Your comments on the most likely one time programmable ROM are exactly what I was thinking but didn't take the time to write with the clarity you did. We are on exactly the same page there. My train of thought was that if it was possible to patch the boards using only software that would be an awfully nice gesture to the hotel managers to send a technician out for a day and just fix everything at once [although, if you have to rip the lock apart to pull the board to reprogram it, you might as well just drop a new boad in]. My background is in board level manufacturing so the whole special test fixtures to interface and board probing was the easy part to me - solving the problem of hacking a jump instruction to jump to unused memory and then patching the problem there, then jumping back seemed like a really elegant and fun problem to work on.
I didn't look at the exploit in detail, but as daeken reminded us there are problems with more than just the program in the door lock - so even if a patch to the ROM chip could fix the problem, it probably doesn't fix all the problem so it isn't a real solution.
You are right, everything else 1-3 are really just obscurity solutions and not real solutions - thanks for calling me out on that.
I didn't look at the exploit in detail, but as daeken reminded us there are problems with more than just the program in the door lock - so even if a patch to the ROM chip could fix the problem, it probably doesn't fix all the problem so it isn't a real solution.
You are right, everything else 1-3 are really just obscurity solutions and not real solutions - thanks for calling me out on that.