Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2020-04-17 05:59:54

bilalch93
Contributor
Registered: 2020-04-15
Posts: 3

Writing a blank chinese mifare classic 1k

First of all, I would really appreciate the effort of creating this community. Great job done guys.

So I've not worked much with this rfid technology. I stumbled upon this task to create access control system. Previously they had readers and controller from HID company. Their cards are pretty expensive to us (poor country I belong to) and that's why I have to come up with a cheaper solution. For that I ordered chinese mifare classic cards along with ACS122U. I do have HiD R10 multiclass and iClass readers. Previously they were using iClass cards and they are working perfectly. I also purchased a seperate controller from ZKT inbios 460. Now the task was to write data in card so that it is recognisable by reader. I read the blank card with all of it's default factory settings, noted the UID of sector 0 block 0 and entered that value in my controller's personnel section but that didn't work. I read numerous guides to understand how this system really works but failed miserably. At this point I thought maybe there's something wrong with my equipment and I ordered the proxmark3 and read some documentation but my results were still the same. Cards that I own have keys A and B set to 0xF... and default access control bits which are 078069. I don't really understand about what data should I place, that would be card ID and facility code, and where should I put that data and afterwards do I have to configure anything in my controller as well? Currently iClass cards are working perfectly on my new inbios 460 controller. It's been a month I'm trying to figure this puzzle out and I would really appreciate any kind of help or directions.
Here's a read from a blank card.
sample data from blank card

And here's a glimpse from ZKT controller. I'm not sure if those data mappings are set correctly
sample wiegand configuration

Offline

#2 2020-04-17 06:34:54

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Writing a blank chinese mifare classic 1k

You know that you have posted on a dedicated Proxmark3 forum?

Offline

#3 2020-04-17 06:38:20

bilalch93
Contributor
Registered: 2020-04-15
Posts: 3

Re: Writing a blank chinese mifare classic 1k

Yes I am aware of that and I need guidance as I don't really have any other working mifare classic card with which I could do dump, analyse, increase UID and write back. I would really appreciate any directions on this.

Offline

#4 2020-04-17 11:10:44

mwalker
Moderator
Registered: 2019-05-11
Posts: 318

Re: Writing a blank chinese mifare classic 1k

The following is more something to think about, not what you need to do.

When you say Chinese Mifare Classic, I will assume you mean the ones with backdoor commands that allow you to bypass the normal mifare security controls.  If so, as you are designing a security system, the use of the cards with back doors should only be used in testing, and not final roll out.

A real mifare classic wont let you change the UID, so not the best idea to plan to do that.

The mifare classic UID was meant to ensure each card near a reader could be individually addressed, it was not really intended as a security ID.  while there is a low chance of getting 2 cards with the same UID, it is possiable.

The concept of a Facility Code and Card ID is not a mifare thing.  If you need the concept then you would need to design the system to read data from a block on the card that work with that.

"value in my controller's personnel section" : you would need to know what that is expecting, then work out how to get that from the card.  e.g. you could have a reader read block 4, decode the data and reformat it and send onto the controller in its needed format. 

Some systems by default wont work with different things.  e.g. if you have a lf HID card, that just spits out the HID ID (FC and CardID), then you cant just replace that with an EM4100 card as the way the card sends that data is different.

This is not to say you cant reprogram things, but you would need to learn if your system can be reprogrammed and how.

Offline

Board footer

Powered by FluxBB