hf 14a raw commands for talking to a magic tag?

iceman · 2015-01-15 01:49:34

did a unmagic block0 write on a gen1 magic tag resulting that the tag don't responds anymore.

As a final idea, what is the "hf 14a raw" commands needed to talk to a magic tag?

hf 14a raw -p -a 52    // wupA
hf 14a raw -p -b 7 40 // wupC1
hf 14a raw -p 43        // wupC2
hf 14a raw -p 41        // wipe

asper · 2015-01-15 08:25:23

Where did you get 41 and 43?
I remember an old thread with a sniffed trace between magic and "official" reader but i cannot find it...

iceman · 2015-01-15 10:51:12

Got it. thanks!

asper · 2015-01-15 11:32:18

Maybe 43 and/or 41 are sent by the reader to look for a special card, maybe not all cards got the backdoor enabled with the same commands so the reader send more than 1.

iceman · 2015-01-15 12:18:05

A) 0x40  7 bits ( wake up Magic step1)
B) 0x43  8bits ( wake up Magic step 2)  -- magic card is now in "backdoor mode"
C) 0x41 8bits ( special wipe the card command)  resests the card to zeros..

This is the commands that is implemented inside the ARMSRC for magic cards.

A & B in sequence is needed to "enter" the backdoor mode.
after that there is only to send normal read / write commands and the tag will give it back without password.
or you can send the extra command C, which wipes the card.

asper · 2015-01-15 12:22:12

Oh ok I was not aware of this, thank you.

Proxmark3 community

Announcement

#1 2015-01-15 01:49:34

hf 14a raw commands for talking to a magic tag?

#2 2015-01-15 08:25:23

Re: hf 14a raw commands for talking to a magic tag?

#3 2015-01-15 10:51:12

Re: hf 14a raw commands for talking to a magic tag?

#4 2015-01-15 11:32:18

Re: hf 14a raw commands for talking to a magic tag?

#5 2015-01-15 12:18:05

Re: hf 14a raw commands for talking to a magic tag?

#6 2015-01-15 12:22:12

Re: hf 14a raw commands for talking to a magic tag?

Board footer