Playing with my mifare card

o0o0o0o · 2012-01-25 14:06:50

Hi community,

I am playing around with my proxmark and some mifare 1k cards.

I used command : hf mf mifare - with success.
Result : "Key found a0a1a2a3a4a5"

Then I tried the command : hf mf nested 1 0 a a0a1a2a3a4a5
Result :

hf mf rdbl
hf mf rdsc
Also work fine.

But then, what am I supposed to do if I want to copy this card to another ?
Read all blocks one by one + write all sectors one by one ---and then--> Write all blocks one by one + write all sectors one by one to the new card ?
It will take me hours !

Two other questions, how to interrupt a command without closing the application ?
And how to copy the text from the application (screenshots are cool but not very convenient.)

Thank you !

0xFFFF · 2012-01-26 05:23:45

Hi o0o0o0o,

What about hf mf dump1k and hf mf restore1k? Don't they do what you require?

What command(s) do you want to interrupt and why?

To copy text in Linux usually all you need to do is select the text and press [CTRL] + [SHIFT] + [C]. This will vary from distro to distro.
To copy text in Windows, press [ALT] + [Space] followed by [e] then [k]. Select your text using the mouse and press [Enter] to save the selection to the clipboard.

Regards,

-0xFFFF

o0o0o0o · 2012-01-26 07:14:56

0xFFFF thank you for your reply.

hf mf dump1k doest not work

proxmark3> hf mf dump1k
Could not find file keys.bin
proxmark3> hf mf restore1k
Could not find file dump.bin

Edit : Probably something wrong my Firmware/Proxspace/driver.
I am going to make a fresh installation of everything. And I'll you know

Last edited by o0o0o0o (2012-01-26 07:20:59)

o0o0o0o · 2012-01-26 08:41:40

I started everything from scratch. With firmware from winter release 412

proxmark3> hw version
#db# Prox/RFID mark3 RFID instrument
#db# bootrom: svn 412 2010-02-28 10:50:51
#db# os: svn 412 2010-02-28 10:50:53
#db# FPGA image built on 2009/12/ 8 at 8: 3:54

However, the proxmark3.exe included in the r412 just gives : proxmark3>_
and nothing happens.

If I use the proxmark3.exe that I was using before (from http://www.proxmark.org/files/index.php?dir=Uploads%2F&download=PM3_T55x7_v2.zip), the PM3 is recognized.

Connected units:
1. SN: ? [bus-0/\\.\libusb0-0001--0x9ac4-0x4b8f]

But the hf mf dump1k is not working

Last edited by o0o0o0o (2012-01-26 08:49:33)

altmatom · 2012-01-26 10:19:56

Hi,
I'm not sure but I think that your problem could be solved by using hf mf nested command with -t parameter. Did you try this? I found some help on hf mf commands here: http://code.google.com/p/proxmark3/wiki/MifareHOWTO . Anyway,I would use newer revision from the repository because r412 is old, there could be some bugs or other problems..

o0o0o0o · 2012-01-27 11:59:40

Where can I find recent revision ?
The last one available in the google/proxmark3/downloads/list is the one from the Winter Release. Same for proxmark.org/files/.

Last edited by o0o0o0o (2012-01-27 12:05:53)

kra · 2012-01-27 19:41:54

http://www.proxmark.org/files/index.php?dir=Uploads%2F&download=PM3_T55x7_v2.zip

This it a the latest windows binaries (r499)

But if you need a last version, read the manual
http://code.google.com/p/proxmark3/downloads/list

There is the links in the manual to download what you need.

I have the same problem with you, It's not work the comand hf mf dump1k, I can't compile right and I sick of that :@

If you solved the problem tell please and good luck

o0o0o0o · 2012-01-28 13:56:06

I believe that it is because of Windows 7 x86 or x64 (?)
Sometimes, when flashing (by pressing the PM3 button and then plug in to the USB port... Windows 7 doesn't recognize the PM3 as libusb-win32 devices > ProxMark-3 RFID Instrument.
In this case I have to instal the driver again before flashing (while pressing the button)

Edit : I used merlok instructions from http://www.proxmark.org/forum/viewtopic.php?id=833
But still same problem.

Last edited by o0o0o0o (2012-04-06 08:30:40)

kra · 2012-02-11 02:02:48

already have the latest version?

o0o0o0o · 2012-02-11 06:11:26

Please see Mifare read/write via crypto1 for update on this problem as it probably comes from a bad compilation of sources...

Last edited by o0o0o0o (2012-02-11 06:11:49)

kra · 2012-02-11 19:46:27

I have the same problem !! I was reading about it and i find some problem in the system enviroment where is developement the compiling, to be perfect not have get any warnings o error, maybe is for win7 o the perls crash i don't know.

BTW in the comand hf mf dump1k get "Could not find file keys.bin" *.bin is a image file that makes NERO, the program to burns CD, which makes me very rare .....

But reading more its possible convert hex to .bin and is the possible cause to proxmark.exe is not detect it.

other thing you serve the command hf mf wrbl ?

YoungJules · 2012-02-12 00:05:45

.bin is used by programs other than Nero. It generally means that the file is a binary file, not just containing text.

I expect the trick is to save the Mifare keys in binary form into a file, but unless we know what format the program is expecting, it's going to be very tricky

I've copied Mifare classic cards using libnfc and an SCL3711 reader/writer but I haven't gotten around to doing the same with the proxmark yet. The Mifare source card is dumped to a .mfd file (which is another binary file) and the .mfd file is written to the target Mifare card.

Note that in general terms, it's not possible to create a perfect clone of a Mifare card as the first block is write-locked.

kra · 2012-02-19 06:53:42

I have a reader ACR122u and just downloaded the files libnfc
Buy I don't know generate .mfd file

How you build it ?
(If you know also in proxmark, please)

kra · 2012-02-20 05:59:36

o0o0o0o wrote:

0xFFFF thank you for your reply.
hf mf dump1k doest not work
proxmark3> hf mf dump1k
Could not find file keys.bin
proxmark3> hf mf restore1k
Could not find file dump.bin
Edit : Probably something wrong my Firmware/Proxspace/driver.
I am going to make a fresh installation of everything. And I'll you know

o0o0o0o I solved it already was too dumb or was suddenly so upset with this device that worked.
To get the file. Bin you have to run nested mf hf

sample1: hf mf nested 1 0 A FFFFFFFFFFFF d

d - write keys to binary file

this action generate the famous dumpkeys.bin to open it you have to have a hex editor

after that now you can use hf mf dump1k

YoungJules · 2012-02-21 19:21:08

With ACR122u and libnfc you can use mfoc to dump the Mifare card to a .mfd

I had some fun and games getting the right version of mfoc to work with the right version of libnfc. Give me a shout if you have trouble.

The .mfd file is just a binary dump of the content of the card. I'm working on a mod to my program to allow it to read/save dumps in text format too (e.g. .eml from the proxmark).

Kind regards,
YoungJules

YoungJules · 2012-02-21 19:34:14

Oh, and thanks for the tips kra

I've used the command

hf mf nested 1 0 A FFFFFFFFFFFF d

to create dumpkeys.bin then run

hf mf dump1k

to create dumpdata.bin and my Mifare Compare program can successfully read this and compare it to another .bin file or a .mfd file (from mfoc).

Looks like I'm finally getting somewhere with the simple stuff

However, I still can't get

hf mf esave

to work. Seems like it did appear to do something, but the content of the .eml file didn't seem to bear any resemblance to the data I expected to be on the card. Now when I try

hf mf esave

, it reports

Can't get block: 0

.

Kind regards again,
YoungJules

kra · 2012-02-22 03:21:17

strange,
I did not understand
If you have access to the file?

it is not, change your card with a similar, initially I had problems with that, If you have a homemade antenna placed well the card

If it works for the command you'll look like a file with the 7 bytes in hex from emulator memory. (UID location). But according to my experience is not the UID ... No resemblance to the data contained within the card.

I get a lot of numbers that I don't know what means

Trying ... and tell me

other thing you serve the command hf mf wrbl in all blocks ?
To me this appears

#db# Cmd Error: 04       
#db# Write block error       
#db# WRITE BLOCK FINISHED       
isOk:00

YoungJules · 2012-02-22 15:09:18

How put the new file in the card ? with libnfc

With libnfc you can use

nfc-mfclassic w a my_mifare_dump.mfd

for example.

It won't overwrite the first block as that's write-protected. Unless you have a 'clone' card... but that's a whole other story

Kind regards,
YoungJules

kra · 2012-02-24 06:50:22

YoungJules wrote:

How put the new file in the card ? with libnfc
With libnfc you can use
nfc-mfclassic w a my_mifare_dump.mfd
for example.
It won't overwrite the first block as that's write-protected. Unless you have a 'clone' card... but that's a whole other story
Kind regards,
YoungJules

If I realized that can not change, but change the rest which is what I care about.

And when I run I get this

Error: authentication failed for block 00

which is clearly the first line that can not be changed

How could you write the other blocks?

o0o0o0o · 2012-06-19 14:59:39

kra wrote:

And when I run I get this
Error: authentication failed for block 00
which is clearly the first line that can not be changed
How could you write the other blocks?

The command should try to write over the block 0. If not possible then it just skip it and start writing block 01. At least with latest version.

o0o0o0o · 2012-06-19 15:16:12

I have successfully transferred what was on my first card to the second one. (except Block 0)

Here is the comparison : http://uppix.net/a/5/e/4c75dc8c779cc81c79daf7a099534.jpg

000000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000030 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff
000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000070 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff
000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0000a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0000b0 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff
0000c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0000d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0000e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0000f0 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff
000100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000130 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff
000140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000170 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff
000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0001a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0001b0 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff
0001c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0001e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0001f0 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff
000200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000220 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000230 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff
000240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000250 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000260 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000270 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff
000280 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000290 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0002a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0002b0 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff
0002c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0002d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0002e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0002f0 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff
000300 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000310 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000320 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000330 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff
000340 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000350 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000360 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000370 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff
000380 23 87 87 35 79 00 00 00 00 00 00 00 00 00 00 00
000390 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0003a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0003b0 57 dd 4e 19 2b 11 7f 07 88 69 81 26 4a fe 72 43
0003c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0003d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0003e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0003f0 ff ff ff ff ff ff ff 07 80 bc ff ff ff ff ff ff
000400 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000420 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000430 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000440 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000450 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000460 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000470 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000480 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000490 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0004a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0004b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0004c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0004d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0004e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0004f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000500 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000510 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000520 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000530 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000540 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000550 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000560 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000570 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000580 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000590 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0005a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0005b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0005c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0005d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0005e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0005f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000600 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000610 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000620 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000630 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000640 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000650 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000660 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000670 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000680 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000690 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0006a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0006b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0006c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0006d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0006e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0006f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000700 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000710 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000720 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000730 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000740 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000750 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000760 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000770 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000780 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000790 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0007a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0007b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0007c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0007d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0007e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0007f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000800 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000810 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000820 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000830 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000840 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000850 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000860 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000880 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000890 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0008a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0008b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0008c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0008d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0008e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0008f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000900 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000910 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000920 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000930 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000940 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000950 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000960 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000970 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000980 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000990 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0009a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0009b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0009c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0009d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0009e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0009f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000a00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000a10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000a20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000a30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000a40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000a50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000a60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000a70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000a80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000a90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000aa0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000ac0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000ad0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000ae0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000af0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000b00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000b10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000b20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000b30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000b40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000b50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000b60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000b70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000b80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000b90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000ba0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000bb0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000bc0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000bd0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000be0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000bf0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000c00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000c10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000c20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000c30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000c40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000c50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000c60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000c70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000c80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000c90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000ca0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000cb0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000cc0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000cd0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000ce0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000cf0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000d00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000d10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000d20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000d30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000d40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000d50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000d60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000d70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000d80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000d90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000da0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000db0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000dc0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000dd0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000de0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000df0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000e00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000e10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000e20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000e30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000e40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000e50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000e60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000e70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000e80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000e90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000ea0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000eb0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000ec0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000ed0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000ee0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000ef0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000f00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000f10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000f20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000f30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000f40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000f50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000f60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000f70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000f80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000f90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000fa0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000fb0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000fc0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000fd0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000fe0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000ff0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
001000

From this output, can you tell how much credit there is, how many trips are left, when the card will expire ?
(all I know is that there was 6 trips at the beginning and that the card was untouched; 6 trips left.
Also, it cost 3.30$ to recharge with 1 trip.
The card expires 12 months from purchase. Purchased on the 17th June 2012)

Also a funny thing, this Smart Card was introduced few months ago in the big city where I live (it is 99 % used only by tourist.)
I recovered all the keys after just 30 seconds of mfoc.
I didn't try to check if the clone is working without having the same UID.

tlou · 2012-06-19 15:39:09

Hello o0o0o0o!
Every fourth block on the Mifare Classic 1K card is a sector trailer, those blocks containing

ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff

in your case, with the exception of block "0003b0". Most of the blocks are empty, as they contain zeroes.
Have a look the block marked as "000380" - that's the only one containing anything!

23 87 87 35 79 00 00 00 00 00 00 00 00 00 00 00

Don't know what it means though! And I wouldn't want to help you clone it even if I could

Last edited by tlou (2012-06-19 15:46:46)

kra · 2012-06-20 04:08:28

o0o0o0o wrote:

kra wrote:
And when I run I get this
Error: authentication failed for block 00
which is clearly the first line that can not be changed
How could you write the other blocks?
The command should try to write over the block 0. If not possible then it just skip it and start writing block 01. At least with latest version.

What version you have ? And how you write the command in the libnfc ? I tell you this because when i try to write the card, the command take everything and I can't select the sector where it is start, in this case the sector is block 01

kra · 2012-06-20 04:27:53

I agree whit tlou

This card is empty !! I look your .jpg and all you have are the keys in "0003b0"

A : 57 dd 4e 19 2b 11 7f
B: 69 81 26 4a fe 72 43

But is ussless because in this sector its empty.

If is a mifare 1k should have something in the sector 2 or block 5, 6 or 7.
In this block have the map (The travel of the card ) , the history , and other things

In my country for example the trips is in the block 6, and all code is a trip,
A diferent code is a diferent number of the trip. But i think is the same whit you card.

Back again read you card because it's very weird

BTW you already decipher how read the map ?

o0o0o0o · 2012-06-20 04:51:45

kra wrote:

o0o0o0o wrote:
kra wrote:
And when I run I get this
Error: authentication failed for block 00
which is clearly the first line that can not be changed
How could you write the other blocks?
The command should try to write over the block 0. If not possible then it just skip it and start writing block 01. At least with latest version.
What version you have ? And how you write the command in the libnfc ? I tell you this because when i try to write the card, the command take everything and I can't select the sector where it is start, in this case the sector is block 01

I am using last version. But I use the "mifare-classic" command for writing.

kra wrote:

This card is empty !! I look your .jpg and all you have are the keys in "0003b0"

I think it looks empty because I just bought it and didn't even swipe it once... It might be unactivated until the first swipe (?)
I will try that if I have time.
But I don't really care. All I wanted to see was if they used a default key for a brand new system...
It looks like the people who sold this new system don't know what they are doing...

Last edited by o0o0o0o (2012-06-20 04:54:35)

kra · 2012-06-20 05:11:57

Sorry for my English, I wanted to say how you put in the command "mifare-classic" to start to write in the block 01 and NO from the block 00, How i put this command ? This is my question .....

I don't think so, This people know what are doing because them was able to detect my card and lock from the system (black list)

o0o0o0o · 2012-06-20 09:00:16

kra wrote:

Sorry for my English, I wanted to say how you put in the command "mifare-classic" to start to write in the block 01 and NO from the block 00, How i put this command ? This is my question .....
I don't think so, This people know what are doing because them was able to detect my card and lock from the system (black list)

I didn't write the command to start from a specific block. I wrote the normal command, it started from block 0 with no error.

o0o0o0o · 2012-06-20 13:08:25

I just used one trip from my card.
Then did the mfoc again and guess what ?
Absolutely nothing was changed...

It means that the card ID is stored on the system along with the credit of this card (?)

kra · 2012-06-20 16:21:51

Something is wrong with you reader, believe me, in some line change of the hex , a letter, a number, Something
Read the card with the proxmark and not with other reader.
with the command "hf mf rdsc".
If you have a master key, its the same for all cards.

A yes the card UID is stored on the system along with the credit of this card, BUT not check all the cards all day.

I realized if the lector of the register is old or outdated, does not block the card if the UID card its in the black list.

I didn't write the command to start from a specific block. I wrote the normal command, it started from block 0 with no error.

Please be more specific I get the same Error

I know that has to do something in the file. mdf.
I know I have to accommodate it well so I can write well with the command "mifare-classic"

Oseloth · 2013-10-01 16:32:05

If i had UID changeable card and want to clone a mifare card would acr122u and libnc be enough?

I suppose changing data on original card can't be done with this reader.

Thx

Proxmark3 community

Announcement

#1 2012-01-25 14:06:50

Playing with my mifare card

#2 2012-01-26 05:23:45

Re: Playing with my mifare card

#3 2012-01-26 07:14:56

Re: Playing with my mifare card

#4 2012-01-26 08:41:40

Re: Playing with my mifare card

#5 2012-01-26 10:19:56

Re: Playing with my mifare card

#6 2012-01-27 11:59:40

Re: Playing with my mifare card

#7 2012-01-27 19:41:54

Re: Playing with my mifare card

#8 2012-01-28 13:56:06

Re: Playing with my mifare card

#9 2012-02-11 02:02:48

Re: Playing with my mifare card

#10 2012-02-11 06:11:26

Re: Playing with my mifare card

#11 2012-02-11 19:46:27

Re: Playing with my mifare card

#12 2012-02-12 00:05:45

Re: Playing with my mifare card

#13 2012-02-19 06:53:42

Re: Playing with my mifare card

#14 2012-02-20 05:59:36

Re: Playing with my mifare card

#15 2012-02-21 19:21:08

Re: Playing with my mifare card

#16 2012-02-21 19:34:14

Re: Playing with my mifare card

#17 2012-02-22 03:21:17

Re: Playing with my mifare card

#18 2012-02-22 15:09:18

Re: Playing with my mifare card

#19 2012-02-24 06:50:22

Re: Playing with my mifare card

#20 2012-06-19 14:59:39

Re: Playing with my mifare card

#21 2012-06-19 15:16:12

Re: Playing with my mifare card

#22 2012-06-19 15:39:09

Re: Playing with my mifare card

#23 2012-06-20 04:08:28

Re: Playing with my mifare card

#24 2012-06-20 04:27:53

Re: Playing with my mifare card

#25 2012-06-20 04:51:45

Re: Playing with my mifare card

#26 2012-06-20 05:11:57

Re: Playing with my mifare card

#27 2012-06-20 09:00:16

Re: Playing with my mifare card

#28 2012-06-20 13:08:25

Re: Playing with my mifare card

#29 2012-06-20 16:21:51

Re: Playing with my mifare card

#30 2013-10-01 16:32:05

Re: Playing with my mifare card

Board footer