Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Hi Guys,
It's is the first time I met such a weird situation.
executing 'hf 14a read' command, what I got is
ATQA : 04 00
UID : ba 2e 3e 44
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443a-4 card found, RATS not supported
looks like a normal MC1K.
Next step is to try if any block encrypted with default key, well
Found valid key:[ffffffffffff]
Next step run nested attack
I got
-----------------------------------------------
uid:ba2e3e44 len=2 trgbl=60 trgkey=0
Found valid key:7304b9facf5e
-----------------------------------------------
uid:ba2e3e44 len=2 trgbl=60 trgkey=1
Found valid key:4a42e2f5c54e
-----------------------------------------------
Iterations count: 2
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| ffffffffffff | 1 | ffffffffffff | 1 |
|001| ffffffffffff | 1 | ffffffffffff | 1 |
|002| ffffffffffff | 1 | ffffffffffff | 1 |
|003| ffffffffffff | 1 | ffffffffffff | 1 |
|004| ffffffffffff | 1 | ffffffffffff | 1 |
|005| ffffffffffff | 1 | ffffffffffff | 1 |
|006| ffffffffffff | 1 | ffffffffffff | 1 |
|007| ffffffffffff | 1 | ffffffffffff | 1 |
|008| ffffffffffff | 1 | ffffffffffff | 1 |
|009| ffffffffffff | 1 | ffffffffffff | 1 |
|010| ffffffffffff | 1 | ffffffffffff | 1 |
|011| ffffffffffff | 1 | ffffffffffff | 1 |
|012| ffffffffffff | 1 | ffffffffffff | 1 |
|013| ffffffffffff | 1 | ffffffffffff | 1 |
|014| ffffffffffff | 1 | ffffffffffff | 1 |
|015| 7304b9facf5e | 1 | 4a42e2f5c54e | 1 |
|---|----------------|---|----------------|---|
uid(ba2e3e44) nt(6f522ade) par(29412139e119f931) ks(030f0f0e07070c00) nr(2400000000)
We got all keys already, and "Dumped card data into 'dumpdata.bin' "
thereafter, I converted the bin to eml and loaded it to emulate the card
guess what, I put HF antenna to the reader, nothing happened, not even a blink from indicator.
I thought there might be something wrong with the emulating process.
So I wrote the dumped file to an UID changeable card. It's still not working, the same response which is no response.
Normally, if we can get the keys of a MC1K, we can dump all data onto an UID changeable card that will function exactly as the original card.
But in this case, it doesn't work.
I'm really curious how could this happen? Apparently, we got all data dumped successfully, why the cloned one won't be accepted by the reader?
I have compared the dumpdate with the cloned card, exactly the same. I tried several UID cards, none of them works.
Could any one give me some clues?
Appreciate!
Offline
Maybe the reader check for special chinese commands to be accepted by the card ? (very difficult to believe but this can be possible if the cards are exactly the same). Did you try a changeable uid card that needs special commands or the new ones ?
Offline
Can you sniff communication between genuine reader and card and with cloned one and post it?
Offline