Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2021-12-18 12:45:13

Burak
Contributor
Registered: 2021-10-06
Posts: 16

Is it possible to understand Mifare 1k algorithm defined by a brand?

Hello,

I have a bunch of a hotel mifare cards. I dumped the datas inside them and I am trying to understand it however I have no luck at all. It is even impossible to change the UID (I mean I am not trying to change to uid of hotel's key, I clone key to UID changeable card) I can make it work without making anychanges on bin file but when I change anything in blocks = 0,44,45 card is not recognized by reader and decline to read. I cannot even change only UID it also affects the algorithm of the card. So my question is, is it really possible to understand the algorithm that card using and at least change the UID of the card. that will be enough for me but somehow UID even affects it's working. I am looking for any suggestion.

Edit: When I change anything lets say UID it always give "Sector read error" and All cards have different key A so somehow reader knows the key. 

Thanks,

Last edited by Burak (2021-12-18 13:55:27)

Offline

#2 2021-12-22 00:18:43

kosgguy
Contributor
Registered: 2021-12-18
Posts: 56

Re: Is it possible to understand Mifare 1k algorithm defined by a brand?

I believe you cannot change the UID because I have read the UID can only be changed on mifare chinesse cards.

I don't know how to do it, but the idea I get from this video (https://www.youtube.com/watch?v=NW3RGbQTLhE) is that you have to read the NFC reader first to know how their algorithm works and then based on that try to read the card data and clone it.

I would like to have their software but I don't know how to get it.

Offline

#3 2021-12-22 13:49:57

Burak
Contributor
Registered: 2021-10-06
Posts: 16

Re: Is it possible to understand Mifare 1k algorithm defined by a brand?

kosgguy wrote:

I believe you cannot change the UID because I have read the UID can only be changed on mifare chinesse cards.

I don't know how to do it, but the idea I get from this video (https://www.youtube.com/watch?v=NW3RGbQTLhE) is that you have to read the NFC reader first to know how their algorithm works and then based on that try to read the card data and clone it.

I would like to have their software but I don't know how to get it.


Problem Is not about changing the UID I can change it, but problem is when I change UID program do not accept the card and refuse to read data inside the card.

Offline

#4 2021-12-23 10:26:16

Sentinel
Contributor
Registered: 2012-11-26
Posts: 191

Re: Is it possible to understand Mifare 1k algorithm defined by a brand?

hi Burak, you are writing: "I change anything in blocks = 0,44,45", what is in blocks 46, 47 ?

Offline

#5 2022-04-30 14:09:19

Burak
Contributor
Registered: 2021-10-06
Posts: 16

Re: Is it possible to understand Mifare 1k algorithm defined by a brand?

Sentinel wrote:

hi Burak, you are writing: "I change anything in blocks = 0,44,45", what is in blocks 46, 47 ?

Hello, here a few example of it.


    "0": "302ED40BC108040002B49D27FF06D21D",
    "42": "00000000000000000000000000000000",
    "43": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
    "44": "985C19FD24FD06FE22FF00FC2CFD0EFE",
    "45": "2AFF08B254AB360152723BFE00000000",
    "46": "00000000000000000000000000000000",
    "47": "983B896600ECFF078069FFFFFFFFFFFF",
    "48": "00000000000000000000000000000000",
    "0": "00B1DF3D530804000284188998A2A71D",
    "42": "00000000000000000000000000000000",
    "43": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
    "44": "9F2DC7833381C6863B85C68A3389C68E",
    "45": "4B8DC675537EC6695B864AFC00000000",
    "46": "00000000000000000000000000000000",
    "47": "D6139533B181FF078069FFFFFFFFFFFF",
    "48": "00000000000000000000000000000000",
    "0": "27C67FEE7008040002FCF46010ED771D",
    "42": "00000000000000000000000000000000",
    "43": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
    "44": "0E7AFAFFC0FFFFFEC4FFF3FED8FFF7FE",
    "45": "DCFF0B8F208EFFF124A0CDFE00000000",
    "46": "00000000000000000000000000000000",
    "47": "A188C90876F9FF078069FFFFFFFFFFFF",
    "48": "00000000000000000000000000000000",
    "0": "D7B47BEEF608040002D8FA8DEB18221D",
    "42": "00000000000000000000000000000000",
    "43": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
    "44": "9C11C4FF8CFFC1FE88FFCDFEF4FFC9FE",
    "45": "F0FF35FFFCFE3101F84B81FE00000000",
    "46": "00000000000000000000000000000000",
    "47": "D3EA956EE2D3FF078069FFFFFFFFFFFF",
    "48": "00000000000000000000000000000000",

Offline

Board footer

Powered by FluxBB