Proxmark developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2012-08-31 16:44:54

pacemaker
Member
Registered: 2009-10-02
Posts: 2

Changing (i.e. decreasing) DCF value on a LEGIC Prime blank card

I list,

I'm trying to clone a card from a blank LEGIC prime card. It is clear that the UID and the CRC cannot be rewritten, but what about the DCF (decremented counter)? Indeed most LEGIC prime blank cards have a DCF = 0xff 0xff (GAM) and I want to transform the card into a SAM.

in armsrc/legicrf.c we have:

 
int legic_write_byte(int byte, int addr, int addr_sz) {
    //do not write UID, CRC, DCF                                                                
                                                                  
  if(addr <= 0x06) {
    return 0;
  }

I naively replaced

 addr <= 0x06 

 
with

 addr <= 0x04

to rewrite the DCF but it's not working. Some of you have an idea to rewrite the DCF value ? Maybe there is a free tool to do that with an official LEGIC reader ?

Offline

#2 2012-09-14 16:11:40

Stefanvm
Member
Registered: 2009-12-11
Posts: 1

Re: Changing (i.e. decreasing) DCF value on a LEGIC Prime blank card

Guys, if someone knows how to decrement the DCF please share your knowlege because this is really an issue. Write command in this address fails definitely. Any ideas or success stories are highly appreciated

Offline

#3 2013-06-02 20:41:21

AntiCat
Contributor
Registered: 2010-01-01
Posts: 12

Re: Changing (i.e. decreasing) DCF value on a LEGIC Prime blank card

you have to write MSB (address 0x06) first.
the write of both bytes have to occur in succession.
keep in mind, they can only be decremented.

Offline

#4 2013-06-03 07:44:19

AntiCat
Contributor
Registered: 2010-01-01
Posts: 12

Re: Changing (i.e. decreasing) DCF value on a LEGIC Prime blank card

I confused MSB and LSB. Correct is:

you have to write LSB (address 0x06) first.

Offline

Board footer

Powered by FluxBB