Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Ok, so I've been researching for days, going through post after post and downloading everything and anything trying to make sense of things... I have a Mifare Classic 1K. I want to clone it to other tags. Very Simple (Well I think it should be...)
From experimenting, card is not susceptible to the dark side, nested attack or Iceman's hardnested. So I decided to sniff the card and reader communication using iceman's build. Here's what came out:
pm3 --> hf 14a list
Recorded Activity (TraceLen = 159 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
Start | End | Src | Data (! denotes parity error) | CRC | Annotation |
------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|
0 | 2368 | Tag |04 00 | |
234240 | 236608 | Tag |04 00 | |
258032 | 263856 | Tag |bb 7e fe fd c6 | |
293488 | 297008 | Tag |08 b6 dd | |
785196 | 789900 | Rdr |60 01 7c 6a | ok | AUTH-A(1)
794736 | 799408 | Tag |ab 06 05 d1 | |
815660 | 824972 | Rdr |f5 cd! 55! 75! f6 f9 91! 18 | !crc|
826224 | 830896 | Tag |07! a3 06 eb | |
847788 | 852492 | Rdr |23 44! 9f 13! | !crc|
853760 | 874624 | Tag |77 b0 6c! d3 41! eb f7 82! 1b! 6a a2! 0e 51! ac 63! b4 | |
| | |53 b1! | !crc|
1239596 | 1244364 | Rdr |a7 af 85 6f! | !crc|
pm3 -->
Hope I'm at least doing this part right? If so now what..? I cannot find anywhere to download crapto1gui.exe other than 100 chinese sites laced with malware and un-navigable pages. Anybody?
So let's say I do get crapto1gui and am successful extracting a Key, then what? I know it's crystal clear to probably 95% of you guys who know this stuff inside and out but I'm a noob and completely lost. Is there a proper guide anywhere that isn't written in broken english making assumptions that the reader is more knowlwdgable than they really are? Even a post that points me kinda in the right direction?
Thanks!
Offline
Ok, I've done a Dump of my original card using the following:
pm3 >> hf mf dump
Got the dumpdata.bin then ran
pm3 >> hf mf restore
Everything wrote to the magic card successfully, except block 0, I set the uid using:
pm3 >> hf mf csetuid bb7efefd
That worked, now the only thing I can't seem to hange is the rest of block 0, here's a dump of CARD A (Original):
pm3 --> hf mf rdsc 0 A FFFFFFFFFFFF
data : BB 7E FE FD C6 88 04 00 C8 46 00 20 00 00 00 14
data : 70 69 81 00 30 22 61 60 14 D5 91 27 22 26 20 00
data : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
trailer: 00 00 00 00 00 00 FF 07 80 69 FF FF FF FF FF
And here is the dump of CARD B (Magic Card I'm cloning to):
pm3 --> hf mf rdsc 0 A FFFFFFFFFFFF
data : BB 7E FE FD C6 08 04 00 12 13 14 15 16 17 18 19
data : 70 69 81 00 30 22 61 60 14 D5 91 27 22 26 20 00
data : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
trailer: 00 00 00 00 00 00 FF 07 80 69 FF FF FF FF FF FF
As you can see eveything matches except everything after the BB 7E FE FD C6 on the first block.
What next? Thanks guys...
Offline
hf mf csetblk ?
Offline
Is the key unique for your tag or is it a general one?
Offline
Pages: 1