Make a 1k chinese card appear as 4k

raptor · 2016-12-11 22:32:56

I'm trying to make a Chinese 1k card appear as a mifare 4k. I don't care about the data between the 1-4k area which the 1k card does not posses.
I read in the mifare specs that it is the SAK that identifies the card and it is written in block 0 so it sounds like i could just write it but it's just not working for me. The SAK in the magic card is just after BCC and below i wrote it as 18=mifare classic 4k but it keeps appearing as 1k.
Any clues?

#db# READ BLOCK FINISHED
isOk:01 data:bb 62 b8 ec 8d 18 02 00 b4 ba 54 98 c1 50 28 14
proxmark3> hf search

UID : bb 62 b8 ec
ATQA : 00 02
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
Answers to chinese magic backdoor commands: YES

Valid ISO14443A Tag Found - Quiting Search

iceman · 2016-12-12 11:09:43

try

ATQA = 00 44
SAK = 08

raptor · 2016-12-13 23:02:38

It doesn't work. It completely ignores any SAK i try, it will always output as i wrote above.
I tried all kinds of SAK's. I can change the ATQA however.

iceman · 2016-12-14 06:52:35

Strange magic card that ignores SAK.
How do you change the UID/ATQA/SAK ?

raptor · 2016-12-14 09:30:57

I totally agree, the UID and ATQA is changed but not the SAK. All is done in block 0. It doesn't matter what i write in the SAK position, it keeps reporting 08. I read block 0, confirm that let's say it is 09, but it keeps reporting as 08.

Have you tried it yourself iceman? Does it work for you?

iceman · 2016-12-14 12:43:50

Not a problem on a magic tag for me.

ref: http://pastebin.com/5imVzRzg

717 · 2016-12-14 12:47:59

@raptor: Do you have untouched "magic cards"? What is the original ATQA/SAK value?

raptor · 2016-12-29 08:11:47

Well, obviously magic cards with unchangeable ATQA and SAK are very common, like these i bought

https://www.aliexpress.com/item/New-Version-UID-Changeable-NFC-MF-S50-1K-Card-Support-Andriod-APP-MifareClassicTool-MCT-NFC-Phone/32627097079.html?spm=2114.13010608.0.0.dRMlfF

In the description:
Before making a example , let me have explain what is UID of MF S50.
UID is byte0-byte3
byte4 = byte0 ^ byte1 ^ byte2 ^ byte3
byte5 must be 08
byte6 must be 04
byte7 must be 00, byte5-byte7 is nfc card type cannot be changed.
byte8-byte15 is manufacturer data.

Anyone has a link with magic cards with changeable SAK and ATQA? Even, better, Mifare classic stickers that can do so

iceman · 2016-12-29 10:30:15

I doubt that byte5-7 must be pre-set. A magic generation2 tag can become unresponsive if you set the wrong sak/atqa values and I'm guessing this is why the seller says you shouldn't change it. Doesn't mean you can't.

raptor · 2016-12-30 13:12:50

I thought the same, but i can't get it working. I haven't tried again after last post though but i will try again.

iceman · 2016-12-30 13:41:13

try writing this one, it should change yr tag to a 4k tag, well you need to change key.

hf mf wrbl 0 a ffffffffffff  01020304040844000000000000000000

Proxmark3 community

Announcement

#1 2016-12-11 22:32:56

Make a 1k chinese card appear as 4k

#2 2016-12-12 11:09:43

Re: Make a 1k chinese card appear as 4k

#3 2016-12-13 23:02:38

Re: Make a 1k chinese card appear as 4k

#4 2016-12-14 06:52:35

Re: Make a 1k chinese card appear as 4k

#5 2016-12-14 09:30:57

Re: Make a 1k chinese card appear as 4k

#6 2016-12-14 12:43:50

Re: Make a 1k chinese card appear as 4k

#7 2016-12-14 12:47:59

Re: Make a 1k chinese card appear as 4k

#8 2016-12-29 08:11:47

Re: Make a 1k chinese card appear as 4k

#9 2016-12-29 10:30:15

Re: Make a 1k chinese card appear as 4k

#10 2016-12-30 13:12:50

Re: Make a 1k chinese card appear as 4k

#11 2016-12-30 13:41:13

Re: Make a 1k chinese card appear as 4k

Board footer