In a hands-on experiment, students tried to copy a MIFARE Classic access badge with a Flipper Zero. What worked, what failed, and why?
Reading and emulating a MIFARE Classic 4K access badge worked (the emulated badge even opened doors), but cloning it onto a MIFARE Classic 1K failed — the unique UID couldn't be overwritten and the 4K data didn't fit the smaller 1K card.
Findings from hands-on student experiments:
Successful attacks:
- Reading succeeded: the MIFARE Classic 4K access badge was read without problems.
- Emulation worked: an emulated badge via Flipper Zero actually granted building/room access.
Failed attacks:
- Cloning failed: copying the 4K badge onto a MIFARE Classic 1K card was not possible.
- UID not overwritable: the unique UID couldn't be overwritten.
- Memory incompatibility: not all 4K-badge data fits on the smaller 1K card.
Central insights: NFC tags react very differently to cloning by security level; cloning is possible but not equally easy for all tag types; older tags like the MIFARE Classic series have major security gaps, while modern tags (MIFARE DESFire EV1) are protected by strong encryption and mutual authentication. Emulation is often easier than physical cloning.
Tip: The big takeaway: emulation beats cloning. You don't need to overwrite a card's locked UID if you can just make a Flipper pretend to be that card — which is why emulation succeeded where cloning failed.
Go deeper:
MIFARE (Wikipedia) — the Crypto-1 break, Classic cloning, and why DESFire EV1 resists.