Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hi I stumbled upon a card which looks like a Mifare Classic, but withstands the typical attacks implented in mfoc or in proxmark3 (mifare_autopwn).
proxmark3> hf 14a reader
ATQA : 44 00
UID : 04 a9 93 72 cf 2b 80
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443a-4 card found, RATS not supported
The card can be read by typical android apps as the first 5 sectors are non-encrypted (FFFFFFFFFF).
Anybody knows what type of card this is?
Thanks
Michael
Offline
Its probably a Mifare Plus.
see http://www.proxmark.org/forum/viewtopic.php?id=1202 why hf mf mifare and hf mf nested doesn't work with these cards.
Distinguishing Mifare Classic and Mifare Plus in SL1 (Security Level 1 - Mifare Classic Compatibility Mode) seems to become a common topic. Give me a day or two to modify hf 14a reader ...
Offline
Thanks piwi.
Yeah, it sounds like a plus card then. That means it is pretty secure, then.
Would really be good to be able to identify such cards easily.
Offline
committed new version to github master.
Can you please try hf 14a reader again and post the results?
Offline
Hi piwi
Just pulled the latest rev (c7324bef2894b8515a71f28cc948fa6bea9ccbaf), compiled and flashed. Result is, however, pretty similar:
proxmark3> hw version
#db# Prox/RFID mark3 RFID instrument
#db# bootrom: master/v1.0.0-27-g6c0f60c-suspect 2014-06-29 09:33:14
#db# os: master/v1.0.0-32-gc7324be-suspect 2014-07-02 05:59:34
#db# HF FPGA image built on 2014/ 6/19 at 21:26: 2
proxmark3> hf 14a reader
ATQA : 00 44
UID : 04 a9 93 72 cf 2b 80
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported I don't have any confirmed Plus cards here (only the suspected one), so can't do a positive check to see if it is working.
If you want me to test other patches to find out what type of card this is, you can also just post them here. (No need to commit test patches to git :-) ).
Thanks a lot
Michael
Offline
Hmm, I did a bit of reading about RATS and found a link on libnfc.org that allows to force using RATS with nfc-anticol -f. Interestingly, the result is the same, meaning also libnfc cannot get the ATS.
I then found an old Desfire I had and tested it with nfc-anticol and piwis commits for proxmark3:
proxmark3> hf 14a reader
ATQA : 03 44
UID : 04 61 49 f2 54 1f 80
SAK : 20 [1]
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41
SAK incorrectly claims that card doesn't support RATS
ATS : 06 75 77 81 02 80 02 f0
- TL : length is 6 bytes
- T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 5
- TA1 : different divisors are supported, DR: [2, 4, 8], DS: [2, 4, 8]
- TB1 : SFGI = 0, FWI = 8
- TC1 : NAD is NOT supported, CID is supported
- HB : 80 So, piwis code seems to work. Which would imply that my uncrackable Mifare card is NOT a plus card, but something else. Hmmm....
Offline
So we can rule out Mifare plus. Which leaves Mifare Classic NG as most probable possibility.
Offline
Never heard of Mifare Classic NG. Is that a normal Mifare Classic with fixed RND generator and 7 bit UID? Or anything other special?
Is it a completely secure card or are working attacks known?
Offline
Well, its really hardly mentioned (it is in AN10927, referring to MF1SyyyyX chips). In contrast to the old ones (without the X) , these can have 7Bytes UIDs. I couldn't find documentation on the RNG being fixed. This can be assumed because they came to market after the Mifare hack.
Offline
Pages: 1