Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

Pages: 1

#1 2019-03-06 10:54:52

gentilkiwi
Contributor
Registered: 2017-10-10
Posts: 27

A strange tag in France

Hello all smile

Just have in hands a strange tag... looks like a old Mifare Classic 1k, but when reading it:

proxmark3> hf 14a info
 UID : xx xx xx xx
ATQA : 00 10
 SAK : 81 [2]
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected
Prng detection: WEAK

Of course, hf mf commands seems to not work (I don't know keys).
Can it be a classic Mifare with fake announcment, but wanting normal Mifare communication ?

Offline

#2 2019-03-06 18:54:41

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: A strange tag in France

fudan clone?
check your trace list when doing a auth req.  See if the nonce is fixed.

Offline

#3 2019-03-06 19:48:51

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: A strange tag in France

Prng detection gives a result. Mifare authentication commands therefore work. Try 'hf mf mifare' to retrieve a key.

Offline

#4 2019-03-07 18:55:04

gentilkiwi
Contributor
Registered: 2017-10-10
Posts: 27

Re: A strange tag in France

@ iceman, I don't know about it, it seems an original from a known manufacturer for entry doors (Noralsy)
(and I can not test it against the original reader)

@ piwi, yeah \o/ it worked, thanks to it I was able to dump 3 sectors, because of the behavior when attacking others, I suspect it's only 192 bytes...

Last edited by gentilkiwi (2019-03-07 19:20:19)

Offline

#5 2019-03-07 19:18:48

gentilkiwi
Contributor
Registered: 2017-10-10
Posts: 27

Re: A strange tag in France

It's even worse... readed data are 192 bytes, but effective data seems to be 48 bytes
Datas are repeated, and trailers do not seems to be coherent, even with keys used to read it...:

Fake data readed from sector 0 (for example):

data   : xx xx xx xx cc 81 10 00 xx xx xx xx cc 81 10 00
data   : xx xx xx xx cc 81 10 00 xx xx xx xx cc 81 10 00
data   : aa bb 00 00 00 00 00 00 aa bb 00 00 00 00 00 00
trailer: aa bb 00 00 00 00 00 00 aa bb 00 00 00 00 00 00

So, effective data seems to be:

xx xx xx xx cc 81 10 00 aa bb 00 00 00 00 00 00

Same behavior for 2 others sectors...

Did you already seen that?

Last edited by gentilkiwi (2019-03-07 19:23:28)

Offline

#6 2019-03-08 08:15:07

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: A strange tag in France

I would assume that you see the contents of block 0 and block 2, but each of them twice.

Usually such strange behaviour results from mixing different versions of client software (on your PC) and firmware (flashed on Proxmark). Please try to update to a common version/release.

Offline

#7 2019-03-08 10:27:34

gentilkiwi
Contributor
Registered: 2017-10-10
Posts: 27

Re: A strange tag in France

I just flashed to the latest one FW/client (official)

bootrom: master/v3.1.0-70-g1338d24-suspect 2019-03-04 13:25:10
os: master/v3.1.0-70-g1338d24-suspect 2019-03-04 13:25:13
fpga_lf.bit built for 2s30vq100 on 2015/03/06 at 07:38:04
fpga_hf.bit built for 2s30vq100 on 2019/02/15 at 20:40:32
SmartCard Slot: not available

And exactly same results sad

Offline

#8 2019-03-08 13:36:52

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: A strange tag in France

and we are back to the "is it a fudan clone?" or maybe even aztec http://www.proxmark.org/forum/viewtopic.php?id=4456

Offline

#9 2019-03-08 15:51:59

gentilkiwi
Contributor
Registered: 2017-10-10
Posts: 27

Re: A strange tag in France

How can I verify it without original read/auth ? sad
No answer to: 'hf 14a raw -s -c -p 10 03 00' (or equ.)

Offline

#10 2019-03-08 16:07:41

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: A strange tag in France

Hm,  do you have a picture of the tag?

Offline

#11 2019-03-08 16:11:18

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: A strange tag in France

Can you please read block by block (hf mf rdbl, block 0 to 3, all same keys A or B) and post the result?

Offline

#12 2019-03-09 11:40:03

gentilkiwi
Contributor
Registered: 2017-10-10
Posts: 27

Re: A strange tag in France

I've made all the test (results in another PC), but I can already say it changed nothing sad

Offline

#13 2019-03-09 13:20:19

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: A strange tag in France

Would you please post the commands and the output.

Offline

#14 2019-03-09 13:23:11

gentilkiwi
Contributor
Registered: 2017-10-10
Posts: 27

Re: A strange tag in France

yeah, I will on Monday wink (access to the computer)
just to say that no real hope because of what I've seen on Friday wink

Offline

Pages: 1

Board footer

Powered by FluxBB