Since now we have another AMS/CFS from creality, which I got, I was thinking to reverse engineer that too.
It more less works the same way. keys are generated from UID, and I was able to sniff keys and get the data, but they are encrypted.
However, it happened that Creality released early spools with generic keys FFFFFFFFFFFF and decrypted Data, which ~I am able to clone change and write to new tags. I will assume eventually they will make it stop using default keys but for now that works.
However it seems that data are not encrypted with rfid key, but with something with some single logic.
Given your experience on trying to crack Bambu rfid, maybe you would like to assist me with cracking creality CFS rfid ?
I have 2 pairs of UID/KEY and set of decoded and encoded data, which I know what data should look like when decrypted.
Maybe it would give some ideas for cracking Bambu rfid.
Since now we have another AMS/CFS from creality, which I got, I was thinking to reverse engineer that too.
It more less works the same way. keys are generated from UID, and I was able to sniff keys and get the data, but they are encrypted.
However, it happened that Creality released early spools with generic keys
FFFFFFFFFFFFand decrypted Data, which ~I am able to clone change and write to new tags. I will assume eventually they will make it stop using default keys but for now that works.However it seems that data are not encrypted with rfid key, but with something with some single logic.
Given your experience on trying to crack Bambu rfid, maybe you would like to assist me with cracking creality CFS rfid ?
I have 2 pairs of UID/KEY and set of decoded and encoded data, which I know what data should look like when decrypted.
Maybe it would give some ideas for cracking Bambu rfid.