Proxmark developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.

You are not logged in.

#1 2017-07-10 05:44:00

samburner3
Contributor
From: Sydney AUS
Registered: 2015-03-01
Posts: 39

[Solved] FDI Keys Set Lua Script

Hi,

As on this thread: http://www.proxmark.org/forum/viewtopic.php?id=4158
I have been cloning FDI tags using the gen 1 tags (no backdoor) so have to use the hf mf wrbl commands, since the hf mf restore commands ignore the keys inside the dumpdata file and just put in F's.
I have had to manually go through and set the keys for each sector after.
(See my comment in https://github.com/Proxmark/proxmark3/issues/201)

SO I have created a script to do this process automatically.
I have never written a lua script before so just looking for feedback / suggestions. I haven't tested it out yet as I don't have my proxmark today.

function main(args)

			keySectors = {3,7,11,15,19,23,27,31,35,39,43,47,51,55,59,63}
			for i, keySectors in ipairs(keySectors) do
		  	print ("hf mf wrbl " .. keySectors .. "A ffffffffffff 8829da9daf76FF078069FF8829da9daf76")
				core.console("hf mf wrbl " .. keySectors .. "A ffffffffffff 8829da9daf76FF078069FF8829da9daf76")
			end
	
end

ggc047J.png

Do you think this should work? or needs a pause / sleep between the commands?
Is there a call back from core.console that can check it performed ok before doing the next sector?

Cheers.

Last edited by samburner3 (2017-07-12 13:24:32)

Offline

#2 2017-07-10 15:08:01

piwi
Contributor
Registered: 2013-06-04
Posts: 436

Re: [Solved] FDI Keys Set Lua Script

samburner3 wrote:

have to use the hf mf wrbl commands, since the hf mf restore commands ignore the keys inside the dumpdata file and just put in F's.

hf mf restore command reads the keys inside the dumpkeys.bin file and writes them to the new card. No need to use hf mf wrbl commands to set the keys.

If you see FFFFFFFFFFFF keys in the new card this can have two reasons:

  • You are trying to read the keys with a rdbl command and access conditions don't allow to read the respective key (note: this is always true for Key A). This will display as "FFFFFFFFFFFF".

  • You had "FFFFFFFFFFFF" keys in the dumpkeys.bin file

Offline

#3 2017-07-10 18:08:06

Dot.Com
Contributor
From: Hong Kong
Registered: 2016-10-05
Posts: 94
Website

Re: [Solved] FDI Keys Set Lua Script

Nice test script there Sam!

If you need my help, do let me know. smile


You live, you learn.
You give you take.
You win, you lose.

Offline

#4 2017-07-12 11:44:52

samburner3
Contributor
From: Sydney AUS
Registered: 2015-03-01
Posts: 39

Re: [Solved] FDI Keys Set Lua Script

Ok.. then where does it read the keys from to actually authenticate to write to the new card??

This is my process:

1. Check the blank card has default keys (ffffffffffff) in A and B.

Vi95l8c.png

2.
I have dumpdata with data I want to put onto new card.
I have dumpkeys with keys I want to put onto new card.

3.
gPwfWr5.png

The hf mf restore command works on each sector's 0-2 block, but not the key block. I get a Cmd Error: 04.

I know this error is due to access conditions.

So:
a) What keys are used to actually authenticate to write to the card?
b) Assuming it is using a default key A which does not work with the access conditions to write to that block. Hence why I need to manually specify key B when using hf mf restore which works:

hf mf wrbl 3 B ffffffffffff 8829da9daf76FF078069FF8829da9daf76
piwi wrote:

If you see FFFFFFFFFFFF keys in the new card this can have two reasons:
You are trying to read the keys with a rdbl command and access conditions don't allow to read the respective key (note: this is always true for Key A). This will display as "FFFFFFFFFFFF".

I am just using hf mf restore, not touching the rdbl command.
So what key does hf mf restore use?? As there is no option.

piwi wrote:

You had "FFFFFFFFFFFF" keys in the dumpkeys.bin file

Checked, nope I had the key I wanted on the new card in the dumpkeys file

5gBMJnV.png

Cheers.

Offline

#5 2017-07-12 13:09:18

piwi
Contributor
Registered: 2013-06-04
Posts: 436

Re: [Solved] FDI Keys Set Lua Script

a) What keys are used to actually authenticate to write to the card?

hf mf restore uses key A = FFFFFFFFFFFF to write to the card

I know this error is due to access conditions.

Exactly. But this means that you don't write to a blank card. Access Conditions on blank cards allow writing the sector trailer with key A (transport configuration). Please note the capitalized "BLANK" in the help text of hf mf restore:

Restore MIFARE classic binary file to BLANK tag

Offline

#6 2017-07-12 13:24:11

samburner3
Contributor
From: Sydney AUS
Registered: 2015-03-01
Posts: 39

Re: [Solved] FDI Keys Set Lua Script

Ah ok makes sense. The tags I had were shipped with non-default access conditions and only worked with key B to write.
The script I wrote works, after changing to key B smile

Would be good maybe to get some development going on restore to have some more options?

Marking as solved.

Offline

Board footer

Powered by FluxBB