Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2015-02-26 15:37:26

thk02
Member
Registered: 2015-02-26
Posts: 2

Mifare Classic attack

Hi!

I run a self service business here in Europe, that uses RFID-cards for payment.
However I've run into a problem. The manufacture which I bought the whole system from have gone bankruptcy and can no longer provide RFID-cards.

I knew that Mifare wasn’t so secure so I started to do some research and eventually bought an proxmark3.
I do have about 50 blank cards from the manufacture left and the programmer/reader (to add credit to cards)

So far I’ve manage to gather some information:

TYPE: NXP MIFARE CLASSIC 1k | Plus 2k SL1

After doing some attacks with the proxmark I also gathered all of the keys (one of the keys was the standard a0a1a2a3a4a5)
I then dump the keys into a .bin and dumped all of the data in another .bin.

My question is where do I go next?
Do I need a ‘magic Chinese card’ to clone one of my ‘blank cards’ including the UID?
The problem with this is that I use about 3.000pcs of this cards each year and would be a bit expensive compared to blank Mifare cards.

Hope some of you have some tips for me smile

Thanks!

Offline

#2 2015-02-26 17:58:16

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Mifare Classic attack

if the keys don't change on each card then the next step is to see what is programmed on the memory blocks. (dump the card)

if that data is all static as well then you don't need a magic card, just a plain mifare will do to make more.

Offline

#3 2015-02-26 18:01:43

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Mifare Classic attack

also, i really do not recommend using the "magic" cards at all in your situation as you don't really want two cards/people having the EXACT SAME payment account numbers
but if all the data  as i said is static (except sector 0 block 0, which contains the UID) you should have no trouble making more blanks

Offline

#4 2015-02-26 21:16:28

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Mifare Classic attack

I don't see any point in magic cards here. All mifare classic tags are read/writeable, your system probably doesn't care about the UID anyway.

Offline

#5 2015-02-27 10:34:41

thk02
Member
Registered: 2015-02-26
Posts: 2

Re: Mifare Classic attack

I have read 3 cards now and they all have different keys.
Only similarity is the A-key on sector 0: a0a1a2a3a4a5.

Also tryed to write all the data except sector0 to a blank Mifare card, but got 'error, unknown card' in my system.

Is the keys generated by a algo from the UID?

Offline

#6 2015-02-27 13:42:52

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Mifare Classic attack

Probably

Offline

Board footer

Powered by FluxBB