Proxmark3 community

aqua

Contributor

Registered: 2019-10-25

Posts: 2

Simulate an encrypted ULEV1 card with my Phone

Pretty new here. I'm trying to simulate my room card, which is mifare ultralight ev1 (48byte). After reading some posts (especially this one http://www.proxmark.org/forum/viewtopic.php?id=2392), I guess the steps are as follows:

1. Sniff the communication between my card and my door, and get the key by searching "1b" command.
2. Dump the content with this key.
3. Write the decrypted content into a new card.
4. Simulate this new card with my phone.

My questions:
(a) Has anyone successfully simulated an ultralight ev1 card with your phone? If so, which model is your phone?
(b) My phone is huawei mate 20 pro. It can simulate the encrypted card, but cannot open my door. I guess the reason comes from the encryption. The UID should have been encrypted.
(c) In step 3, which new card can I choose? Are NTAG 213/215/216 OK? If so, why can they communicate with my door correctly? What are differences between 213/215/216? I also find that there are writeable ulev1 cards in Chinese online market (https://www.aliexpress.com/), but I doubt whether they really work.
(d) In step 3, is it true that I can write the new card without password parameter, and if so then the UID will not be encrypted?

I know that if I have a proxmark3 then some of questions may be solved by myself, but I want to buy it after I think I can successfully simulate my card with high probability.

Thanks!

My card info (reading by TagInfo app in Android):

From the information above I guess the UID is encrypted but the body information is not. The body information may record the valid time that I can open my door, but as long as I prefectly copy the information, I think there can be no error.

Last edited by aqua (2019-10-31 11:13:06)

Json50

Contributor

Registered: 2018-08-30

Posts: 21

Re: Simulate an encrypted ULEV1 card with my Phone

True and effective