Disney World Magic Band Chips (nRF24LE1)

Going to Disney World again soon and wanted to get more information on the (magic bands) which contain RFID chips and link to your account. I wanted to see if anyone has a technical breakdown of these magic bands. Always wondering if they stored credit card info, and wanted to do some research. I will be updating this post with more about the magic bands themselves and some cool ones which I plan on buying to use! (Note: I would never try any methods in the park)

12332866133_228e0bddb9_c

IMG FROM: http://www.nova-labs.org/blog/2014/02/16/dissecting-walt-disney-worlds-rfid-bracelet/

The nRF24LE1 is a highly integrated ultra low power 2.4GHz RF System-on-Chip (SoC) for 2.4GHz ISM (Industrial, Scientific and Medical) band operation. It includes a 2.4GHz RF transceiver core, an 8-bit CPU, and embedded Flash memory. By offering a peak RX/TX current lower than 14mA, a sub-μA power down mode, advanced power management, and 1.9 to 3.6V supply range, the nRF24LE1 provides a true ultra low power solution that enables months to years of battery lifetime when running from regular coin cells or AA/AAA batteries. Finally, a rich set of on-chip analog and digital peripherals makes the nRF24LE1 a flexible, single chip solution for a wide range of applications including PC peripherals, game controllers, remote controls, sports/fitness/healthcare sensors, and toys. (these are useful for Disney parks to allow customers to use them year after year)

Magic Band Myths from:
http://www.themainstreetmouse.com/2015/02/09/tmsm-mythbusters-magicband-hacking-and-activation/

 

Credit Card Theft From Your MagicBand

One of the great urban myths regarding MagicBands is if you are using your MagicBand for room charge your credit card information could get stolen. The fact of the matter is this just isn’t true,
Before I go into WHY this isn’t true let me explain WHY I know this to be. Now what many of you don’t know is TMSM is one of the few Disney fansites to have a Cyber Security Expert on staff. In fact we may be the only one that does.  But here at TMSM we have Drew, grand high cyber security guru, and being married to him I have the pleasure of tagging along to cyber security conferences like DefCon, Bsides and Schmoocon.  What this means is I can carry on a conversation regarding RFID and the security of MagicBands and have a guys with two masters and a bucket full of certifications in the field to correct me when I mess up.
Now let’s get into WHY this is a myth. Every MagicBand has an ID number printed inside it. This is the number you enter into My Disney Experience when you buy a SE/LE Band to connect the band to your account. The number identifies the MagicBand. The MagicBand itself is a RFID tag, all this means in layman’s terms is that inside your MagicBand is a chip that has no personal data stored, all it does is send and receive RFID signals using short and long range antennas that say this band is number 3401-3312-90XX, aka this is Aut. When that signal is received by a FP+ or park entry turnstile, taps a charge sensor, or even gets scanner by a MemoryMaker CM the systems scanning say HEY look it’s Aut! Aut is allowed to charge to her room, she is on this dining plan, she has this many credits, this ticket type, a FP+ at this time etc.

making-the-band-028Now I hear you saying but if my credit card info isn’t ON my band where IS it? Well because MagicBands don’t have hard drives to store data on them the answer to this is super simple, it is on a secure server. When you told Disney they could store it and that you wanted to use room charge MDE was told you had approval to use room charge. Every time you scan your band and enter your pin the MDE system stores the receipt information. Then at the end of your trip or when you hit your pre-approved limit which ever happens first, MDE tells that separate secure server the amount to charge to your card, and the secure system contacts your credit card account to run the charge.
So yes, while RFID systems CAN be skimmed even if someone was to skim your MagicBand they wouldn’t get any personal information WORTH stealing because your band doesn’t hold data.  Making this Disney Myth Busted!

MagicBands Need Activated
Oh wow we have people ask us about “activating” their MagicBand all the time. Once again this is a Disney Myth that people just can’t step away from. To go back to the quick version of our first myth MagicBands are merely an RFID chip that tell Disney systems who you are.
Currently Walt Disney World requires guests to physically check into their hotel before using tickets attached to their account, use room charge etc. This I personally believe is just a part of the MDE swap over. The bands that guests arrive with are rarely touched by Cast Members at check in. In fact I carry a zip lock bag full of MagicBands and bounce between them on trips.
This myth seems to have stemmed from people who have had issues with their MDE account. Instead of properly explaining that perhaps Park Guest Minnie didn’t properly link the 6 people in her family she felt the need to create MDE accounts for even though they were all on her resort reservation or that the system was acting glitchy CMs have allegedly* told guests the issue was their band. Here is the thing. Unless the RFID chip IN the band is bad the issue is not the hardware but the software or more times that not a PEBKAC error. Once a CM resolves the issues with the software, account linking etc everything works right because the permissions are fixed in the software. In the rare instances of the band actually being bad CMs issue guests a new band and link those to the guest’s MDE account.
So knowing this basic technology information, as well as knowing the resorts are actively testing a system that allows guests to bypass resort check in all together as long as they completely fill out their online check-in information and provide a cell phone number so that the resort can text the guest’s room number to them, we can in fact say this Disney myth is busted!

Leave a Reply