Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.

"Learn the tools of the trade the hard way." +Fravia

You are not logged in.


Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2024-02-20 14:22:00

From: Near AMS
Registered: 2024-02-13
Posts: 3

Cloning my company MIFARE Classic 4K card

The card doesn't look that odd:

[usb] pm3 --> hf mf info

[=] --- ISO14443-a Information ---------------------
[+]  UID: AE BE CE 3A
[+] ATQA: 00 02
[+]  SAK: 18 [2]

[=] --- Keys Information
[=] [0] key FF FF FF FF FF FF
[+] loaded 1 keys supplied by user
[+] loaded 61 keys from hardcoded default array
[+] Sector 0 key A... FFFFFFFFFFFF
[+] Sector 0 key B... FFFFFFFFFFFF
[+] Sector 1 key A... FFFFFFFFFFFF
[+] Block 0.......... AE BE CE 3A E4 98 02 00 64 8F 45 18 65 90 01 11

[=] --- Fingerprint

[=] --- Magic Tag Information
[=] <N/A>

[=] --- PRNG Information
[+] Prng................. weak

[usb] pm3 --> hf mfp info

[=] --- Tag Information ---------------------------
[!!] No card response

[+]  UID: AE BE CE 3A
[+] ATQA: 00 02
[+]  SAK: 18 [2]
[+] Possible types:
[+]    MIFARE Classic 4K
[=] proprietary non iso14443-4 card found, RATS not supported

[!!] No card response
[=] --- Fingerprint
[=]   Size...... 4K (4 UID)
[=]   SAK....... 4K 7b UID
[=] --- Security Level (SL)
[+]   SL mode... SL1
[=]   SL 1: backwards functional compatibility mode (with MIFARE Classic 1K / 4K) with an optional AES authentication

Restoring with a Ultimate magic card (Magic capabilities Gen 4 GTU & Gen 2 / CUID):
script run hf_mf_ultimatecard -w 0 -g 00 -t 7 -u AEBECE3A -q 000218 -g 01
hf mf gload -p AEBECE3A --4k -v -f hf-mf-AEBECE3A-dump-001.bin
script run hf_mf_ultimatecard -g 03

The card doesn't work... did a dump of the second card and "data diff" looks about the same. The original has 255 blocks & copy has 63 blocks for some reason.

The original dump.json does have some odd ATQA/SAK that didn't show up earlier:
   "UID": "AEBECE3A",
    "ATQA": "0200",
    "SAK": "98"

Is this a clue why it's not working? Any tips?

Last edited by Tazdevl (2024-02-20 14:22:23)


Board footer

Powered by FluxBB