Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2016-12-22 18:26:21

imedia
Contributor
Registered: 2016-12-20
Posts: 3

Complete Noob - Mifare Cloning

Ok, so I've been researching for days, going through post after post and downloading everything and anything trying to make sense of things... I have a Mifare Classic 1K. I want to clone it to other tags. Very Simple (Well I think it should be...)

From experimenting, card is not susceptible to the dark side, nested attack or Iceman's hardnested. So I decided to sniff the card and reader communication using iceman's build.  Here's what came out:

pm3 --> hf 14a list
Recorded Activity (TraceLen = 159 bytes)

Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)

      Start |        End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |
------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|
          0 |       2368 | Tag |04  00                                                           |     |
     234240 |     236608 | Tag |04  00                                                           |     |
     258032 |     263856 | Tag |bb  7e  fe  fd  c6                                               |     |
     293488 |     297008 | Tag |08  b6  dd                                                       |     |
     785196 |     789900 | Rdr |60  01  7c  6a                                                   |  ok | AUTH-A(1)
     794736 |     799408 | Tag |ab  06  05  d1                                                   |     |
     815660 |     824972 | Rdr |f5  cd! 55! 75! f6  f9  91! 18                                   | !crc|
     826224 |     830896 | Tag |07! a3  06  eb                                                   |     |
     847788 |     852492 | Rdr |23  44! 9f  13!                                                  | !crc|
     853760 |     874624 | Tag |77  b0  6c! d3  41! eb  f7  82! 1b! 6a  a2! 0e  51! ac  63! b4   |     |
            |            |     |53  b1!                                                          | !crc|
    1239596 |    1244364 | Rdr |a7  af  85  6f!                                                  | !crc|
pm3 -->

Hope I'm at least doing this part right? If so now what..? I cannot find anywhere to download crapto1gui.exe other than 100 chinese sites laced with malware and un-navigable pages. Anybody?

So let's say I do get crapto1gui and am successful extracting a Key, then what? I know it's crystal clear to probably 95% of you guys who know this stuff inside and out but I'm a noob and completely lost. Is there a proper guide anywhere that isn't written in broken english making assumptions that the reader is more knowlwdgable than they really are? Even a post that points me kinda in the right direction?

Thanks!

Offline

#2 2016-12-22 19:46:35

imedia
Contributor
Registered: 2016-12-20
Posts: 3

Re: Complete Noob - Mifare Cloning

Ok, I've done a Dump of my original card using the following:

pm3 >> hf mf dump

Got the dumpdata.bin then ran

pm3 >> hf mf restore

Everything wrote to the magic card successfully, except block 0, I set the uid using:

pm3 >> hf mf csetuid bb7efefd

That worked, now the only thing I can't seem to hange is the rest of block 0, here's a dump of CARD A (Original):

pm3 --> hf mf rdsc 0 A FFFFFFFFFFFF
data   : BB 7E FE FD C6 88 04 00 C8 46 00 20 00 00 00 14
data   : 70 69 81 00 30 22 61 60 14 D5 91 27 22 26 20 00
data   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
trailer: 00 00 00 00 00 00 FF 07 80 69 FF FF FF FF FF

And here is the dump of CARD B (Magic Card I'm cloning to):

pm3 --> hf mf rdsc 0 A FFFFFFFFFFFF
data   : BB 7E FE FD C6 08 04 00 12 13 14 15 16 17 18 19
data   : 70 69 81 00 30 22 61 60 14 D5 91 27 22 26 20 00
data   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
trailer: 00 00 00 00 00 00 FF 07 80 69 FF FF FF FF FF FF

As you can see eveything matches except everything after the BB 7E FE FD C6 on the first block.

What next? Thanks guys...

Offline

#3 2016-12-23 17:25:17

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: Complete Noob - Mifare Cloning

hf mf csetblk ?

Offline

#4 2016-12-23 20:48:20

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Complete Noob - Mifare Cloning

Is the key unique for your tag or is it a general one?

Offline

Board footer

Powered by FluxBB