Cracking Mifare Classic 1K

v1ru5 · 2014-01-11 23:44:18

Hi guys,

I just started reading up on RFIDs and how they work. I have a Mifare Classic 1K card and was wondering how I could crack it. Here are the details:

UID[4]: b0bafc66
RF Technology: Type A (ISO/IEC 14443 Type A)
Tag type: Mifare Classic 1K
ATQA: 0004
SAK: 08

It would be great if someone could tell me what tools I need to purchase and what specific type of blank cards I would need to purchase.

Thanks.

v1ru5 · 2014-01-12 00:14:58

Below is what I got when I used the Mifare Classic Tool on my card.

+Sector: 0
B0BAFC6690880400468F74D84D702611
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 1
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 2
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 3
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 4
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 5
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 6
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 7
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 8
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 9
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 10
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 11
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 12
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 13
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 14
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 15
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF0780BCFFFFFFFFFFFF

iceman · 2014-01-12 11:24:03

Well, you read all the data from the card. You got the keys A/B, and it is a complete blank card...
You don't need to "crack" the keys in your case, since the card had a default key A/B set to FFFFFFFFFFFF so your software read it all.

Now, what was your intention? If you wanted to clone the card , then you would need a another blank card.

v1ru5 · 2014-01-12 11:35:20

Wait so you are saying the card I read is blank? That should not be the case because I use the card daily in many places.

Yes, I would like to clone the card so I can use it just like I use this card. What tools would I need and what specific type of blank card would be preferred for what I want to do.

Thanks for the reply.

iceman · 2014-01-12 11:48:39

Buying a blank card and what kind. Well, that depends on how the cardsystem uses your current card.

If the dump is correct, then the card is blank. There is no data on it besides the manufacturing block (Sector 0, Block 0). That hints that the card-system might only use the UID to map your accessrights in a database. What do you use the card with on a daily basis? Opening doors? Paying? Tickets?

v1ru5 · 2014-01-12 12:09:55

Yes, I use this card to pay or open doors. It is used for various different things. So the sector 0 and block 0 is not important? Basically you are saying when I scan my card on a reader, the UID is searched on a database and if found, the transaction or action the reader is mean't to complete is completed? If that is correct, what tools would I need to clone this data including the UID onto another card. And what type of blank card should I purchase based on my card config. Thanks

iceman · 2014-01-12 12:21:11

Well, if it is like that then you will need a chinese magic card. A normal blank card you cant write on Sector0/Block0.. But with the Chinese magic cards you cant. What I know from them, there a two different modells. Both modells are supported with the Proxmark3 software. So if you have a PM3 then you need to buy a magic card and bob's yr uncle.

v1ru5 · 2014-01-12 12:24:12

Okay, so I will need to purchase the PM3 and the Chinese magic card. Just wondering, Sector0/Block0 contain data which is unique to each card in my case. So for example, if I go to someone else who has a similar card as mine, they will have the same Sector0/Block0 but a different UID?

iceman · 2014-01-12 13:10:50

PM3 is a bit expensive, so just for the cloneing of one card it seems like an overkill

v1ru5 · 2014-01-12 13:42:00

so in my case I need a chinese magic card and a nfc reader/writer or can I use my phone to dump the data onto the chinese magic card?

iceman · 2014-01-12 14:11:23

Hrm.. Asper has been porting PM3-software for android. I have no idead about which phones who has a NFC that works. Some androids has the possiblity to sim a card. Anyway, there is a thread about it somewhere here.

Found it: http://www.proxmark.org/forum/viewtopic.php?id=1750

Ask him about it.

asper · 2014-01-12 15:25:27

Early chinese magic card ARE NOT COMPATIBLE at all wit nfc mobile phones (they need special commands that cannot be sent using the phone - tested). Latest chinese magic card should not need those special commands so you should be able to write them with an nfc phone (not tested).

Nfc mobile phone MUST HAVE an NXP nfc chip inside to work with mifare cards; Broadcom nfc chips ARE NOT COMPATIBLE with mifare cards (ex Galaxy S3 has nxp chip, S4 broadcom chip; your phone is compatible with all original mifare if you managed to dump the card with MCT but will only works with mifare chinese magic "2nd generation" cards).

PM3 for android (proxdroid) is a software to control proxmark3 via Android but you need to buy a proxmark3 to use it but it's not so easy to set it up.

I don't know how to simulate a mifare in an nfc mobile phone, never tested that possibility and I don't know if it is actually possible. This interesting thread can have some answers about card emulation: https://groups.google.com/forum/m/#!topic/android-developers/QYybNw8Iqfc

Last edited by asper (2014-01-12 15:52:28)

v1ru5 · 2014-01-12 22:05:50

So I am guessing my Galaxy Nexus has NXP nfc chip because I was able to dump the card. My best option at this moment would be to purchase a second gen chinese magic card and attempt to write it with my Galaxy Nexus? If I did purchase proxmark3, wouldn't I also be able to control it via a linux or windows machine? Do I have to control it via android. Thanks for your help.

iceman · 2014-01-12 22:53:38

You can control your PM3 with the client software which runs on linux, windows. That is correct.
And yes, a second gen chinese is what you need, if the above assumptions are correct to clone your card.

v1ru5 · 2014-01-12 23:09:57

Ok thanks. Just one last question. Sector0Block0 contains manufacturer data. Could you explain what that means. Would that data remain the same for other people who have the same card as me? Only the UID would change?

asper · 2014-01-12 23:21:51

UID, 5th byte and some other bytes will probably change but those data are usually not important/used to recognize a single card. More info in official nxp pdfs and on this forum.

v1ru5 · 2014-01-12 23:28:50

Okay thanks, I guess this should work for me: http://www.aliexpress.com/item/UID-changeable-1k-card-with-backdoor-Chinese-Magic-card/793161609.html

v1ru5 · 2014-01-12 23:33:08

Wait my bad i think this is the correct one http://www.aliexpress.com/store/product/UID-changeable-1k-card-with-block0-writable/820427_793383448.html

asper · 2014-01-12 23:43:14

You must ask the seller if block0 is writable with normal write command or only using special commands, this is the only way to know if it is a 1st or2nd generation card (hoping he will tell you the truth).

The "backdoored" are usually 1st generation so you can write block0 only with pm3 or with a dedicated reader/writer; they can always be used as standard mifare with your phone but block0 will be impossible to write with your phone. Only with 2nd generation you can edit block0 with your phone (probably but not tested).

If you have doubts just ask the seller.

Last edited by asper (2014-01-12 23:45:03)

guesswh0 · 2014-01-19 10:32:48

hey V1ru5 did you ever find out which card off the website work for you?

v1ru5 · 2014-01-19 12:14:51

hi ya I purchased this card, its on the way to me so I still haven't tested it yet:

http://www.aliexpress.com/store/product … 83448.html

guesswh0 · 2014-01-20 00:46:59

Nice good info thanks v1ru5 let me how it works out for you

ikarus · 2014-01-20 23:56:03

The second link (http://www.aliexpress.com/store/product … 83448.html) looks good!
The description says:

Just change it like you change block 1 and block2

And on the screenshot you can see

hf mf wrbl ...

which is the normal (pm3) write command for mifare classic tags.
If the Proxmark3 can write it that way, your smartphone can do it too.

Last edited by ikarus (2014-01-20 23:58:09)

v1ru5 · 2014-01-31 21:33:05

I was successfully able to copy my Mifare Classic 1K onto this card http://www.aliexpress.com/store/product … 83448.html. Now I am just trying to figure out what the data on Sector 0 represents. If I am able to figure that out, then possibly I can guess someone elses Sector 0 and copy their card without having their card in hand. I know the Sector 0 contains the UID, but the UID doesn't really mean anything right now. Like it doesn't match any number on the card. Still trying to figure this out. Thanks for the help everyone, I am happy that I have successfully gotten to this point.

Photubias · 2014-02-03 13:10:44

Hi v1ru5, care to elaborate on how you exactly managed it?
Do you need proxmark, or used phone software, or some ACS reader with which software?

Apparently my card is still locked (get authentication error on block 0x0b with mfclassic r a dump.mfd)

Thanks in advance

v1ru5 · 2014-02-03 15:42:34

If you do not have the keys for your card, you will probably need to use proxmark to bruteforce the keys. For me, I got lucky because both of my keys were common keys so I did not have to use a proxmark in my case. I used the Mifare Classic Tool to dump the data from my card onto my phone using the default keys. Then I looked at the data and the data only existed on Sector 0 but on most cards Sector 0 is not writeable so I purchased a UID changeable card in which Sector 0 can be changed. I used Mifare Classic Tool again to copy the dump from my phone to my UID changeable card. I selected the option to also write Sector 0 to the card. I was successful in being able to copy a Mifare Classic 1K onto a blank UID changeable card. So I am not exactly sure about your case because this was my first attempt at anything related to RFID but I am pretty sure if you don't have the keys you will have to brute them which can't be done by phone, so you will probably need proxmark.

Photubias · 2014-02-04 10:21:14

Hi,

I think I managed to dump my card by brute forcing the keys. No need for a proxmark, just used mfoc (only 5 min.). According to some other sources, mfcuk would be faster, but it has been running for 25min now on only one sector and hasn't found anything yet.

According to the people of my company, they use payment saldo's on the card only. So no central database, I would like to find a way to "decrypt" the HEX-values on my card to read out my current money saldo. Any thoughts?

sideout · 2014-02-11 15:51:35

Hi guys.
I'v made dump of my Mifare classic 1k with Mifare Classic Tool and only for sector from 12 to 15 i don't see KeyB (keyA is always visible and ACs too).
Any thoughts? Thanks

ex
Sector 13
--------------------------------
--------------------------------
--------------------------------
B0B1B2B3B4B50F0F0F0F------------

Photubias · 2014-02-11 19:51:56

Whatever you do, you always use a key to read/write. However, depending on the access bits, usually you can read all data EXCEPT the keys. This can be different per sector.

Bebeoix · 2014-02-12 13:46:00

Photubias wrote:

Hi,
I think I managed to dump my card by brute forcing the keys. No need for a proxmark, just used mfoc (only 5 min.). According to some other sources, mfcuk would be faster, but it has been running for 25min now on only one sector and hasn't found anything yet.
According to the people of my company, they use payment saldo's on the card only. So no central database, I would like to find a way to "decrypt" the HEX-values on my card to read out my current money saldo. Any thoughts?

Did mfcuk worked in the end ?

Photubias · 2014-02-12 14:30:50

Bebeoix wrote:

Did mfcuk worked in the end ?

Since I was able to crack all keys with mfoc I did not investigate the mfcuk-path any further, I just retried and when entering
"mfcuk_d.exe -C -R 0 -o temp.mfd"

It just gets stuck on "Recover: 0"

So no, it did not work.

Bebeoix · 2014-02-12 19:33:06

Photubias wrote:

Bebeoix wrote:
Did mfcuk worked in the end ?
Since I was able to crack all keys with mfoc I did not investigate the mfcuk-path any further, I just retried and when entering
"mfcuk_d.exe -C -R 0 -o temp.mfd"
It just gets stuck on "Recover: 0"
So no, it did not work.

Ok. Because for me after 48h, mfoc was still trying. I had to put a high number for the probes. So I'm looking for something else.

LaserByte · 2014-06-03 14:17:42

ICEMAN THANKS FOR YOUR HELP IN MY FIRST STEPS.
I have read the card but do not understand ... NXP MIFARE CLASSIC 1: 2K PLUS SL1
( http://prntscr.com/3p4bfx ) -
I've turned into a card --- eml file.
what steps should I follow to clone the card?
I sniff a reader?
this is what I have .. (http://prntscr.com/3orbb8)

1 proxmark3
One antenna Hf
1 Chinese magic card (http://prntscr.com/3or8ho)
Mifare 1k card 1 ticket with balance.

thank you ..

sorry for not knowing

iceman · 2014-06-03 15:21:19

well... Noo.. you didn't follow my steps...

you tried the default keys with the "hf mf chk..." command. That will only work on some known cards.
You need to first do "hf mf mifare" command to get one key... (hopefully)
if that one succeds, then you need to look into the "hf mf nested" command using the key you got in the previous step.

Read the documentation for pm3 and mifare https://code.google.com/p/proxmark3/wiki/Mifare

LaserByte · 2014-06-03 19:50:56

Hi Iceman
Thanks for your answer ... (I wrote here, to be in the post of mifare classic 1k)

hf mf mifare "had already cast, for 15 minutes, and nothing happens .. ( http://prntscr.com/3pcgmw )

iceman · 2014-06-03 20:50:20

if you don't have a key to start with, then you are out of luck.

You need the keys to make a dump.

try to hold yr card different from the antenna..

LaserByte · 2014-06-03 21:32:51

Hello
and try 3 or 4 times with different cards and angles ..

no other way to get those keys?

this appears to me to press the button proxmark ( http://prntscr.com/3pdthc )

iceman · 2014-06-03 21:53:59

hm, your screens looks strange..
how about u unplug the pm3 and the run the "hf mf mifare" command...

LaserByte · 2014-06-03 21:56:25

ok wait a minute

LaserByte · 2014-06-03 22:09:23

this is the hf mf mifare running ... ( http://prntscr.com/3peaoi )
proxmark connected is ok

iceman · 2014-06-03 22:45:04

still looks not good for you.
It could be one of the new mifare classic cards with high entropy.. which isn't "cracked"...
there is the snoop option... Holiman wrote something about it.

LaserByte · 2014-06-03 22:52:02

ok that problem ..
will try to make the snoop, and I'll show you if possible do something

thanks for your time ..

LaserByte · 2014-06-08 01:23:19

Hi ICEMAN

This is the result of sniff between the card and reader
Now you can help me find the key to dump the card

show me or tell me that I can find program
I have seen that you can with crapto1gui.exe

Best regards

download txt
http://www.amirax.site11.com/snoopread_card.rar

snoop%20card.png

Last edited by LaserByte (2014-06-08 01:37:10)

holiman · 2014-06-08 22:07:55

The 14a list functionality was changed by piwi when more accurate timing was introduced (Maybe somewhere around r845. ). The data above looks like you are using a "modern" client software but an old osimage without piwis changes. Please do a "hw version" and show the result.
Oh, and it would be interesting to see if you get a more correct listing with "hf iclass list". I'm a bit curious, there's a chance it will work...

LaserByte · 2014-06-09 01:00:18

Hello Holiman

hf class list - sending you the day tomorrow, I'll do another reading
This is the version I use
could you tell me which is the most appropriate

holiman · 2014-06-09 10:03:05

Ok, so you're using a newer client software on the PC-side, but the device is old. I would recommend that you flash the device with the new code. I always recommend using the latest versions, since a lot of us are reluctant to spend time helping out with problems for older builds, but if the version you are using is "recent enough" that'll probably work.
So, go to armsrc, 'make', then go to ../client/, and use the flasher to flash at least osimage and fpgaimage (linux : "flasher /dev/ttyACM3 ../armsrc/obj/osimage.elf ../armsrc/obj/fpgaimage.elf"). Or you can do a flash with the fullimage.elf, and get all three components flashed at once. That will flash the bootrom aswell, but if you do that, make sure not to unplug the device in the progress or you'll brick the device.

LaserByte · 2014-06-09 17:05:57

Hi Holiman..
update osimage - fpgs - bootrom

Last edited by LaserByte (2014-06-09 17:13:42)

LaserByte · 2014-06-09 17:43:40

LaserByte · 2014-06-09 23:00:23

Hello

This is a recording of sniff between the reader and the card
where the card has balance and reader discounts and allows access
reading made with the new updated iosimage and fpgaimage.
download txt

Last edited by LaserByte (2014-07-21 16:44:19)

LaserByte · 2014-06-09 23:27:24

hello

captured here reading between the card and reader.
the card is the same and on this occasion only reads the balance, and no off balance

Recorded Activity

Start = Start of Start Bit, End = End of last modulation. Src = Sou

All times are in carrier periods (1/13.56Mhz)

Start | End | Src | Data
-----------|-----------|-----|--------
0 | 1056 | Tag | 26
2228 | 2676 | Tag | 04
22656 | 25120 | Tag | 93 20
26292 | 26676 | Tag | 00!
50688 | 61216 | Tag | 93 70 88 04 19 ac 39 93 c8
62388 | 62836 | Tag | 04
84096 | 86560 | Tag | 95 20
87748 | 88004 | Tag | 00!
111872 | 122336 | Tag | 95 70 e2 97 2f 81 db 67 b1
123588 | 123844 | Tag | 00!
214656 | 219424 | Tag | 60 04 d1 3d
223684 | 223940 | Tag | 00!
244224 | 253536 | Tag | 4f 46! 46 d5 93! a3! e4 6c !
254804 | 255060 | Tag | 00!
293504 | 298272 | Tag | 98 a3! 80 0a!
299460 | 299844 | Tag | 01
391040 | 395808 | Tag | da! bb 1d 5f!
397012 | 397396 | Tag | 01
488448 | 493216 | Tag | 12! d1! dd c8
494420 | 494804 | Tag | 00!
5351936 | 5352992 | Tag | 26
5354180 | 5354564 | Tag | 00!
5374720 | 5377184 | Tag | 93 20
5378388 | 5378900 | Tag | 00!
5402624 | 5413152 | Tag | 93 70 88 04 19 ac 39 93 c8
5414356 | 5414740 | Tag | 00!
5436032 | 5438496 | Tag | 95 20
5439700 | 5439956 | Tag | 00!
5463936 | 5474400 | Tag | 95 70 e2 97 2f 81 db 67 b1
5475668 | 5476180 | Tag | 00!
6709248 | 6710304 | Tag | 26
6711508 | 6711892 | Tag | 00!
6732032 | 6734496 | Tag | 93 20
6735700 | 6735956 | Tag | 00!
6760064 | 6770592 | Tag | 93 70 88 04 19 ac 39 93 c8
6771780 | 6772164 | Tag | 00!
6793600 | 6796064 | Tag | 95 20
6797268 | 6797524 | Tag | 00!
6821632 | 6832096 | Tag | 95 70 e2 97 2f 81 db 67 b1
6833348 | 6833604 | Tag | 00!
8565632 | 8566688 | Tag | 26
8567876 | 8568260 | Tag | 00!
8588416 | 8590880 | Tag | 93 20
8592084 | 8592340 | Tag | 00!
8616448 | 8626976 | Tag | 93 70 88 04 19 ac 39 93 c8
8628164 | 8628548 | Tag | 00!
8649856 | 8652320 | Tag | 95 20
8653524 | 8653780 | Tag | 00!
8677632 | 8688096 | Tag | 95 70 e2 97 2f 81 db 67 b1
8689364 | 8689876 | Tag | 00!
9923200 | 9924256 | Tag | 26
9925460 | 9925844 | Tag | 00!
9945856 | 9948320 | Tag | 93 20
9949524 | 9950036 | Tag | 00!
9973888 | 9984416 | Tag | 93 70 88 04 19 ac 39 93 c8
9985620 | 9986004 | Tag | 00!
10007296 | 10009760 | Tag | 95 20
10010964 | 10011220 | Tag | 00!
10035328 | 10045792 | Tag | 95 70 e2 97 2f 81 db 67 b1
10047044 | 10047556 | Tag | 00!
12674304 | 12675360 | Tag | 26
12676548 | 12676932 | Tag | 00!
12697088 | 12699552 | Tag | 93 20
12700756 | 12701268 | Tag | 00!
12724864 | 12735392 | Tag | 93 70 88 04 19 ac 39 93 c8
12736580 | 12736964 | Tag | 00!
12758272 | 12760736 | Tag | 95 20
12761940 | 12762196 | Tag | 00!
12786048 | 12796512 | Tag | 95 70 e2 97 2f 81 db 67 b1
12797780 | 12798292 | Tag | 00!
14031488 | 14032544 | Tag | 26
14033732 | 14034116 | Tag | 00!
14054272 | 14056736 | Tag | 93 20
14057924 | 14058180 | Tag | 00!
14082304 | 14092832 | Tag | 93 70 88 04 19 ac 39 93 c8
14094020 | 14094404 | Tag | 00!
14115584 | 14118048 | Tag | 95 20
14119236 | 14119492 | Tag | 00!
14143616 | 14154080 | Tag | 95 70 e2 97 2f 81 db 67 b1
14155332 | 14155588 | Tag | 00!
15862272 | 15863328 | Tag | 26
15864516 | 15866884 | Tag | 44 00
15885056 | 15887520 | Tag | 93 20
15888708 | 15894532 | Tag | 88 04 19 ac 39
15913088 | 15923616 | Tag | 93 70 88 04 19 ac 39 93 c8
15924804 | 15928324 | Tag | 04 da 17
15946368 | 15948832 | Tag | 95 20
15950036 | 15955860 | Tag | e2 97 2f 81 db
15974400 | 15984864 | Tag | 95 70 e2 97 2f 81 db 67 b1
15986116 | 15989636 | Tag | 08 b6 dd
17219840 | 17220896 | Tag | 26
proxmark3>the card is the same... thank you

Proxmark3 community

Announcement

#1 2014-01-11 23:44:18

Cracking Mifare Classic 1K

#2 2014-01-12 00:14:58

Re: Cracking Mifare Classic 1K

#3 2014-01-12 11:24:03

Re: Cracking Mifare Classic 1K

#4 2014-01-12 11:35:20

Re: Cracking Mifare Classic 1K

#5 2014-01-12 11:48:39

Re: Cracking Mifare Classic 1K

#6 2014-01-12 12:09:55

Re: Cracking Mifare Classic 1K

#7 2014-01-12 12:21:11

Re: Cracking Mifare Classic 1K

#8 2014-01-12 12:24:12

Re: Cracking Mifare Classic 1K

#9 2014-01-12 13:10:50

Re: Cracking Mifare Classic 1K

#10 2014-01-12 13:42:00

Re: Cracking Mifare Classic 1K

#11 2014-01-12 14:11:23

Re: Cracking Mifare Classic 1K

#12 2014-01-12 15:25:27

Re: Cracking Mifare Classic 1K

#13 2014-01-12 22:05:50

Re: Cracking Mifare Classic 1K

#14 2014-01-12 22:53:38

Re: Cracking Mifare Classic 1K

#15 2014-01-12 23:09:57

Re: Cracking Mifare Classic 1K

#16 2014-01-12 23:21:51

Re: Cracking Mifare Classic 1K

#17 2014-01-12 23:28:50

Re: Cracking Mifare Classic 1K

#18 2014-01-12 23:33:08

Re: Cracking Mifare Classic 1K

#19 2014-01-12 23:43:14

Re: Cracking Mifare Classic 1K

#20 2014-01-19 10:32:48

Re: Cracking Mifare Classic 1K

#21 2014-01-19 12:14:51

Re: Cracking Mifare Classic 1K

#22 2014-01-20 00:46:59

Re: Cracking Mifare Classic 1K

#23 2014-01-20 23:56:03

Re: Cracking Mifare Classic 1K

#24 2014-01-31 21:33:05

Re: Cracking Mifare Classic 1K

#25 2014-02-03 13:10:44

Re: Cracking Mifare Classic 1K

#26 2014-02-03 15:42:34

Re: Cracking Mifare Classic 1K

#27 2014-02-04 10:21:14

Re: Cracking Mifare Classic 1K

#28 2014-02-11 15:51:35

Re: Cracking Mifare Classic 1K

#29 2014-02-11 19:51:56

Re: Cracking Mifare Classic 1K

#30 2014-02-12 13:46:00

Re: Cracking Mifare Classic 1K

#31 2014-02-12 14:30:50

Re: Cracking Mifare Classic 1K

#32 2014-02-12 19:33:06

Re: Cracking Mifare Classic 1K

#33 2014-06-03 14:17:42

Re: Cracking Mifare Classic 1K

#34 2014-06-03 15:21:19

Re: Cracking Mifare Classic 1K

#35 2014-06-03 19:50:56

Re: Cracking Mifare Classic 1K

#36 2014-06-03 20:50:20

Re: Cracking Mifare Classic 1K

#37 2014-06-03 21:32:51

Re: Cracking Mifare Classic 1K

#38 2014-06-03 21:53:59

Re: Cracking Mifare Classic 1K

#39 2014-06-03 21:56:25

Re: Cracking Mifare Classic 1K