The paper analyzes significant vulnerabilities in several NFC technologies, including MIFARE Ultralight C, MIFARE Ultralight AES, NTAG 223 DNA, and NTAG 224 DNA. One major finding is that attackers can exploit partial key overwrites and relay-based man-in-the-middle techniques to drastically reduce the keyspace of two-key Triple DES (2TDEA) from 2112 to as low as 228. This makes brute-force key recovery feasible with relatively modest hardware. The authors highlight that MIFARE Ultralight AES is also vulnerable, particularly when CMAC integrity checks are not enforced, and that NTAG 223/224 DNA lacks adequate protection, allowing key recovery through unauthenticated ciphertext oracles. Affected products include genuine NXP chips and non-NXP compatible cards. The research reveals that for genuine NXP Ultralight C, full key recovery is possible in days to weeks if multiple tags share the same static key. In contrast, non-NXP cards can be compromised in under a minute due to flawed random number generators and missing anti-tearing mechanisms. The study also emphasizes that many real-world deployments fail to implement proper security configurations, such as key diversification and memory locking, increasing the risk of attacks. The authors provide practical recommendations for organizations using these technologies, like auditing their key management practices and ensuring proper configuration of lock bytes. They also found that 34% of cards in hospitality systems were non-genuine NXP products, further highlighting the vulnerabilities in supply chains. While the vulnerabilities primarily affect MIFARE Ultralight systems, the paper reassures that MIFARE DESFire systems remain secure, as they offer better encryption and integrity protections.