MIFARE Ultralight C and Ultralight AES cards replaced Classic after its security was broken, but the upgrade introduces its own exploitable weaknesses. Through relay-based man-in-the-middle techniques and partial key overwrites combined with EEPROM tearing, an attacker can reduce the 3DES keyspace to a point where brute-force key recovery becomes feasible with modest resources. Counterfeit cards from Giantec, Feiju and USCUID compound the problem further.

In this insightful discussion, Nathan Nye of True Anomaly and Philippe Teuwen of Ledger discuss:

• How relay attacks authenticate with Ultralight C cards without knowing the key, and how partial key overwrites make brute-force recovery practical;
• How Ultralight AES and NTAG DNA tags are similarly weakened when integrity checks are absent or bypassed;
• What field observations in hospitality deployments reveal about real-world prevalence and the case for key diversification.