Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Hello Proxmark community!
I have a RFID school badge, that can't be read by any reader, except for the one at school, so I think it has some sort of protection. Nevermind, I asked the school technician to see the logs of the "badge totem" (a branded windows pc with the reader). I went to the directory of the program used to authenticate students' presence, I opened the log file (that isn't even encrypted... ahh, Italy...), went to the string with my name and copied the hexadecimal string near "badge".
It is the following: 31C58E05080012E0 (so, 16 digits)
But then, seeing videos and posts, I found out that a "UID" is made of 8 digits.
Then I saw other videos that count the first 8 digits (so, 31C58E05) as the "UID".
So I thought "ohh, so, the first 8 digits are the UID, and the whole 16 digits are the Block 0!"
Nope, because I saw other videos with the Block 0 being a 32 digits stuff.
I ordered UID changeable tags and they'll arrive monday.
I tried to type the 16 digits manually in the badge program and press enter and it actually authenticated me, so I think the school RFID reader is programmed to read the first 16 digits of the card. So I assume the other 16 of the Block 0 are actually "useless" ("ignored" by the reader).
So, when changing the Block 0 of the tag, do I need to copy the 16 digits I have (31C58E05080012E0) and then "complete" the other 16 remaining with no-sense digits?
Like 31C58E05080012E01234567891234567
???
Thanks to everyone who'll help me, and sorry for my bad english!
Last edited by obrobrio2000 (2018-02-15 21:25:30)
Offline
what you have there is a inside secure chip possibly a picopass chip
(the E0 12 gives away the chip mfg)
and the entire number is the UID for this chip.
Offline
what you have there is a inside secure chip possibly a picopass chip
In fact the only info I found on the school badge producer website is "Mifare / Inside", but I couldn't find out what did it mean. What do I have to do?
Offline
if it is a picopass chip and just the uid is used then a pm3 can emulate it and read the card. i do not know of any uid changeable picopass chips.
if, however the chip is password protected and that info is verified before the uid is sent to the access control software, you likely are out of luck...
Offline
if it is a picopass chip and just the uid is used then a pm3 can emulate it and read the card. i do not know of any uid changeable picopass chips.
if, however the chip is password protected and that info is verified before the uid is sent to the access control software, you likely are out of luck...
The badge totem recognizes my phone nfc, but obviously says "Unknown badge" because it actually isn't a badge. That's a RFID reader with keyboard emulation I read on their website documentation, in fact when you pass it it quickly writes the 16 digit thing and automatically and enters. If I do it with my phone, it writes and enters the phone's UID and doesn't authenticate anything (but still recognizes it).
My goal was to emulate the entire 16 digit string with my phone nfc, making the badges useless (because every student has a smartphone with nfc nowadays), but I couldn't find any app that could emulate the entire 16 digits (just one that emulates the 8 digit UID). So I wanted to try with those tags I ordered, because as I said before the school reader appears to read every NFC/RFID tag (and phone), not only the school badge.
Offline
i'm not familiar with an 8 byte uid configurable card in the iso 14443a (mifare) space. maybe a iso15693 card... (iceman???)
but an nfc app could likely be built to handle it.
and certainly the pm3 could do it with the existing firmware.
Offline
14A - 4,7,10 uid bytes
iclass / 15693 - 8 uid bytes
I have not seen a magic 14b / 15 / iClass tag yet... but I know the R&D is underway. Delivery date or price is not something I don't know of. Not many ppl seem to be interested so, maybe the new magic cards can't exists since there is no market for them.
Offline
14A - 4,7,10 uid bytes
iclass / 15693 - 8 uid bytesI have not seen a magic 14b / 15 / iClass tag yet... but I know the R&D is underway. Delivery date or price is not something I don't know of. Not many ppl seem to be interested so, maybe the new magic cards can't exists since there is no market for them.
So those tags I bought will be useless...
But I searched this "iClass" and I found out that is done by "HID" and is not related to "Mifare" (right?). On the badge and reader producer website, on various pages and documentations in pdf they always claim the badge and the reader are "Mifare". I also contacted them days ago but they don't want to release any information (probably to avoid things like what I want to do lol).
Here's one of the pages on their website, there are three "totems" listed, we have the first one. The page is in italian but just skip to the voice "Lettore badge RFID Inside Mifare".
https://web.spaggiari.eu/sdf/app/default/soluzioni.php
Offline
well.. first you need to know what type it is.
Use your phone nfc and an app called NXP taginfo on your card. Then you know that type of card.
From there, you should know what can be done with that kind of card. Then you go and buy empty/magic cards..
Offline
meanwhile you can read the section iClass, and about picopasses
Offline
well.. first you need to know what type it is.
Use your phone nfc and an app called NXP taginfo on your card. Then you know that type of card.
From there, you should know what can be done with that kind of card. Then you go and buy empty/magic cards..
My S8+ doesn't support Mifare Classic, but my S5 does. I tried to detect the badge with other apps (not the one you mentioned) and it doesn't detect anything. I'll try with the app you mentioned and I'll let you know here!
Also, weeks ago I tried to install a software named "Read a card" in the school totem (that is a Windows PC) but it doesn't detect anything, even the reader (that I found out is connected via COM and not via USB).
meanwhile you can read the section iClass, and about picopasses
Yes I'll for sure, I'll learn more! Thank you!
Last edited by obrobrio2000 (2018-02-15 23:01:59)
Offline
i don't believe inside secure makes a mifare compatible tag. the tag you have is definitely an inside secure made tag and likely a picopass. (not readable by any nfc phone afaik).
Offline
well.. first you need to know what type it is.
Use your phone nfc and an app called NXP taginfo on your card. Then you know that type of card.
From there, you should know what can be done with that kind of card. Then you go and buy empty/magic cards..
i don't believe inside secure makes a mifare compatible tag. the tag you have is definitely an inside secure made tag and likely a picopass. (not readable by any nfc phone afaik).
The NXP TagInfo app doesn't detect the badge, even with "full scan" and "read all Mifare cards" options enabled in app's settings. Picopass confirmed?
Last edited by obrobrio2000 (2018-02-15 23:02:49)
Offline
try finding a app which can scan for ISO14443-b and ISO15693 tags.
Offline
try finding a app which can scan for ISO14443-b and ISO15693 tags.
Already tried with two 14443-b and 15693 capable apps (Nfc-V reader and RFID Tags). But I don't know if it is because of the card or because the phone's chip is incompatible (tried both with S8+ and S5).
Last edited by obrobrio2000 (2018-02-15 23:45:43)
Offline
I was thinking, is it possible to edit/configure a normal nfc tag to automatically type/input the 8 byte code and automatically press enter (since the code can be manually entered in the badge program by keyboard)? So it will fail the first time when it inputs the UID, but then it reads the data that says to input the digits and it should go (?)
Last edited by obrobrio2000 (2018-02-15 23:56:15)
Offline
Well, no. it doesn't work like that. There is more to NFC/RFID tech.
You have some serious reading up to do.
Until then, good luck!
Offline
Well, no. it doesn't work like that. There is more to NFC/RFID tech.
You have some serious reading up to do.Until then, good luck!
Yes, I need to learn a lot of things, I'll read all the forum sections! Thank you again for spending your time helping me (and thanks also to marshmellow). I'll let you know here if there are any updates!
Offline
I found UID changeable ISO15693 / ICODE stickers, but they're like 50$ for 50 pieces as mininum order. I'll try with the tags I already ordered, and if they'll not work then I'll save money for those 15693 ones. If they'll not work, well, at least I tried lol
Last edited by obrobrio2000 (2018-02-16 09:47:08)
Offline
cool, do you have a link to the ad selling those?
Offline
cool, do you have a link to the ad selling those?
Yes: http://s.aliexpress.com/RRFRNrQV
What do you think?
Offline
No idea actually. Expensive but if they work its good. Still, you don't know if your tag is ICODE--SLI--SLIX--SLI-S...
but for experiments its always interesting to hear how they work.
Offline
No idea actually. Expensive but if they work its good. Still, you don't know if your tag is ICODE--SLI--SLIX--SLI-S...
but for experiments its always interesting to hear how they work.
UPDATE: I always contact sellers before buying something. I contacted the seller of the stickers posted before and he said they're not UID-changeable. Then he changed the name of the item, removing "UID-changeable". I haven't bought anything from that seller, but I think reliability is the first thing a seller must have. I don't recommend him/her.
Last edited by obrobrio2000 (2018-02-20 09:29:40)
Offline
yeah, plenty of wish-ware on ebay, taobao, alibaba stores.
Together with google translate, it usually leads to disappointing buyer experiences.
There is a trade section here on the forum, where you can read up on webshops.
to this day I have not seen a magic ISO 15693 tag. but the R&D for it is underway.
Offline
Hello everybody!
Sorry for trying to revive a dead topic but I have the exact same problem (and probably the same provider) as OP: I have this badge (a PicoPass2k, don't really know if it's by HID or not) and I would like to find and clone its UID. At first I tried the same thing as OP (finding the UID from the badge reader and smash it on a Mifare Magic tag) but, as for him, I had no success since the Picopass UID is, appearently, longer than the Mifare UID. I found a """"""datasheet"""""" (or so they call it, even if it barely says anything) of the reader and I can confirm that it's a simple keyboard emulator. I tried reading it with the leaked iClass key but I had no success. What do you suggest?
Offline