Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2009-05-28 13:40:48
- apmsylvain
- Member
- From: Paris (FRANCE)
- Registered: 2009-01-06
- Posts: 8
How to clone UID of a Mifare Tag
Hi,
I have recently bought a PM3 and released the eavesdropping of a mifare communication with success. Thanks to crypto1, I found the key that protect my tag.
Today, my next challenge is to create a perfect clone of my mifare tag. Do you have any idea how to simulate the same UID ?
I have well understand that we can't write on the sector 0 of the block 0 that content the UID. And I have try to write on a FUDAN FM11RF08 unsuccessfully.
My research bring me to the JCOP tag. Is it possible to create an applet which simulate mifare with a UID chosen ?
But, perhaps I want to do the impossible : does the legit reader read the UID to allow an access or just read the content of the other block ? and at this time, it comes easy !
Thanks for your time in advance.
If newbies like me want to have some explaination to eavesdrop and crypto1 their tag, don't hesitate, contact me.
And sorry for my english, I'm just a french guy.
Offline
#2 2009-05-29 13:43:49
- TomBu
- Contributor
- From: Delft, The Netherlands
- Registered: 2008-10-27
- Posts: 55
- Website
Re: How to clone UID of a Mifare Tag
ok I vote to ban rfbird. he's a total moron.
i don't think we need any completely clueless kid hanging around here talking about magix code that would exist. he even thinks its cooler if he says it's assembly code. There is nothing out there remotely resembling what he's claiming.
proof or gtfo.
I'm totally against banning rfbird and I don't agree with your cryptic synopsis of his character.
However I do agree with your request for proof.
IMHO hat's statements could be more effective if he would utter them in a more civilized and substantiated way. As if someone cares, I know....
Regards,
Tom
Offline
#3 2009-05-29 14:07:04
- apmsylvain
- Member
- From: Paris (FRANCE)
- Registered: 2009-01-06
- Posts: 8
Re: How to clone UID of a Mifare Tag
Dear Hat,
Thank you for your answer. Now, I work on the relay attack presented in the section "example" of www.libnfc.org (a very good idea roel !). Thanks to rfidiot.org, where we can find a program written by Adam Laurie (pn532mitm.py), I wish release it.
This bring me to think that if we can relay the APDU command, why we can't modify it on the fly or directly forge an APDU command ? It's just an idea for emulate the UID. Sorry if it's look like stupid.
Dear rfbird,
I agree with TomBu, if you know a way to simulate an UID, could you explain it in detail or proof or send the link for testing.
Thank you all !
Offline
#4 2009-05-29 20:02:50
- djrevmoon
- Contributor
- Registered: 2008-06-23
- Posts: 13
Re: How to clone UID of a Mifare Tag
On the other hand, there are many algorithms you can implement in assembly which you cannot implement in a HLL.
Ok, you're a troll. Thanks for exposing urself. Bye now :-)
Offline
#5 2009-05-30 00:11:52
- rule
- Member
- Registered: 2008-05-21
- Posts: 417
Re: How to clone UID of a Mifare Tag
Dear users,
Please let's stop this silly discussion.
First of all, I was never able to manipulate the UID of any genuine MIFARE Classic tag (or clone). This does not take any suggestion that there is no such option available, I have more the feeling that it just means I still don't know how to do this.
The Proxmark is able to emulate a MIFARE card (including UID) with the same timing results as an original card, though the software to do this is not (yet) released (as I know of).
An applet can not go into the low-level (native) functionality, to send incorrect parity+crc for example, unless it is programmed before the tag was finalized. This finalization process often takes place at the major brands like IBM, Gemalto, SUN, etc. If you are able to access the native functionality with your applet you could probably alter (emulate) the UID. But I should admit I never had access to those cards, so don't take this for granted.
If someone has some (inside?) information about this process and is happy to share this, we are all very eager to hear!
My comment to the last message of rfbird is
On the other hand, there are many algorithms you can implement in assembly which you cannot implement in a HLL.
Check out turing-completeness
Cheers,
Roel
Last edited by rule (2009-05-30 13:02:13)
Offline
#6 2009-05-30 13:02:34
- rule
- Member
- Registered: 2008-05-21
- Posts: 417
Re: How to clone UID of a Mifare Tag
true, fixed 
Offline
#7 2011-07-19 17:02:49
- eskizle
- Contributor
- Registered: 2011-07-18
- Posts: 26
Re: How to clone UID of a Mifare Tag
so at the end, someone found a solution to emulate the UID on another card?
Offline
#8 2011-07-23 18:06:31
- martinouyang
- Member
- Registered: 2011-07-23
- Posts: 9
Re: How to clone UID of a Mifare Tag
we supply the cards below:
Works exactly like the Mifare S50, with 16 Sectors and 4 Blocks each Sector, but the Sector 0 Block 0 known as Manufacturers Block where the Chip UID is stored, can be re programmed to any UID you wish.
It's advantage;
This is a perfect solution for a lost irreplaceable Mifare Cards ID, you don't need to re-enroll new cards. Just program this new Mifare 1K's UID to the UID of lost card then you have a new Exactly the same card.
Popular applications;
Loyalty
Ticketing
Identification
Access Control
ouyangweidaxian@live.cn
Offline
Pages: 1