Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2015-02-26 15:37:26
- thk02
- Member
- Registered: 2015-02-26
- Posts: 2
Mifare Classic attack
Hi!
I run a self service business here in Europe, that uses RFID-cards for payment.
However I've run into a problem. The manufacture which I bought the whole system from have gone bankruptcy and can no longer provide RFID-cards.
I knew that Mifare wasn’t so secure so I started to do some research and eventually bought an proxmark3.
I do have about 50 blank cards from the manufacture left and the programmer/reader (to add credit to cards)
So far I’ve manage to gather some information:
TYPE: NXP MIFARE CLASSIC 1k | Plus 2k SL1
After doing some attacks with the proxmark I also gathered all of the keys (one of the keys was the standard a0a1a2a3a4a5)
I then dump the keys into a .bin and dumped all of the data in another .bin.
My question is where do I go next?
Do I need a ‘magic Chinese card’ to clone one of my ‘blank cards’ including the UID?
The problem with this is that I use about 3.000pcs of this cards each year and would be a bit expensive compared to blank Mifare cards.
Hope some of you have some tips for me 
Thanks!
Offline
#2 2015-02-26 17:58:16
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: Mifare Classic attack
if the keys don't change on each card then the next step is to see what is programmed on the memory blocks. (dump the card)
if that data is all static as well then you don't need a magic card, just a plain mifare will do to make more.
Offline
#3 2015-02-26 18:01:43
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: Mifare Classic attack
also, i really do not recommend using the "magic" cards at all in your situation as you don't really want two cards/people having the EXACT SAME payment account numbers
but if all the data as i said is static (except sector 0 block 0, which contains the UID) you should have no trouble making more blanks
Offline
#4 2015-02-26 21:16:28
- holiman
- Contributor
- Registered: 2013-05-03
- Posts: 566
Re: Mifare Classic attack
I don't see any point in magic cards here. All mifare classic tags are read/writeable, your system probably doesn't care about the UID anyway.
Offline
#5 2015-02-27 10:34:41
- thk02
- Member
- Registered: 2015-02-26
- Posts: 2
Re: Mifare Classic attack
I have read 3 cards now and they all have different keys.
Only similarity is the A-key on sector 0: a0a1a2a3a4a5.
Also tryed to write all the data except sector0 to a blank Mifare card, but got 'error, unknown card' in my system.
Is the keys generated by a algo from the UID?
Offline
#6 2015-02-27 13:42:52
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: Mifare Classic attack
Probably
Offline
Pages: 1