Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2016-03-07 12:03:55

yttrium
Contributor
Registered: 2016-03-07
Posts: 13

Something very strange

Hi,
First, sorry for my bad english because I'm french.
I made a clone of an NFC mifare Cmlaissk 1K tag that I use to open my garage door.
I clone it (including the UID) on a "magic" changeable UID Mifare tag.
Everything worked fine during more than 2 years.
This morning the original tag works perfectly, but the cloned one does'nt work anymore.
I've tried with other clone tags that worked great before, same thing...
Do you have an idea regarding why, from one day, to the other, after  more than 2years working fine, thoses tags are not recognized ?
Thanks a lot for your help.
Kinds Regards

Offline

#2 2016-03-07 13:05:59

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Something very strange

Have you tried with another magic tag? 
Maybe your tag got corrupted and you just need to make a new clone.

Or maybe the garage door system has been updated?

Offline

#3 2016-03-07 13:50:09

yttrium
Contributor
Registered: 2016-03-07
Posts: 13

Re: Something very strange

Hi, yes, I've tried with 2 other magic tags
I think too that the systme has been updated.
But whats should have been changed  ?
How  my tag could me made uncompatible with the new system ?

I've copied thaq UID and the content, what else can be detected by the new system as uncorrect ?

Offline

#4 2016-03-07 14:14:43

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Something very strange

the keys maybe...

Offline

#5 2016-03-07 16:20:51

mosci
Contributor
Registered: 2016-01-09
Posts: 94
Website

Re: Something very strange

or a simple check for the backdoor-cmd / halt cmd

Offline

#6 2016-03-07 16:23:21

mosci
Contributor
Registered: 2016-01-09
Posts: 94
Website

Re: Something very strange

some reader seems try to identify magic-cards ... there are not many possibilities to do so
but I have a friend - his gen1 magic works on two of three readers in his club  - the gen2 works on all three

Offline

#7 2016-03-07 16:52:23

yttrium
Contributor
Registered: 2016-03-07
Posts: 13

Re: Something very strange

iceman wrote:

the keys maybe...

Key can be updated on the reader only ?
My original tag works great, keys can have been updated on it by the reader ?

Offline

#8 2016-03-07 17:51:06

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Something very strange

why dont you examine it?

Offline

#9 2016-03-07 18:28:10

yttrium
Contributor
Registered: 2016-03-07
Posts: 13

Re: Something very strange

iceman wrote:

why dont you examine it?

Just done...
Keys are the same..
Any other explanation ?

Thanks for your help.
I'me really embarassed with this, can't explain this curious situation...

Offline

#10 2016-03-07 18:38:57

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Something very strange

have you compared tag data?  Dump both cards and use a diff program,

Offline

#11 2016-03-07 18:53:49

yttrium
Contributor
Registered: 2016-03-07
Posts: 13

Re: Something very strange

iceman wrote:

have you compared tag data?  Dump both cards and use a diff program,

Not yet, going to do this.

But my question is : does my original card could have benn updated by the reader with new datas ?

Thanks

Offline

#12 2016-03-07 18:57:18

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Something very strange

yes, if the reader is connected to a backend system or if someone walked by and upgraded it on the spot.
Since you haven't revealed very much its a guessing game right now.

Offline

#13 2016-03-08 04:11:46

polynom
Contributor
Registered: 2016-01-15
Posts: 23

Re: Something very strange

New software management? with antipassback function

Offline

#14 2016-03-08 09:27:26

yttrium
Contributor
Registered: 2016-03-07
Posts: 13

Re: Something very strange

polynom wrote:

New software management? with antipassback function

No, anti-passback doesn't seem to be activated, with the original badge, I can enter or exit many times without any restrictions

Offline

#15 2016-03-08 09:44:55

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Something very strange

Why not make a dump of your working tag and your clone,   maybe the community can help you looking at it?

Offline

#16 2016-03-25 08:26:19

yttrium
Contributor
Registered: 2016-03-07
Posts: 13

Re: Something very strange

Hi,

It's me again.
After many tries, can't make it work...

Here are the two dump of original and cloned cards.
For me, everything is exactly the same, but the cloned card doesn't work anymore..

Just a thing, I use this modified nfc-mfsetuid to change the all block 0 datas (https://github.com/nfc-tools/libnfc/issues/282) and it'swritten :
"thus making them non-selectable by most tools/readers"
Could it be that ?

I'm completely desperate..

Thanks a lot for your help

Original card :

0000000 e2d0 a5fd 886a 0004 02c2 0000 0000 1300
0000010 0000 0000 0000 0000 0000 0000 0000 0000
0000020 0000 0000 0000 0000 0000 0000 0009 0000
0000030 4548 4158 5443 e771 0088 2aa2 29e1 13c0
0000040 0000 0000 0000 0000 0000 0000 0000 0000
*
0000070 4548 4158 5443 f770 0088 fa49 e3e4 9f84
0000080 0000 0000 0000 0000 0000 0000 0000 0000
*
00000b0 4548 4158 5443 f770 0088 fc38 30f3 e072
00000c0 0000 0000 0000 0000 0000 0000 0000 0000
*
00000f0 4548 4158 5443 f770 0088 d58a 7b51 184b
0000100 0000 0000 0000 0000 0000 0000 0000 0000
*
0000130 4548 4158 5443 f770 0088 9350 f159 b131
0000140 0000 0000 0000 0000 0000 0000 0000 0000
*
0000170 4548 4158 5443 7778 0088 786c 8e92 1713
0000180 0000 0000 0000 0000 0000 0000 0000 0000
*
00001b0 4548 4158 5443 7778 0088 07aa 0120 3887
00001c0 0000 0000 0000 0000 0000 0000 0000 0000
*
00001f0 4548 4158 5443 7778 0088 caa6 88c2 1264
0000200 0000 0000 0000 0000 0000 0000 0000 0000
*
0000230 4548 4158 5443 7778 0088 d062 24c4 8eed
0000240 5551 cf10 6897 1430 30a6 34a3 95b9 2f22
0000250 499a 0568 5849 60b0 342a 24ab 14a2 5229
0000260 45c6 3570 9829 510b 38a2 14b3 d4c2 4e31
0000270 4548 4158 5443 7778 0088 4ae6 6a98 945d
0000280 0000 0000 0000 0000 0000 0000 0000 0000
*
00002b0 4548 4158 5443 7778 0088 a18f 01d6 a2d0
00002c0 0000 0000 0000 0000 0000 0000 0000 0000
*
00002f0 4548 4158 5443 7778 0088 3489 5073 36bd
0000300 0000 0000 0000 0000 0000 0000 0000 0000
*
0000330 4548 4158 5443 7778 0088 d266 dcb7 ef39
0000340 0000 0000 0000 0000 0000 0000 0000 0000
*
0000370 4548 4158 5443 7778 0088 c16b aee1 7d54
0000380 0000 0000 0000 0000 0000 0000 0000 0000
*
00003b0 4548 4158 5443 7778 0088 7222 9b9a 0fd4
00003c0 4568 6178 7463 2d20 4320 474f 4c45 4345
00003d0 6564 6f70 2074 656c 6167 206c 4e49 4950
00003e0 3550 043a 4e49 5254 5441 4e4f 2045 2020
00003f0 4548 4158 5443 8707 008f 4548 4158 5443
0000400 0000 0000 0000 0000 0000 0000 0000 0000
*
0001000





Cloned card :

0000000 e2d0 a5fd 886a 0004 02c2 0000 0000 1300
0000010 0000 0000 0000 0000 0000 0000 0000 0000
0000020 0000 0000 0000 0000 0000 0000 0009 0000
0000030 4548 4158 5443 e771 0088 2aa2 29e1 13c0
0000040 0000 0000 0000 0000 0000 0000 0000 0000
*
0000070 4548 4158 5443 f770 0088 fa49 e3e4 9f84
0000080 0000 0000 0000 0000 0000 0000 0000 0000
*
00000b0 4548 4158 5443 f770 0088 fc38 30f3 e072
00000c0 0000 0000 0000 0000 0000 0000 0000 0000
*
00000f0 4548 4158 5443 f770 0088 d58a 7b51 184b
0000100 0000 0000 0000 0000 0000 0000 0000 0000
*
0000130 4548 4158 5443 f770 0088 9350 f159 b131
0000140 0000 0000 0000 0000 0000 0000 0000 0000
*
0000170 4548 4158 5443 7778 0088 786c 8e92 1713
0000180 0000 0000 0000 0000 0000 0000 0000 0000
*
00001b0 4548 4158 5443 7778 0088 07aa 0120 3887
00001c0 0000 0000 0000 0000 0000 0000 0000 0000
*
00001f0 4548 4158 5443 7778 0088 caa6 88c2 1264
0000200 0000 0000 0000 0000 0000 0000 0000 0000
*
0000230 4548 4158 5443 7778 0088 d062 24c4 8eed
0000240 5551 cf10 6897 1430 30a6 34a3 95b9 2f22
0000250 499a 0568 5849 60b0 342a 24ab 14a2 5229
0000260 45c6 3570 9829 510b 38a2 14b3 d4c2 4e31
0000270 4548 4158 5443 7778 0088 4ae6 6a98 945d
0000280 0000 0000 0000 0000 0000 0000 0000 0000
*
00002b0 4548 4158 5443 7778 0088 a18f 01d6 a2d0
00002c0 0000 0000 0000 0000 0000 0000 0000 0000
*
00002f0 4548 4158 5443 7778 0088 3489 5073 36bd
0000300 0000 0000 0000 0000 0000 0000 0000 0000
*
0000330 4548 4158 5443 7778 0088 d266 dcb7 ef39
0000340 0000 0000 0000 0000 0000 0000 0000 0000
*
0000370 4548 4158 5443 7778 0088 c16b aee1 7d54
0000380 0000 0000 0000 0000 0000 0000 0000 0000
*
00003b0 4548 4158 5443 7778 0088 7222 9b9a 0fd4
00003c0 4568 6178 7463 2d20 4320 474f 4c45 4345
00003d0 6564 6f70 2074 656c 6167 206c 4e49 4950
00003e0 3550 043a 4e49 5254 5441 4e4f 2045 2020
00003f0 4548 4158 5443 8707 008f 4548 4158 5443
0000400 0000 0000 0000 0000 0000 0000 0000 0000
*
0001000

Offline

#17 2016-03-25 09:59:18

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Something very strange

hm..  can you sniff the traffic between reader and the original card?  it looks like there is something else going on.
the two dumps are the same, from what I can tell.   

Just to eliminate a bad clone card, have you tried another one?

Offline

#18 2016-03-25 10:38:03

yttrium
Contributor
Registered: 2016-03-07
Posts: 13

Re: Something very strange

iceman wrote:

hm..  can you sniff the traffic between reader and the original card?  it looks like there is something else going on.
the two dumps are the same, from what I can tell.   

Just to eliminate a bad clone card, have you tried another one?


Yes, I've tried with 2 other cards.

Thoses 3 cards  have been working perfectly and doesn't working anymore since the same day, few weeks ago.

how to simply sniff the traffic between card and reader ?

Thanks for your help

Offline

#19 2016-03-25 10:57:06

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Something very strange

You use your proxmark3 to sniff the traffic.  Since you are posting in a proxmark3 forum, I'm assuming you have one.  If not, is gonna be harder for you.

Offline

#20 2016-03-25 10:57:55

yttrium
Contributor
Registered: 2016-03-07
Posts: 13

Re: Something very strange

iceman wrote:

You use your proxmark3 to sniff the traffic.  Since you are posting in a proxmark3 forum, I'm assuming you have one.  If not, is gonna be harder for you.


Don't have....

Offline

#21 2016-03-25 13:14:21

yttrium
Contributor
Registered: 2016-03-07
Posts: 13

Re: Something very strange

iceman wrote:

You use your proxmark3 to sniff the traffic.  Since you are posting in a proxmark3 forum, I'm assuming you have one.  If not, is gonna be harder for you.


What could it be else than the content and ID of the card ?
Don't forget everything worked fine few weks ago on my both 3 cards, and stop working one day

Offline

#22 2016-03-31 13:05:51

frautine1
Member
Registered: 2016-03-31
Posts: 2

Re: Something very strange

Salut yttrium
D'apres le dump de ta carte, c'est une carte HEXACT.
Ils ont mis a jour leurs platines il y a quelques semaines pour bloquer les badges chinoises.
Ils ont fait une pub citant que ca soit une mesure pour empecher le 'piratage des badges'

For the english speakers (sorry my english is not perfect neither)
This brand of card manufacturer updates their systeme some weeks ago, to block chinese magic cards.

Offline

#23 2016-03-31 13:07:08

yttrium
Contributor
Registered: 2016-03-07
Posts: 13

Re: Something very strange

frautine1 wrote:

Salut yttrium
D'apres le dump de ta carte, c'est une carte HEXACT.
Ils ont mis a jour leurs platines il y a quelques semaines pour bloquer les badges chinoises.
Ils ont fait une pub citant que ca soit une mesure pour empecher le 'piratage des badges'

For the english speakers (sorry my english is not perfect neither)
This brand of card manufacturer updates their systeme some weeks ago, to block chinese magic cards.


OK, merci beaucoup pour cette info.
Aucun moyen de contourner donc...?

Et comment peuvent-ils la détecter si le con,tenu et l'ID sont identiques à la carte d'origine ?

Last edited by yttrium (2016-03-31 13:08:25)

Offline

#24 2016-03-31 13:12:16

frautine1
Member
Registered: 2016-03-31
Posts: 2

Re: Something very strange

yttrium wrote:
frautine1 wrote:

Salut yttrium
D'apres le dump de ta carte, c'est une carte HEXACT.
Ils ont mis a jour leurs platines il y a quelques semaines pour bloquer les badges chinoises.
Ils ont fait une pub citant que ca soit une mesure pour empecher le 'piratage des badges'

For the english speakers (sorry my english is not perfect neither)
This brand of card manufacturer updates their systeme some weeks ago, to block chinese magic cards.


OK, merci beaucoup pour cette info.
Aucun moyen de contourner donc...?

Et comment peuvent-ils la détecter si le con,tenu et l'ID sont identiques à la carte d'origine ?

Ils cherchent le tram de déverrouillage sur les cartes chinoises. Si la carte repond au tram, c'est bloqué.
Il faut trouver donc une carte magique qui ne repond pas au trams magiques.. assez difficile je penses...

Offline

#25 2016-03-31 13:15:54

yttrium
Contributor
Registered: 2016-03-07
Posts: 13

Re: Something very strange

frautine1 wrote:
yttrium wrote:
frautine1 wrote:

Salut yttrium
D'apres le dump de ta carte, c'est une carte HEXACT.
Ils ont mis a jour leurs platines il y a quelques semaines pour bloquer les badges chinoises.
Ils ont fait une pub citant que ca soit une mesure pour empecher le 'piratage des badges'

For the english speakers (sorry my english is not perfect neither)
This brand of card manufacturer updates their systeme some weeks ago, to block chinese magic cards.


OK, merci beaucoup pour cette info.
Aucun moyen de contourner donc...?

Et comment peuvent-ils la détecter si le con,tenu et l'ID sont identiques à la carte d'origine ?

Ils cherchent le tram de déverrouillage sur les cartes chinoises. Si la carte repond au tram, c'est bloqué.
Il faut trouver donc une carte magique qui ne repond pas au trams magiques.. assez difficile je penses...

Ok, merci pour ces précieuses infos...
Fuck...

Offline

#26 2016-03-31 13:54:17

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Something very strange

There has been talks about developing a magic generation 3 tag..   but its a bunch of money needed for MOQ

Offline

#27 2016-03-31 13:55:25

kwx
Contributor
Registered: 2013-11-26
Posts: 46

Re: Something very strange

iceman wrote:

There has been talks about developing a magic generation 3 tag..   but its a bunch of money needed for MOQ

In the meantime, I am thinking that a Chameleon Mini might be able to do the trick?

Offline

#28 2016-04-02 01:00:37

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Something very strange

Im curious, how are the chameleon mini going to do the trick?  if you don't mind, would you care to explain in details?

Offline

#29 2016-04-02 19:57:29

kwx
Contributor
Registered: 2013-11-26
Posts: 46

Re: Something very strange

If the system is actually blocking tags that respond to the magic commands, then I would assume the Chameleon Mini would work, as they emulate the Mifare Classic, without emulating the magic commands?

Offline

#30 2016-04-03 18:26:31

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Something very strange

Since OP doesn't seem to have a device to work with,  neither PM3 nor Chameleon this thread becomes teoretical.

Offline

#31 2016-05-11 15:04:40

yttrium
Contributor
Registered: 2016-03-07
Posts: 13

Re: Something very strange

frautine1 wrote:
yttrium wrote:
frautine1 wrote:

Salut yttrium
D'apres le dump de ta carte, c'est une carte HEXACT.
Ils ont mis a jour leurs platines il y a quelques semaines pour bloquer les badges chinoises.
Ils ont fait une pub citant que ca soit une mesure pour empecher le 'piratage des badges'

For the english speakers (sorry my english is not perfect neither)
This brand of card manufacturer updates their systeme some weeks ago, to block chinese magic cards.


OK, merci beaucoup pour cette info.
Aucun moyen de contourner donc...?

Et comment peuvent-ils la détecter si le con,tenu et l'ID sont identiques à la carte d'origine ?

Ils cherchent le tram de déverrouillage sur les cartes chinoises. Si la carte repond au tram, c'est bloqué.
Il faut trouver donc une carte magique qui ne repond pas au trams magiques.. assez difficile je penses...


Quand tu dit assez difficile, ça veut dire impossible et je dois définitivement oublier l'idée de chercher et d'accéder à mon garage ou bien j'ai quand même une chance ?

Offline

#32 2017-11-29 16:53:44

slmann101
Contributor
Registered: 2017-03-30
Posts: 33

Re: Something very strange

Copy the card to a gen two tag or fuid one time write tag so the reader doesn't detect its backdoor. I recommend

https://lab401.com/collections/tags/products/undetectable-mifare-1k-one-time-write-uid

Last edited by slmann101 (2017-11-29 16:54:06)

Offline

#33 2017-11-29 17:15:51

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Something very strange

Is it vigik system?

Offline

#34 2017-11-29 18:42:27

kevin2008
Contributor
Registered: 2017-10-01
Posts: 12

Re: Something very strange

Bonjour, il éxiste des badges que ne répondent pas au magique.

Et certains badges badges répondent au SAK 08 alors que l'original retourne 88.

Si tu modifie le SAK dans le bloc 0, le badge magique retourne toujours 08.

Hello, there are badges that do not respond to magic.

And some badge badges respond to the SAK 08 while the original returns 88.

If you change the SAK in block 0, the magic badge always returns 08.

Offline

#35 2017-11-29 18:43:35

kevin2008
Contributor
Registered: 2017-10-01
Posts: 12

Re: Something very strange

iceman wrote:

Is it vigik system?

yes, i have same problem

Offline

#36 2017-11-29 19:03:05

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Something very strange

Its because of the anti-cloning features in the Vigik system.

You need to follow @slmann101 earlier post where you get a FUID (write-once uid card) or Gen2 to get by.
Vigik reader will detect a Gen1A.

Offline

#37 2017-11-29 22:57:16

kevin2008
Contributor
Registered: 2017-10-01
Posts: 12

Re: Something very strange

iceman wrote:

Its because of the anti-cloning features in the Vigik system.

You need to follow @slmann101 earlier post where you get a FUID (write-once uid card) or Gen2 to get by.
Vigik reader will detect a Gen1A.


LOl !! challenge vigik hmm

Last edited by kevin2008 (2017-11-30 07:15:45)

Offline

#38 2017-11-29 23:16:21

kevin2008
Contributor
Registered: 2017-10-01
Posts: 12

Re: Something very strange

iceman wrote:

Its because of the anti-cloning features in the Vigik system.

You need to follow @slmann101 earlier post where you get a FUID (write-once uid card) or Gen2 to get by.
Vigik reader will detect a Gen1A.

FUID  i preffer beer... Tchin...

Offline

Board footer

Powered by FluxBB