Somehow this post skips an explanation of what it actually does. It's a passive RFID tag that sends 40 bits of data (5 bytes). The bits are changed in sequence. More of a brute force attack than a fuzzer.
I found the following interesting.<p><i>Using a curtain capacitors combo might initiate a DoS attack on the reader which will prevent legitimate tags from being read correctly after placing it against a reader only once. A hard reset to the reader will be required to resume work. Just FYI.</i><p>Seems like a cute way to create a diversionary scene or frustrate physical security personnel in physical pen testing.
Why bruteforce when you can just passively listen for a working code (once someone else uses their card)?<p>40 bits of bruteforce at 125khz, with every code being 40 bits long, results in 3125 codes/sec at best, thus it will take roughly 11 years.
Wonder if there's some sort of low-power hardware-easy problem you could use to reduce the request rate for individuals, instead of just shutting the device down when it detects a brute-force attempt. Seems to me that having hardware that breaks inconspicuously means you can't leave it as unmanned as you'd want to.
This made me wonder if iOS 11's CoreNFC API can be used in similar ways. It would be cool to consolidate my tags (building and office) if they speak NFC.