Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hi,
First, sorry for my bad english because I'm french.
I made a clone of an NFC mifare Cmlaissk 1K tag that I use to open my garage door.
I clone it (including the UID) on a "magic" changeable UID Mifare tag.
Everything worked fine during more than 2 years.
This morning the original tag works perfectly, but the cloned one does'nt work anymore.
I've tried with other clone tags that worked great before, same thing...
Do you have an idea regarding why, from one day, to the other, after more than 2years working fine, thoses tags are not recognized ?
Thanks a lot for your help.
Kinds Regards
Offline
Have you tried with another magic tag?
Maybe your tag got corrupted and you just need to make a new clone.
Or maybe the garage door system has been updated?
Offline
Hi, yes, I've tried with 2 other magic tags
I think too that the systme has been updated.
But whats should have been changed ?
How my tag could me made uncompatible with the new system ?
I've copied thaq UID and the content, what else can be detected by the new system as uncorrect ?
Offline
the keys maybe...
Offline
or a simple check for the backdoor-cmd / halt cmd
Offline
some reader seems try to identify magic-cards ... there are not many possibilities to do so
but I have a friend - his gen1 magic works on two of three readers in his club - the gen2 works on all three
Offline
the keys maybe...
Key can be updated on the reader only ?
My original tag works great, keys can have been updated on it by the reader ?
Offline
why dont you examine it?
Offline
why dont you examine it?
Just done...
Keys are the same..
Any other explanation ?
Thanks for your help.
I'me really embarassed with this, can't explain this curious situation...
Offline
have you compared tag data? Dump both cards and use a diff program,
Offline
have you compared tag data? Dump both cards and use a diff program,
Not yet, going to do this.
But my question is : does my original card could have benn updated by the reader with new datas ?
Thanks
Offline
yes, if the reader is connected to a backend system or if someone walked by and upgraded it on the spot.
Since you haven't revealed very much its a guessing game right now.
Offline
New software management? with antipassback function
Offline
New software management? with antipassback function
No, anti-passback doesn't seem to be activated, with the original badge, I can enter or exit many times without any restrictions
Offline
Why not make a dump of your working tag and your clone, maybe the community can help you looking at it?
Offline
Hi,
It's me again.
After many tries, can't make it work...
Here are the two dump of original and cloned cards.
For me, everything is exactly the same, but the cloned card doesn't work anymore..
Just a thing, I use this modified nfc-mfsetuid to change the all block 0 datas (https://github.com/nfc-tools/libnfc/issues/282) and it'swritten :
"thus making them non-selectable by most tools/readers"
Could it be that ?
I'm completely desperate..
Thanks a lot for your help
Original card :
0000000 e2d0 a5fd 886a 0004 02c2 0000 0000 1300
0000010 0000 0000 0000 0000 0000 0000 0000 0000
0000020 0000 0000 0000 0000 0000 0000 0009 0000
0000030 4548 4158 5443 e771 0088 2aa2 29e1 13c0
0000040 0000 0000 0000 0000 0000 0000 0000 0000
*
0000070 4548 4158 5443 f770 0088 fa49 e3e4 9f84
0000080 0000 0000 0000 0000 0000 0000 0000 0000
*
00000b0 4548 4158 5443 f770 0088 fc38 30f3 e072
00000c0 0000 0000 0000 0000 0000 0000 0000 0000
*
00000f0 4548 4158 5443 f770 0088 d58a 7b51 184b
0000100 0000 0000 0000 0000 0000 0000 0000 0000
*
0000130 4548 4158 5443 f770 0088 9350 f159 b131
0000140 0000 0000 0000 0000 0000 0000 0000 0000
*
0000170 4548 4158 5443 7778 0088 786c 8e92 1713
0000180 0000 0000 0000 0000 0000 0000 0000 0000
*
00001b0 4548 4158 5443 7778 0088 07aa 0120 3887
00001c0 0000 0000 0000 0000 0000 0000 0000 0000
*
00001f0 4548 4158 5443 7778 0088 caa6 88c2 1264
0000200 0000 0000 0000 0000 0000 0000 0000 0000
*
0000230 4548 4158 5443 7778 0088 d062 24c4 8eed
0000240 5551 cf10 6897 1430 30a6 34a3 95b9 2f22
0000250 499a 0568 5849 60b0 342a 24ab 14a2 5229
0000260 45c6 3570 9829 510b 38a2 14b3 d4c2 4e31
0000270 4548 4158 5443 7778 0088 4ae6 6a98 945d
0000280 0000 0000 0000 0000 0000 0000 0000 0000
*
00002b0 4548 4158 5443 7778 0088 a18f 01d6 a2d0
00002c0 0000 0000 0000 0000 0000 0000 0000 0000
*
00002f0 4548 4158 5443 7778 0088 3489 5073 36bd
0000300 0000 0000 0000 0000 0000 0000 0000 0000
*
0000330 4548 4158 5443 7778 0088 d266 dcb7 ef39
0000340 0000 0000 0000 0000 0000 0000 0000 0000
*
0000370 4548 4158 5443 7778 0088 c16b aee1 7d54
0000380 0000 0000 0000 0000 0000 0000 0000 0000
*
00003b0 4548 4158 5443 7778 0088 7222 9b9a 0fd4
00003c0 4568 6178 7463 2d20 4320 474f 4c45 4345
00003d0 6564 6f70 2074 656c 6167 206c 4e49 4950
00003e0 3550 043a 4e49 5254 5441 4e4f 2045 2020
00003f0 4548 4158 5443 8707 008f 4548 4158 5443
0000400 0000 0000 0000 0000 0000 0000 0000 0000
*
0001000
Cloned card :
0000000 e2d0 a5fd 886a 0004 02c2 0000 0000 1300
0000010 0000 0000 0000 0000 0000 0000 0000 0000
0000020 0000 0000 0000 0000 0000 0000 0009 0000
0000030 4548 4158 5443 e771 0088 2aa2 29e1 13c0
0000040 0000 0000 0000 0000 0000 0000 0000 0000
*
0000070 4548 4158 5443 f770 0088 fa49 e3e4 9f84
0000080 0000 0000 0000 0000 0000 0000 0000 0000
*
00000b0 4548 4158 5443 f770 0088 fc38 30f3 e072
00000c0 0000 0000 0000 0000 0000 0000 0000 0000
*
00000f0 4548 4158 5443 f770 0088 d58a 7b51 184b
0000100 0000 0000 0000 0000 0000 0000 0000 0000
*
0000130 4548 4158 5443 f770 0088 9350 f159 b131
0000140 0000 0000 0000 0000 0000 0000 0000 0000
*
0000170 4548 4158 5443 7778 0088 786c 8e92 1713
0000180 0000 0000 0000 0000 0000 0000 0000 0000
*
00001b0 4548 4158 5443 7778 0088 07aa 0120 3887
00001c0 0000 0000 0000 0000 0000 0000 0000 0000
*
00001f0 4548 4158 5443 7778 0088 caa6 88c2 1264
0000200 0000 0000 0000 0000 0000 0000 0000 0000
*
0000230 4548 4158 5443 7778 0088 d062 24c4 8eed
0000240 5551 cf10 6897 1430 30a6 34a3 95b9 2f22
0000250 499a 0568 5849 60b0 342a 24ab 14a2 5229
0000260 45c6 3570 9829 510b 38a2 14b3 d4c2 4e31
0000270 4548 4158 5443 7778 0088 4ae6 6a98 945d
0000280 0000 0000 0000 0000 0000 0000 0000 0000
*
00002b0 4548 4158 5443 7778 0088 a18f 01d6 a2d0
00002c0 0000 0000 0000 0000 0000 0000 0000 0000
*
00002f0 4548 4158 5443 7778 0088 3489 5073 36bd
0000300 0000 0000 0000 0000 0000 0000 0000 0000
*
0000330 4548 4158 5443 7778 0088 d266 dcb7 ef39
0000340 0000 0000 0000 0000 0000 0000 0000 0000
*
0000370 4548 4158 5443 7778 0088 c16b aee1 7d54
0000380 0000 0000 0000 0000 0000 0000 0000 0000
*
00003b0 4548 4158 5443 7778 0088 7222 9b9a 0fd4
00003c0 4568 6178 7463 2d20 4320 474f 4c45 4345
00003d0 6564 6f70 2074 656c 6167 206c 4e49 4950
00003e0 3550 043a 4e49 5254 5441 4e4f 2045 2020
00003f0 4548 4158 5443 8707 008f 4548 4158 5443
0000400 0000 0000 0000 0000 0000 0000 0000 0000
*
0001000
Offline
hm.. can you sniff the traffic between reader and the original card? it looks like there is something else going on.
the two dumps are the same, from what I can tell.
Just to eliminate a bad clone card, have you tried another one?
Offline
hm.. can you sniff the traffic between reader and the original card? it looks like there is something else going on.
the two dumps are the same, from what I can tell.Just to eliminate a bad clone card, have you tried another one?
Yes, I've tried with 2 other cards.
Thoses 3 cards have been working perfectly and doesn't working anymore since the same day, few weeks ago.
how to simply sniff the traffic between card and reader ?
Thanks for your help
Offline
You use your proxmark3 to sniff the traffic. Since you are posting in a proxmark3 forum, I'm assuming you have one. If not, is gonna be harder for you.
Offline
You use your proxmark3 to sniff the traffic. Since you are posting in a proxmark3 forum, I'm assuming you have one. If not, is gonna be harder for you.
Don't have....
Offline
You use your proxmark3 to sniff the traffic. Since you are posting in a proxmark3 forum, I'm assuming you have one. If not, is gonna be harder for you.
What could it be else than the content and ID of the card ?
Don't forget everything worked fine few weks ago on my both 3 cards, and stop working one day
Offline
Salut yttrium
D'apres le dump de ta carte, c'est une carte HEXACT.
Ils ont mis a jour leurs platines il y a quelques semaines pour bloquer les badges chinoises.
Ils ont fait une pub citant que ca soit une mesure pour empecher le 'piratage des badges'
For the english speakers (sorry my english is not perfect neither)
This brand of card manufacturer updates their systeme some weeks ago, to block chinese magic cards.
Offline
Salut yttrium
D'apres le dump de ta carte, c'est une carte HEXACT.
Ils ont mis a jour leurs platines il y a quelques semaines pour bloquer les badges chinoises.
Ils ont fait une pub citant que ca soit une mesure pour empecher le 'piratage des badges'For the english speakers (sorry my english is not perfect neither)
This brand of card manufacturer updates their systeme some weeks ago, to block chinese magic cards.
OK, merci beaucoup pour cette info.
Aucun moyen de contourner donc...?
Et comment peuvent-ils la détecter si le con,tenu et l'ID sont identiques à la carte d'origine ?
Last edited by yttrium (2016-03-31 13:08:25)
Offline
frautine1 wrote:Salut yttrium
D'apres le dump de ta carte, c'est une carte HEXACT.
Ils ont mis a jour leurs platines il y a quelques semaines pour bloquer les badges chinoises.
Ils ont fait une pub citant que ca soit une mesure pour empecher le 'piratage des badges'For the english speakers (sorry my english is not perfect neither)
This brand of card manufacturer updates their systeme some weeks ago, to block chinese magic cards.OK, merci beaucoup pour cette info.
Aucun moyen de contourner donc...?Et comment peuvent-ils la détecter si le con,tenu et l'ID sont identiques à la carte d'origine ?
Ils cherchent le tram de déverrouillage sur les cartes chinoises. Si la carte repond au tram, c'est bloqué.
Il faut trouver donc une carte magique qui ne repond pas au trams magiques.. assez difficile je penses...
Offline
yttrium wrote:frautine1 wrote:Salut yttrium
D'apres le dump de ta carte, c'est une carte HEXACT.
Ils ont mis a jour leurs platines il y a quelques semaines pour bloquer les badges chinoises.
Ils ont fait une pub citant que ca soit une mesure pour empecher le 'piratage des badges'For the english speakers (sorry my english is not perfect neither)
This brand of card manufacturer updates their systeme some weeks ago, to block chinese magic cards.OK, merci beaucoup pour cette info.
Aucun moyen de contourner donc...?Et comment peuvent-ils la détecter si le con,tenu et l'ID sont identiques à la carte d'origine ?
Ils cherchent le tram de déverrouillage sur les cartes chinoises. Si la carte repond au tram, c'est bloqué.
Il faut trouver donc une carte magique qui ne repond pas au trams magiques.. assez difficile je penses...
Ok, merci pour ces précieuses infos...
Fuck...
Offline
There has been talks about developing a magic generation 3 tag.. but its a bunch of money needed for MOQ
Offline
There has been talks about developing a magic generation 3 tag.. but its a bunch of money needed for MOQ
In the meantime, I am thinking that a Chameleon Mini might be able to do the trick?
Offline
Im curious, how are the chameleon mini going to do the trick? if you don't mind, would you care to explain in details?
Offline
If the system is actually blocking tags that respond to the magic commands, then I would assume the Chameleon Mini would work, as they emulate the Mifare Classic, without emulating the magic commands?
Offline
Since OP doesn't seem to have a device to work with, neither PM3 nor Chameleon this thread becomes teoretical.
Offline
yttrium wrote:frautine1 wrote:Salut yttrium
D'apres le dump de ta carte, c'est une carte HEXACT.
Ils ont mis a jour leurs platines il y a quelques semaines pour bloquer les badges chinoises.
Ils ont fait une pub citant que ca soit une mesure pour empecher le 'piratage des badges'For the english speakers (sorry my english is not perfect neither)
This brand of card manufacturer updates their systeme some weeks ago, to block chinese magic cards.OK, merci beaucoup pour cette info.
Aucun moyen de contourner donc...?Et comment peuvent-ils la détecter si le con,tenu et l'ID sont identiques à la carte d'origine ?
Ils cherchent le tram de déverrouillage sur les cartes chinoises. Si la carte repond au tram, c'est bloqué.
Il faut trouver donc une carte magique qui ne repond pas au trams magiques.. assez difficile je penses...
Quand tu dit assez difficile, ça veut dire impossible et je dois définitivement oublier l'idée de chercher et d'accéder à mon garage ou bien j'ai quand même une chance ?
Offline
Copy the card to a gen two tag or fuid one time write tag so the reader doesn't detect its backdoor. I recommend
https://lab401.com/collections/tags/products/undetectable-mifare-1k-one-time-write-uid
Last edited by slmann101 (2017-11-29 16:54:06)
Offline
Is it vigik system?
Offline
Bonjour, il éxiste des badges que ne répondent pas au magique.
Et certains badges badges répondent au SAK 08 alors que l'original retourne 88.
Si tu modifie le SAK dans le bloc 0, le badge magique retourne toujours 08.
Hello, there are badges that do not respond to magic.
And some badge badges respond to the SAK 08 while the original returns 88.
If you change the SAK in block 0, the magic badge always returns 08.
Offline
Is it vigik system?
yes, i have same problem
Offline
Its because of the anti-cloning features in the Vigik system.
You need to follow @slmann101 earlier post where you get a FUID (write-once uid card) or Gen2 to get by.
Vigik reader will detect a Gen1A.
Offline
Its because of the anti-cloning features in the Vigik system.
You need to follow @slmann101 earlier post where you get a FUID (write-once uid card) or Gen2 to get by.
Vigik reader will detect a Gen1A.
LOl !! challenge vigik
Last edited by kevin2008 (2017-11-30 07:15:45)
Offline
Its because of the anti-cloning features in the Vigik system.
You need to follow @slmann101 earlier post where you get a FUID (write-once uid card) or Gen2 to get by.
Vigik reader will detect a Gen1A.
FUID i preffer beer... Tchin...
Offline
Pages: 1