Use case: simple access controls based on Mifare cards. Read UID from card and allow access to a place based on that. The Reader has a cache of allowed UIDs or asks live to a server.
Blank cards are distributed in batches within which UIDs are sequential, for example AA BB CC 00 → AA BB CC FF.
So to a person having UID 00 is given access to a place where there is a reader, then cards until 09 are given out to other personnel not having that access. Then UID 10 has again access to that place.
So if I tried all the 11 UIDs on a reader I would have found that 00 and 10 open the door, assuming no lockout.
The request is for a function that allows setting the parameters for the card (maybe start from a saved card to be easier), and loop the emulation for all the UIDs in a range.
Parameters: UIDs range, time between each iteration, number of iterations to stop for an extra time (avoid locking when possible). Example:
UID AABBCC00, wait 1000 ms
UID AABBCC01, wait 1000 ms
UID AABBCC02, wait 1000 ms
UID AABBCC03, wait 1000 ms
UID AABBCC04, wait 5000 ms (after 5 UIDs wait 5000 ms)
UID AABBCC05, wait 1000 ms
You have no feedback other than looking at the reader or listening to sounds, but would be easier than generate and load hundreds of cards using navigation buttons. Pressing a button when the reader accepts the code will stop the bruteforce and keep the last N (like 5?) to see which worked and avoid situations like garage bruteforcing where you have to guess the code by narrowing a pool.
I’m not able to implement anything like that, just thinking about proposing it as a feature on github if sounds good.
Maybe some code can be reused to bruteforce/loop the garage* subghz, instead of generating tons of files