There is an ability in some of the Cyfral devices to unlock them by using the all-0xFF key. From the protocol POW it’s not correct because of the CRC, but there is no checking of the CRC on most devices. Just simple comparison. Also there is no checking how much keys are in memory. All the memory is being scanned. And a free space in memory is filled up with the 0xFF pattern. That’s why this worked.
This can be used as an attack vector.
Also it’ll be nice to have not just a copy mode, but an ability to manually input key code.