Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Good evening everybody,
i have done a dump of my mirfare classic 1k-card, which had a value of 1100!
Inside the dump-file, i found the associated hex-value "044C", but just turned around, so "4C04!
The associated blocks 4 and 32 looks like:
4C 04 00 00 00 00 00 00 00 00 00 00 00 00 E8 09
The current value of the card is 1050!
I have done a new dump of the card and again the associated hex-value of the dump-file is "041A", so "1A04" at the same place!
Now, the associated blocks 4 and 32 looks like:
1A 04 00 00 00 00 00 00 00 00 00 00 00 00 BE 5F
If i now simple change the hex-value to "E803" (03E8), to get a value of 1000, it does not work!
Because of that, i think the hex-listings "E8 09" of the first dump and "BE 5F" of the second dump-file are associated checksums to the hex-values, but i just can not find out, how they belong together!
4C 04 = E8 09
1A 04 = BE 5F
It is not a "XOR"-linkage!
Did somebody have a solution for me?
Many thanks in advance!
Last edited by Ollibolli (2019-07-02 21:04:35)
Offline
Not sure what you are asking here, so a few questions.
Where did 1100 come from ?
Not sure what you mean by "...associated hex-value "044C". Block 4 will just be a user data block, so could hold any data. I am assuming this is from some sort of application/system and not mifare specific.
"The current value of the card is 1050" what changed to make this value (?) change? Again not sure where that is coming from.
e.g. you did you sump the card, then use the card, then dump again and the values changed ?
Offline
Good morning mwalker,
sorry that i have not expressed myself clearly!
1100 is the money-value in €-cent, 1050 is the current money-value in €-cent!
"044C" is the hex-value of 1100 and "041A" is the hex-value of 1050, so this information must be stored at this poinit of the data!
After the money-value have changed from 1100 to 1050, just block 4 and 32 have been changed inside the dumped-data from:
4C 04 00 00 00 00 00 00 00 00 00 00 00 00 E8 09
to
1A 04 00 00 00 00 00 00 00 00 00 00 00 00 BE 5F
Because i can not simple change the hex-value to "E803" now, to get a value of 1000, i think the hex-listings "E8 09" of the first dump and "BE 5F" of the second dump-file must be something like verify-/checksum-listings, which belong to the hex-value "044C" and "041A"!
Last edited by Ollibolli (2019-07-03 08:01:34)
Offline
A quick play with the numbers
A041 XOR 4C04 XOR 044C = E809
A041 XOR 1A04 XOR 041A = BE5F
Offline
Wow...
What does "A041" stands for?
Offline
nothing, just a seed/initial value. Could have been any value, it just showed up as a constant when I worked the numbers.
Of course that is just on a sample size of 2 so may just be luck. To test you would need to do a different value change and see if it still works.
Offline
Thank you very, very much!
Can you play again with this numbers, please?
Hex-value: 3B0C (3131 €-cent)
Checksum: C4F3
Offline
Same card ?
Offline
No, this my second one!
Offline
i wonder if the seed is linked to something else like the uid
Offline
Seems so...
Do you have a solution for the second card?
Offline
Good morning,
the XOR-checkum for the first card sadly don't work!
Nevertheless many thanks for your great efforts!
Offline
mwalker, can i send you the 2 dump-files from the first card?
Maybe you can find the way to XOR the right checksum (possibly with account the UID)!
Many, many thanks in advance!
Last edited by Ollibolli (2019-07-04 22:56:03)
Offline
Pages: 1