Proxmark developers community

Research, development and trades concerning the powerful Proxmark3 device!

You are not logged in.

#1 2012-02-23 12:56:00

newzi
Member
Registered: 2012-02-23
Posts: 1

Just Curious about some things

Hello guys,

I'm sorry if I posted in the wrong area, I'm just curious I am going to buy the ProxMark3 for research and I just want to know if they can read and clone GoCards, They run on the 13.56mHz fequency, If so how can I clone/read it? I have a RFID 13.56 Reader and Writer but I can't write to Sector 0, I'm new here so please take it easy smile


Thank you all for your time

- Newzi

Offline

#2 2012-02-23 15:49:26

Bugman1400
Moderator
Registered: 2010-12-20
Posts: 125

Re: Just Curious about some things

newzi wrote:

Hello guys,

I'm sorry if I posted in the wrong area, I'm just curious I am going to buy the ProxMark3 for research and I just want to know if they can read and clone GoCards, They run on the 13.56mHz fequency, If so how can I clone/read it? I have a RFID 13.56 Reader and Writer but I can't write to Sector 0, I'm new here so please take it easy smile


Thank you all for your time

- Newzi

Welcome to the forum.

Unfortunately, we cannot take it easy on you because you are new. Feel free to read and ask specific questions. There will be no spoonfeeding.

Cheers!

Offline

#3 2012-07-17 14:29:54

alain
Member
Registered: 2011-02-18
Posts: 4

Re: Just Curious about some things

Hi all,  first I would like thank you all for the good work. I already
managed to do some decoding and simulation

My question is about the   Mifare Classic

uint32_t uid                = 0xa245e4f2  ;
uint32_t tag_challenge      = 0x95c56b43 ;
uint32_t nr_enc             = 0xf6caad42 ;
uint32_t reader_response    = 0x1c42102d ;
uint32_t tag_response       = 0x0668324c ;


// excerpt of a standard program, which is working good

printf("nt': %08x\n",prng_successor(tag_challenge, 64));
printf("nt'': %08x\n",prng_successor(tag_challenge, 96));
printf("ks2: %08x\n",ks2);
printf("ks3: %08x\n",ks3);

revstate = lfsr_recovery64(ks2, ks3);

ks4 = crypto1_word(revstate,0,0);
ks5 = crypto1_word(revstate,0,0);
printf("ks4: %08x\n",ks4);
printf("ks5: %08x\n",ks5);


// output of this program, which is ok
nt': cca4409c
nt'': 3abc52d1
ks2: d0e650b1
ks3: 3cd4609d
ks4: 00000000
ks5: 00000000
ks1: b45b2800
nr: 42918542
Found Key: [e9 42 0e f9 70 56]
//     ks4=ks5=00000000



my question is rather mathematical
what relation exists between
uid      tag_challenge      nr_enc             reader_response    tag_response
      in order to get  (ks4=ks5=0000000 )
has anyone seen a solution ?

Offline

#4 2012-07-19 03:47:34

rfidshop
Banned
Registered: 2012-07-19
Posts: 2

Re: Just Curious about some things

Hi Newzi,

As to the ISO Mifare 1k S50 and other cards, you cannot program the block 0 which store the UID. It has been encryed when it comes out factory as chips. You need to use the cracking software to do sth there and if you want to do the clone ,you need a blank card that the UID can be changed.

market@d-think.net

Offline

Board footer

Powered by FluxBB