Cloning my Mifare Classic card.

Nimbex · 2014-09-04 22:56:52

Hi guys,

First of all, sorry for my poor English...

I just read two RFID cards using my Samsung SIII Neo, using the Mifare Classic Tool app.
These cards are used for acces control and paying things.

These are the results:

Card 1:

+Sector: 0
D4ED244D5088040047C11D345D003105
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 1
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 2
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 3
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 4
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF

Card 2:

+Sector: 0
D63B3C64B5880400468E24D75D503702
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 1
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 2
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 3
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 4
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFF078069FFFFFFFFFFFF

Sectors 5-15 gave: "No keys found (or dead sector)".

Am I correct when I think that both cards contain no specific data?
So they just use the UID to give acces or to pay something?

Or is there data on sectors 5-15 for wich I don't have the right keys?

Is there a difference between the 0000000000's on card 1 and the FFFFFFFFFFF's on card 2?

Thanks for the answers!

iceman · 2014-09-05 06:25:24

If you could give the other information on the cards?

Nimbex · 2014-09-05 08:10:01

Wich information do you need?

Thanks !

Nimbex · 2014-09-05 08:13:57

UID: D4ED244D (4 byte)
RF technologie: ISO/IEC 14443, type A
ATQA: 0004
SAK: 08
ATS: -
Tag type and manufacturer: Mifare Classic 1K, NXP.

iceman · 2014-09-05 08:45:41

If you had an pm3, you could have tried some different approaches but now I suspect that you are locked to your phone and the app.
But that would only analyse the card, not in what context the card is used. So if the system which the card belongs to have everything in a backend server based on the UID, then you can't "change" the system. You could get the uid for another card and pretend to be that card.

Nimbex · 2014-09-05 09:41:46

So I better buy me a RFID card reader/writer?

iceman · 2014-09-05 09:49:01

Well... No..
Depends if you have an interest in this stuff and not to concerned about money. Then you should be a pm3 and look into it.
Otherwize, buy a r/w device which the libnfc works on, then you will have more insight on the carddata.

Much of all things you can do with this nfc/rfid tech is hands-on lowlevel stuff. The existing software like nfc-tools, (libnfc, libfreefare) give you access to the cards.
But if you want to create a new attack vector on a specific card, then you need more knowledge. And that takes effort and quite some time.

Proxmark3 community

Announcement

#1 2014-09-04 22:56:52

Cloning my Mifare Classic card.

#2 2014-09-05 06:25:24

Re: Cloning my Mifare Classic card.

#3 2014-09-05 08:10:01

Re: Cloning my Mifare Classic card.

#4 2014-09-05 08:13:57

Re: Cloning my Mifare Classic card.

#5 2014-09-05 08:45:41

Re: Cloning my Mifare Classic card.

#6 2014-09-05 09:41:46

Re: Cloning my Mifare Classic card.

#7 2014-09-05 09:49:01

Re: Cloning my Mifare Classic card.

Board footer