MIFARE Classic cards. These cards have been known to be insecure for years, yet they remain the backbone of many legacy access control deployments.

The attack flow is elegant in its simplicity. First, an attacker needs to obtain any valid key card from the target hotel. This could be their own room key, an expired card found in a hallway, or even a card purchased from a secondary market. By reading this card with a Proxmark3, the attacker can extract the property ID and other configuration data.

The core of the vulnerability lies in the proprietary key derivation function (KDF) used by the Saflok system. The researchers reverse-engineered the SaflokCardEncoder.dll and the Firebird database files used by the hotel's management software. They found that the KDF was not only predictable but also implemented in a way that allowed them to derive the necessary keys to read and write to any sector on the card. Once they could manipulate the card data, they could forge a "resequencing" card. This card, when tapped against a lock, forces the lock to update its internal state to match the forged credentials, effectively turning the attacker's card into a master key for that specific property.

Technical Deep Dive: From Database to Door

The researchers utilized dotPeek to decompile the .NET binaries associated with the Saflok management software. This allowed them to identify the KABAGetSecuredKeys function, which was the linchpin of the entire security architecture. By porting this function to Python, they created a tool that could take a card's UID and output the correct keys to authenticate with the lock.

# Simplified representation of the KDF logic
def derive_key(uid):
    # The KDF uses the UID to generate the sector keys
    # This logic was extracted from the SaflokCardEncoder.dll
    return generated_key

The most critical field in the card data is the "sequence and combination" field. This field acts as a counter, and the lock uses it to invalidate older cards. By forging a card with a higher sequence number, the attacker can effectively "reset" the lock's expectations, allowing them to bypass existing access controls. The researchers noted that while the property ID is specific to each hotel, the underlying logic remains consistent across the entire Saflok product line, making this a systemic issue rather than an isolated bug.

Real-World Implications for Pentesters

For a penetration tester, this research is a goldmine. If you are tasked with a physical security assessment of a hotel or a facility using Saflok locks, you now have a clear path to demonstrate the risk. You don't need to be a hardware expert to replicate this; the tools are readily available, and the methodology is well-documented.

During an engagement, the impact is absolute. An attacker with a forged master key has the same level of access as hotel staff. They can enter any room, access restricted areas, and potentially manipulate the lock's audit logs. This falls squarely under OWASP A07:2021 – Identification and Authentication Failures, as the system fails to properly verify the authenticity of the credentials presented to the lock.

Defensive Considerations

Defending against this type of attack is difficult because it requires a hardware-level change. If you are responsible for a facility using these locks, the only real solution is to upgrade to a system that supports modern, encrypted credentials like MIFARE DESFire or MIFARE Ultralight C. These cards use AES encryption, which is significantly more resilient than the outdated protocols found in MIFARE Classic.

If an immediate upgrade isn't possible, consider implementing physical mitigations. Devices like door wedges or deadbolt straps can provide a layer of defense that doesn't rely on the electronic lock's integrity. While these are stopgap measures, they can prevent unauthorized entry during the transition period.

The Saflok vulnerability is a stark reminder that security is only as strong as its weakest link. In this case, the reliance on legacy, insecure protocols created a massive, global security hole. As researchers, our job is to find these holes and force the industry to move toward better, more secure standards. Keep digging, keep questioning the assumptions of the systems you test, and never assume a locked door is truly secure.