Desfire uid magic card?

iceman · 2014-10-18 10:11:40

I wonder, will there ever be a Mifare Desfire uid magic card ?
Are there any chinese cardpeople working on it? Or is it not possible to make?

app_o1 · 2015-01-27 13:11:55

I don't know anything about mifare Desfire.
Is it possible to emulate a Mifare DESfire EV1 uid?
(meaning that any system working only with the UID instead of a private ID is unsecured)

iceman · 2015-01-27 13:58:04

Sure, why not? it responses to the basic Iso14443a commands. When you want to read/write a block then you will need to make a Auth which uses (des/3des/aes) There is also a uncrypted mode for transfer. The usual "hf 14a sim" should be able to fake a desfire straight off if you change the SAK/ATAQ in the code based on a UID only system.

app_o1 · 2015-01-30 06:41:16

iceman wrote:

I wonder, will there ever be a Mifare Desfire uid magic card ?
Are there any chinese cardpeople working on it? Or is it not possible to make?

It is possible. But they will not work on that unless there is an order for 1000 pieces waiting...
They did the Ultralight and Ultralight C UID. So I am guessing it will be the same price for the DESfire*1000.

Last edited by app_o1 (2015-04-15 07:55:29)

thefkboss · 2015-01-30 09:32:29

Where i can buy ultralight c?
And ultralight ev1 do yo know???
I have some ultralight ev1

iceman · 2015-01-30 10:29:17

@app_01, do you want to share your contact who might do such a thing in China?

@thefkboss, Mifare Ultralight ev1?? Never heard of it, I've seen Mifare Desfire Ev1 tags like the London oystercard.

thefkboss · 2015-01-30 13:40:11

mifare ultralight ev1 was after ultralight and before ultrlagiht C
they have password protecction and try error counter
if you want one, write me a email and i will send you

thefkboss · 2015-01-30 13:41:15

http://www.nxp.com/documents/data_sheet/MF0ULX1.pdf
http://www.nxp.com/documents/application_note/AN11340.pdf

iceman · 2015-01-30 13:47:56

Cool, th UL ev1 looks kind of like the UL/UL-C with the first blocks. It's in the configurationsblocks and its 32bits password and lack of crypto that differes.

thefkboss · 2015-01-30 13:49:56

the password is in clear text so you can sniff.
the same for you iceman if you want one send me an email and i will send you one

iceman · 2015-01-30 13:57:05

When it comes to UL-C, I found some tags on taobao which claimed to be magic. ie uid changeable. I can change the uid on them, hav'nt tried the password mode on them.

Didn't you look into the Desfire?

app_o1 · 2015-01-31 04:33:01

@thefkboss I know where to find Ultralight C UID but no idea about the EV1.

@iceman & @thefkboss You can contact me on ICQ.
Please leave your id or icq number or email here.
or find my icq number here :

https://ghostbin.com/paste/ 6 v z b o x s n
password : */%$^1254Od__)(

Last edited by app_o1 (2015-01-31 13:36:59)

beben · 2015-03-31 10:49:45

Bumping!

I'm also interested in the matter, anyone ever got their hands on a Chinese Desfire in the end?

Cheers!

iceman · 2015-03-31 11:03:27

If you are looking for a magic-desfire, its not available. App_o1 hinted that the person who made the magic Ultralight-c could make a magic-desfire but the smallest amount need was like 1000pieces, 10€ each, Since it was so much money involved I need asked for a price offer. You might be able to negotiate the price down a bit.
but still, I don't need 1000 pieces

beben · 2015-04-03 15:56:06

Ok, that's a bit more than what I can currently afford, nevermind then!

Thanks

iceman · 2015-04-03 16:36:18

i know, for me too . but getting the first magic desfire tags on the market would be cool

app_o1 · 2015-04-04 03:56:48

Let's organize a group buy.
I am sure he will start developing it if we ask him 300 pcs.

holiman · 2015-04-04 09:05:22

I'd be interested, perhaps 100€ worth of tags

app_o1 · 2015-04-04 12:27:23

Same for me.

iceman · 2015-04-05 12:01:23

if he still has a price of 10€ / piece then it will take some time to make a groupbuy.
It all comes down to how much he wants for the job and the price / piece afterwards. Can you talk to him App_o1? (i never downloaded that app needed)

app_o1 · 2015-04-05 13:34:32

Okay, I will discuss it with him.

asper · 2015-04-05 20:59:59

I will buy some units; anyway I will prefere an ISO15693 changeable uid tag

iceman · 2015-04-05 21:02:03

App_o1, can you ask about the ISO15693 magic tags aswell? How much it would be?

thefkboss · 2015-04-05 21:36:59

And why not a javacard contact //contactless with atr changeable.
Because everybody could developped his applet 14443/15693 or contact

beben · 2015-04-07 11:27:42

I'm not sure if it would help a lot, but you can put me down for 2-3 tags (I can spare around 25€, so maybe that would be 2 tags + transport) if the group thing is a go!

app_o1 · 2015-04-13 15:26:29

How many ISO15693 changeable uid would you guys need?
Same question for the Javacard.

iceman · 2015-04-13 15:52:17

Depends on the price
But 10pieces?

asper · 2015-04-13 18:50:55

I am with iceman.

app_o1 · 2015-04-15 04:14:58

It looks like we can get the Javacard and ISO15693!
No price or MOQ yet...

iceman · 2015-04-15 07:34:39

Nicely done, app_o1!

app_o1 · 2015-04-15 12:04:33

ISO15693 is already "coming"!

Javacard with atr changeable might require to order 100 pieces @15$/piece.
I could buy a hundred and set up an ebay store to sell them. But I don't think I will be able to sell all of them in order to get my investment back... What do you guys think?

iceman · 2015-04-15 13:36:16

just a question, but what / when is a javacard used? 15$ = 14€... If you don't have an obvious application I think that will be hard to sell for that priece.

thefkboss · 2015-04-15 13:37:23

Some question about 15693.
Propietary commands like password or auth challenge??
Because every 15963 have some propietary commands.
What is going to be the list of commands that the card will support?

app_o1 · 2015-04-16 03:26:13

thefkboss wrote:

Some question about 15693.
Propietary commands like password or auth challenge??
Because every 15963 have some propietary commands.
What is going to be the list of commands that the card will support?

"no, just like icode2"

Last edited by app_o1 (2015-04-16 07:08:34)

asper · 2015-04-16 07:50:54

Icode2 is a generic definitio; it would be good to know the exact command set supported.

Sixkay · 2015-04-17 16:19:03

Im also interested in buying one of the iso 15693 uid changeable cards

J-Run · 2015-04-19 04:03:39

I am interested in 15693 magic cards to paly with too. Under the buying conditions as Holiman.

app_o1 · 2015-04-25 15:34:47

I haven't got any more information about the 15693.
But anyway, it will be out soon (without any investment from us). So I will be able to test it myself and answer your questions.

iceman · 2015-04-25 17:40:55

If you can give me a heads-up when it will be released on the mail or icq, I would appreciate it.

app_o1 · 2015-04-27 14:14:26

Javacard, ready soon!
15693, almost ready. However, it might have to be ordered with a specific UID and might required a MOQ...
More info soon.

iceman · 2015-04-27 15:24:18

Doesn't sound like a magic one if you need to order it with a specific UID.

But interesting news!

app_o1 · 2015-04-28 04:44:40

Yes, that is not what we want...
It is only going to be magic for the seller's wallet.

The cards may have their serial number fixed at the factory.

iceman · 2015-04-28 09:47:35

Is this the first empty javacards and iso15693 tags that is on the market!?
I don't seen the use now, please enlighten me

thefkboss · 2015-04-28 10:26:22

Bank cards are javacards (emv,maestro....) you upload the applet and the card could be...any card (ISO 14443) but there is a problem the atr, you can't change it.
The readers detect atr if you could change atr you could make emv emulation, desfire emulation, atmel emulation....

app_o1 · 2015-05-11 08:40:46

Javacards are now under testing.

iceman · 2015-05-11 08:43:57

Do you have gotten your hands on one?

app_o1 · 2015-05-11 11:30:50

iceman wrote:

Do you have gotten your hands on one?

Not yet.
I guess within a few days I will have a few samples sitting on my desk.
Let me know if you want one or more. Otherwise, I can do whatever you want me to do with them.

app_o1 · 2015-05-27 10:20:33

Anyone interested in the ISO15693 UID changeable?
It's ready. But MOQ is 50 pcs. Price per each is +/- 17$, 14EUR

iceman · 2015-05-27 10:35:35

Great!

interested in 2-3 pieces

asper · 2015-05-27 10:43:26

2-3 pieces for me too !
I would also like to know which command set will be available (password command ? other commands?); a simple ISO15693 card without some feature will be a total waste of time/money (EM and NXP proprietary commands will be the most appreciated!).

Here is a brief commands sum up:

MANDATORY COMMANDS (all ISO15693 tags must support those)
01 = Inventory (usage: 260100+2bytes ISO15693-CRC - answer: 12bytes)
02 = Stay Quiet

OPTIONAL COMMANDS (not all tags support them)
20 = Read Block (usage: 0220+1byte block number+2bytes ISO15693-CRC - answer: 4bytes)
21 = Write Block (usage: 0221+1byte block number+4bytes data+2bytes ISO15693-CRC - answer: 4bytes)
22 = Lock Block
23 = Read Multiple Blocks (usage: 0223+1byte 1st block to read+1byte last block to read+2bytes ISO15693-CRC)
24 = Write Multiple Blocks (?up to 2 blocks max?)
25 = Select
26 = Reset to Ready
27 = Write AFI
28 = Lock AFI
29 = Write DSFID
2A = Lock DSFID
2B = Get_System_Info (usage: 022B+2bytes ISO15693-CRC - answer: 14 or more bytes)
2C = Read Multiple Block Security Status (usage: 022C+1byte 1st block security to read+1byte last block security to read+2bytes ISO15693-CRC)

EM Microelectronic CUSTOM COMMANDS
A2 = Set EAS
A3 = Reset EAS
A4 = Lock EAS
A5 = Active EAS
A6 = Protect EAS
A7 = Write EAS ID
A8 = Write EAS Cfg
B4 = Write Password
B6 = Protect Memory Page
B8 = Get Protection Status for a specific block
B9 = Destroy
BA = Enable Privacy
BB = Disable Privacy
BC = Enable Low Security
C3 = Fast Read Multiple Blocks
E4 = Login

NXP/Philips CUSTOM COMMANDS
A0 = Inventory Read
A1 = Fast Inventory Read
A2 = Set EAS
A3 = Reset EAS
A4 = Lock EAS
A5 = EAS Alarm
A6 = Password Protect EAS/AFI
A7 = Write EAS ID
A8 = Read EPC
B0 = Inventory Page Read
B1 = Fast Inventory Page Read
B2 = Get Random Number
B3 = Set Password
B4 = Write Password
B5 = Lock Password
B6 = Bit Password Protection
B7 = Lock Page Protection Condition
B8 = Get Multiple Block Protection Status
B9 = Destroy SLI
BA = Enable Privacy
BB = 64bit Password Protection
40 = Long Range CMD (Standard ISO/TR7003:1990)

Texas Instruments CUSTOM COMMANDS
A2 = Write 2 Blocks
A3 = Lock 2 Blocks
A4 = Kill
A5 = Write Single Block Password

ST Microelectronics
B1 = Write-sector Password
B2 = Lock-sector Password
B3 = Present-sector Password
C0 = Fast Read Single Block
C1 = Fast Inventory Initiated
C2 = Fast Initiate
C3 = Fast Read Multiple Block
D1 = Inventory Initiated
D2 = Initiate

Fujitsu
A0 = Read EAS
A1 = Write EAS
A6 = Kill
B1 = Fast Inventory
C3 = Fast Read Multiple Blocks
C4 = Fast Write Multiple Blocks

Last edited by asper (2015-05-27 10:49:04)

Proxmark3 community

Announcement

#1 2014-10-18 10:11:40

Desfire uid magic card?

#2 2015-01-27 13:11:55

Re: Desfire uid magic card?

#3 2015-01-27 13:58:04

Re: Desfire uid magic card?

#4 2015-01-30 06:41:16

Re: Desfire uid magic card?

#5 2015-01-30 09:32:29

Re: Desfire uid magic card?

#6 2015-01-30 10:29:17

Re: Desfire uid magic card?

#7 2015-01-30 13:40:11

Re: Desfire uid magic card?

#8 2015-01-30 13:41:15

Re: Desfire uid magic card?

#9 2015-01-30 13:47:56

Re: Desfire uid magic card?

#10 2015-01-30 13:49:56

Re: Desfire uid magic card?

#11 2015-01-30 13:57:05

Re: Desfire uid magic card?

#12 2015-01-31 04:33:01

Re: Desfire uid magic card?

#13 2015-03-31 10:49:45

Re: Desfire uid magic card?

#14 2015-03-31 11:03:27

Re: Desfire uid magic card?

#15 2015-04-03 15:56:06

Re: Desfire uid magic card?

#16 2015-04-03 16:36:18

Re: Desfire uid magic card?

#17 2015-04-04 03:56:48

Re: Desfire uid magic card?

#18 2015-04-04 09:05:22

Re: Desfire uid magic card?

#19 2015-04-04 12:27:23

Re: Desfire uid magic card?

#20 2015-04-05 12:01:23

Re: Desfire uid magic card?

#21 2015-04-05 13:34:32

Re: Desfire uid magic card?

#22 2015-04-05 20:59:59

Re: Desfire uid magic card?

#23 2015-04-05 21:02:03

Re: Desfire uid magic card?

#24 2015-04-05 21:36:59

Re: Desfire uid magic card?

#25 2015-04-07 11:27:42

Re: Desfire uid magic card?

#26 2015-04-13 15:26:29

Re: Desfire uid magic card?

#27 2015-04-13 15:52:17

Re: Desfire uid magic card?

#28 2015-04-13 18:50:55

Re: Desfire uid magic card?

#29 2015-04-15 04:14:58

Re: Desfire uid magic card?

#30 2015-04-15 07:34:39

Re: Desfire uid magic card?

#31 2015-04-15 12:04:33

Re: Desfire uid magic card?

#32 2015-04-15 13:36:16

Re: Desfire uid magic card?

#33 2015-04-15 13:37:23

Re: Desfire uid magic card?

#34 2015-04-16 03:26:13

Re: Desfire uid magic card?

#35 2015-04-16 07:50:54

Re: Desfire uid magic card?

#36 2015-04-17 16:19:03

Re: Desfire uid magic card?

#37 2015-04-19 04:03:39

Re: Desfire uid magic card?

#38 2015-04-25 15:34:47

Re: Desfire uid magic card?

#39 2015-04-25 17:40:55

Re: Desfire uid magic card?