Using PM3 read apple pay

bigboyq · 2016-02-22 03:54:58

 UID : 08 eb 84 xx
ATQA : 00 04
 SAK : 20 [1]
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41
 ATS : 05 78 80 70 02 a5 46
       -  TL : length is 5 bytes
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)
       - TA1 : different divisors are NOT supported, DR: [], DS: []
       - TB1 : SFGI = 0 (SFGT = (not needed) 0/fc), FWI = 7 (FWT = 524288/fc)
       - TC1 : NAD is NOT supported, CID is supported
Answers to chinese magic backdoor commands: NO
proxmark3> hf 14a read
 UID : 08 4f cb xx
ATQA : 00 04
 SAK : 20 [1]
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41
 ATS : 05 78 80 70 02 a5 46
       -  TL : length is 5 bytes
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)
       - TA1 : different divisors are NOT supported, DR: [], DS: []
       - TB1 : SFGI = 0 (SFGT = (not needed) 0/fc), FWI = 7 (FWT = 524288/fc)
       - TC1 : NAD is NOT supported, CID is supported
Answers to chinese magic backdoor commands: NO

For security reason, I have eliminated last two UID bits
It seems that, apple pay simulate uids randomly, and the uid begins with 08

So my question is, is it possible that, we can control the uid generation, so our apple pay could be any kind of mifare card, it is useful for many purpose, we could migrate our M1 cards into apple

iceman · 2016-02-22 07:59:06

You'll need to figure out the uid-gen algo. Collect as many uid you can then start compairing and looking at them.

marshmellow · 2016-02-22 13:39:47

Wait, apple pay makes an iPhone emulate a desfire card? Interesting. if someone was able to jailbreak their iPhone could they write an app to emulate anything? I believe that is the question.

Last edited by marshmellow (2016-02-22 13:40:33)

iceman · 2016-02-22 14:31:12

@OP you can use my fork and run "hf mfdes info" against it.

You can atleast emulate Mifare Classic / desfire tags and apple pay must support crypto1, des, 3des, aes support.. cool.

All of a sudden I want to jailbreak... or at least try coding an app...

bigboyq · 2016-02-24 07:22:55

I think we have too much forks now ......
As I have seen mfdes fork.... EMV fork ...... hardnested fork......
Why not merge together as an experiment fork?
@iceman

iceman · 2016-02-24 08:31:38

this is beside the thread, but my fork has des and hardnested and not long ago I've started to merge the emv..

The best thing would be if some forks got merged into pm3-master. Its the main reason why I started my fork, with all kinds of stuff, that never got into pm3. The stuff in my fork usually gets in to pm3 master after some months. Thats voluntary open source development in a nutshell. It is a different discussion.

Back to apple pay instead. Which modell supports it? iphone 6?

bigboyq · 2016-02-24 08:39:35

yup, I am using ip6 plus
firstly, you should add bank card into your wallet
then, you should active the apple pay mod,
lastly, you should put your mobile near the pm3 board.(The most effective position I found is iphone's camera over the hf antenna)
btw, let me know your fork, thanks

iceman · 2016-02-24 09:16:52

My fork works, it usually do. However the emv merging is on hold. No time for it.

Proxmark3 community

Announcement

#1 2016-02-22 03:54:58

Using PM3 read apple pay

#2 2016-02-22 07:59:06

Re: Using PM3 read apple pay

#3 2016-02-22 13:39:47

Re: Using PM3 read apple pay

#4 2016-02-22 14:31:12

Re: Using PM3 read apple pay

#5 2016-02-24 07:22:55

Re: Using PM3 read apple pay

#6 2016-02-24 08:31:38

Re: Using PM3 read apple pay

#7 2016-02-24 08:39:35

Re: Using PM3 read apple pay

#8 2016-02-24 09:16:52

Re: Using PM3 read apple pay

Board footer