Well if you can write other sectors other than sector0 of your special card (you seem to have written that) you probably bought a 1st generation changeable UID card (that requires special commands to write sector0) so you are out of luck and there is no way in which you can program them with your mobile phone.
HTC One is a family, you should check if your sub-model has a mifare-compatible NFC chip inside. "Pure" HTC One has a NXP 44701 NFC controller and "should" be compatible with mifare.
If it is not a phone problem maybe you received some "strange" mifare chanegable UID... maybe you can try to read the tag putting it 1cm form the phone.
Your best chance is to test a real mifare card and see if it works.
Well root is available on 90% (maybe more) Android devices but usually root void your warranty. A rooted phone is more exposed to "external risks" but it is FAR AWAY better than a stock (non-rooted) firmware in terms of performance if you do the appropriate tweaks (anyway if you don't know what you are doing you can make unwanted behaviour and system instability).
I torally agree with you except for "giving keys" or something already prepared avoiding people makes their way to learn how to obtain it (spoon-feeding = bad). Also in many countries releasing keys and exploits is illegal (if this was not, why for example hid keys aren't public even if quite a lot of people knows them?). Even roel had and has problems releasing megamos infos even if it is a responsable disclosure.
Again this forum is full of how-to so let people investigate themself to find answers to the most common questions (this is only my opinion and a kind suggestion ).
The intent is personal (everyone can play as he wants), what I would avoid is "disclose potentially unwanted secrets" such as vendor's keys because the forum should get in troubles and avoid helping people to obtain something for free even if it costs 1 cent. Also answers for the above questions are scattered all around the forum so if someone REALLY wants to study he should equip himself with lot of patience and start reading the very useful info availble here and there and also official datasheets+research papers. I wanted a windows gui to make things easier but now i am not sure it was a good choice.... spoon-feeding is also "bad" because it doesn't help the learning process.
Those are my 0.5 cents, I hope you will understand the meaning of my words.
Well I consider all the thread, not only some posts or "dumps" and reading the whole content of this thread I suppose (quite celarly) it is for "malicious" intent. If you do not agree feel free to help him, I will then change my previous sentence in "... I do not support".
Ok I found the problem; 14a raw command seems to have a bug: if I try to send more than 12 bytes the tag doesn't answer so I mean that from byte 13 (starting from 1) and on bytes are someway "lost": can someone have a look at the code ? I found in the code that there seems to be a limit in received bytes (only 16) but nothing about sent bytes. The patch was added in r784.
If we can overcome those limits ePassport support will be really easy to add.
I am investigating epassport raw commands but I am not able to send them with ISO14443A raw command feature;
The select command:
00 A4 04 0C 07 A0 00 00 02 47 10 01
should give a 90 00 answer but sending it I am receiving no answer.
Sending a select command the answer is a random UID (the UID remain fixed if you select the option to not to turn off field after sending acommand, this is quite obvious).
Can someone please tell me the correct command sequence to obtain an answer from my epassport ?
If useful this is the answer to the pm3 already implemented epa command:
proxmark3> hf epa cnonces 10 16 0 Collecting 16 10-byte nonces Start: 1397463446 Error in step 2, Return code: 0 Error in step 2, Return code: 0 Error in step 2, Return code: 0 Error in step 2, Return code: 0 Error in step 2, Return code: 0 Error in step 2, Return code: 0 Error in step 2, Return code: 0 Error in step 2, Return code: 0 Error in step 2, Return code: 0 Error in step 2, Return code: 0 Error in step 2, Return code: 0 Error in step 2, Return code: 0 Error in step 2, Return code: 0 Error in step 2, Return code: 0 Error in step 2, Return code: 0 Error in step 2, Return code: 0 End: 1397463448
USB commands are really a lot for some client commands (it means that 1 single client command can produce many usb-sent sub-commands) and i think this is really difficult to implement. Unfortunately a gui like the win version seems to be the only practical way (settings file is already good to be used) but in most cases it will need root
Iceman can I have the link where you bought the ultralightc with changeable UID ?
can you also test to write blocks after 0f (ex. 15 or 22) and see if you can read them back ? After the write command try to read with single block and all card please ! I suppose your card is not an ultralightc but a simple ultralight with changeable uid.
Did you install openssl ? It compiles for me.
Try to replace the .a files in \ssl folder with those 2; they are oldery compiled libraries (the ones you can found in my previous packet are latest version compiled by me but my compiler works with both of them).
Alternatively here it is my already compiled version.
Please test and tell us if ultralightc support works for you!
Well you cracked it. Keya and keyb for sectors from 0 to 7 and 15 are ffffffffffff.
Keya for sector from 8 to 14 is a0a1a2a3a4a5 while keyb for the same sectors is 000000000000.
You can use these keys to read/write specific sectors. Please read mifare classic manual to learn more about those tags.
As I told you:
Also rememebr that the command:
hf mf nested 1 0 A a0a1a2a3a4a5
need to use the correct key for the selected sector (you selected sector 0 and keyA a0a1a2a3a4a5, are you sure that block0 has keyA = a0a1a2a3a4a5 ? Or maybe that keyA is for another sector ?).
hf mf nested 1 0 A a0a1a2a3a4a5 t
was wrong because a0a1a2a3a4a5 is not sector0 keyA = authentication error
hf mf nested 1 0 A ffffffffffff t
is correct because ffffffffff is sector0 keyA = it works !