Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Hi everybody,
What brings me is that I was the proud owner of a Proxmark 3, which allowed me to successfully duplicate mini 0.3 K Mifare card. Everything was perfect until the device crash ... result, PM3 is out of order .
So, I'm now looking to duplicate this same card with a ACR122U that i borrowed..... I have all the keys necessary A & B, they are collected in a file keys.txt ... I then followed the usual 'protocol' , namely dump of Chinese magic card (already flashed by the previously working PM3) , i just want to re-write it) then dump the original card, everything is running correctly:
Here is the place of operations:
For Chinese card
skappy@skappy-portable:~/Téléchargements$ mfoc -f keys.txt -O china.mfd
The custom key 0xA0A1A2A3A4A5 has been added to the default keys
The custom key 0xB4C132439EEF has been added to the default keys
The custom key 0xA2ED01B6221A has been added to the default keys
The custom key 0xAABF2FAC83B2 has been added to the default keys
The custom key 0x008A92A439D0 has been added to the default keys
The custom key 0x2874320169D2 has been added to the default keys
The custom key 0x498D1A3C87F6 has been added to the default keys
The custom key 0xF1DEB8890D3D has been added to the default keys
The custom key 0x9A85ECBCEF6F has been added to the default keys
The custom key 0xEB808CD8766E has been added to the default keys
Found Mifare Classic Mini tag
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
* UID size: single
* bit frame anticollision supported
UID (NFCID1): ab ff 5b 93
SAK (SEL_RES): 09
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Mini 0.3K
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:
Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found
[Key: a0a1a2a3a4a5] -> [/....]
[Key: b4c132439eef] -> [x....]
[Key: a2ed01b6221a] -> [x/...]
[Key: aabf2fac83b2] -> [xx...]
[Key: 008a92a439d0] -> [xx/..]
[Key: 2874320169d2] -> [xxx..]
[Key: 498d1a3c87f6] -> [xxx/.]
[Key: f1deb8890d3d] -> [xxxx.]
[Key: 9a85ecbcef6f] -> [xxxx/]
[Key: eb808cd8766e] -> [xxxxx]
[Key: ffffffffffff] -> [xxxxx]
[Key: a0a1a2a3a4a5] -> [xxxxx]
[Key: d3f7d3f7d3f7] -> [xxxxx]
[Key: 000000000000] -> [xxxxx]
[Key: b0b1b2b3b4b5] -> [xxxxx]
[Key: 4d3a99c351dd] -> [xxxxx]
[Key: 1a982c7e459a] -> [xxxxx]
[Key: aabbccddeeff] -> [xxxxx]
[Key: 714c5c886e97] -> [xxxxx]
[Key: 587ee5f9350f] -> [xxxxx]
[Key: a0478cc39091] -> [xxxxx]
[Key: 533cb6c723f6] -> [xxxxx]
[Key: 8fd0a4f256e9] -> [xxxxx]
Sector 00 - Found Key A: a0a1a2a3a4a5 Found Key B: b4c132439eef
Sector 01 - Found Key A: a2ed01b6221a Found Key B: aabf2fac83b2
Sector 02 - Found Key A: 008a92a439d0 Found Key B: 2874320169d2
Sector 03 - Found Key A: 498d1a3c87f6 Found Key B: f1deb8890d3d
Sector 04 - Found Key A: 9a85ecbcef6f Found Key B: eb808cd8766e
We have all sectors encrypted with the default keys..
Auth with all sectors succeeded, dumping keys to a file!
Block 19, type A, key 9a85ecbcef6f :00 00 00 00 00 00 78 77 88 00 00 00 00 00 00 00
Block 18, type A, key 9a85ecbcef6f :55 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 17, type A, key 9a85ecbcef6f :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
Block 16, type A, key 9a85ecbcef6f :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 15, type A, key 498d1a3c87f6 :00 00 00 00 00 00 78 77 88 00 00 00 00 00 00 00
Block 14, type A, key 498d1a3c87f6 :55 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 13, type A, key 498d1a3c87f6 :00 00 00 00 00 00 00 06 00 00 00 00 00 00 06 33
Block 12, type A, key 498d1a3c87f6 :00 00 00 00 00 00 00 05 00 00 00 00 00 00 05 32
Block 11, type A, key 008a92a439d0 :00 00 00 00 00 00 78 77 88 10 00 00 00 00 00 00
Block 10, type A, key 008a92a439d0 :aa a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 09, type A, key 008a92a439d0 :00 cd 00 cd 00 00 00 1e 69 00 00 00 00 00 00 9f
Block 08, type A, key 008a92a439d0 :00 37 00 37 00 00 00 1e 69 00 00 00 00 00 00 a0
Block 07, type A, key a2ed01b6221a :00 00 00 00 00 00 78 77 88 07 00 00 00 00 00 00
Block 06, type A, key a2ed01b6221a :aa 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 05, type A, key a2ed01b6221a :01 00 00 01 00 00 80 01 00 01 00 00 00 00 80 01
Block 04, type A, key a2ed01b6221a :0d 00 00 8d 37 e5 80 60 00 60 00 00 00 00 d2 02
Block 03, type A, key a0a1a2a3a4a5 :00 00 00 00 00 00 78 77 88 c1 00 00 00 00 00 00
Block 02, type A, key a0a1a2a3a4a5 :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 01, type A, key a0a1a2a3a4a5 :62 00 48 88 49 88 4a 88 4b 88 00 00 00 00 00 00
Block 00, type A, key a0a1a2a3a4a5 :ab ff 5b 93 9c 09 04 00 c2 43 00 00 00 00 00 14
For Original card
skappy@skappy-portable:~/Téléchargements$ mfoc -f keys.txt -O original.mfd
The custom key 0xA0A1A2A3A4A5 has been added to the default keys
The custom key 0xB4C132439EEF has been added to the default keys
The custom key 0xA2ED01B6221A has been added to the default keys
The custom key 0xAABF2FAC83B2 has been added to the default keys
The custom key 0x008A92A439D0 has been added to the default keys
The custom key 0x2874320169D2 has been added to the default keys
The custom key 0x498D1A3C87F6 has been added to the default keys
The custom key 0xF1DEB8890D3D has been added to the default keys
The custom key 0x9A85ECBCEF6F has been added to the default keys
The custom key 0xEB808CD8766E has been added to the default keys
Found Mifare Classic Mini tag
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
* UID size: single
* bit frame anticollision supported
UID (NFCID1): ab ff 5b 93
SAK (SEL_RES): 09
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Mini 0.3K
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:
Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found
[Key: a0a1a2a3a4a5] -> [/....]
[Key: b4c132439eef] -> [x....]
[Key: a2ed01b6221a] -> [x/...]
[Key: aabf2fac83b2] -> [xx...]
[Key: 008a92a439d0] -> [xx/..]
[Key: 2874320169d2] -> [xxx..]
[Key: 498d1a3c87f6] -> [xxx/.]
[Key: f1deb8890d3d] -> [xxxx.]
[Key: 9a85ecbcef6f] -> [xxxx/]
[Key: eb808cd8766e] -> [xxxxx]
[Key: ffffffffffff] -> [xxxxx]
[Key: a0a1a2a3a4a5] -> [xxxxx]
[Key: d3f7d3f7d3f7] -> [xxxxx]
[Key: 000000000000] -> [xxxxx]
[Key: b0b1b2b3b4b5] -> [xxxxx]
[Key: 4d3a99c351dd] -> [xxxxx]
[Key: 1a982c7e459a] -> [xxxxx]
[Key: aabbccddeeff] -> [xxxxx]
[Key: 714c5c886e97] -> [xxxxx]
[Key: 587ee5f9350f] -> [xxxxx]
[Key: a0478cc39091] -> [xxxxx]
[Key: 533cb6c723f6] -> [xxxxx]
[Key: 8fd0a4f256e9] -> [xxxxx]
Sector 00 - Found Key A: a0a1a2a3a4a5 Found Key B: b4c132439eef
Sector 01 - Found Key A: a2ed01b6221a Found Key B: aabf2fac83b2
Sector 02 - Found Key A: 008a92a439d0 Found Key B: 2874320169d2
Sector 03 - Found Key A: 498d1a3c87f6 Found Key B: f1deb8890d3d
Sector 04 - Found Key A: 9a85ecbcef6f Found Key B: eb808cd8766e
We have all sectors encrypted with the default keys..
Auth with all sectors succeeded, dumping keys to a file!
Block 19, type A, key 9a85ecbcef6f :00 00 00 00 00 00 78 77 88 00 00 00 00 00 00 00
Block 18, type A, key 9a85ecbcef6f :55 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 17, type A, key 9a85ecbcef6f :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
Block 16, type A, key 9a85ecbcef6f :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 15, type A, key 498d1a3c87f6 :00 00 00 00 00 00 78 77 88 00 00 00 00 00 00 00
Block 14, type A, key 498d1a3c87f6 :aa 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 13, type A, key 498d1a3c87f6 :00 00 00 00 00 00 00 04 00 00 00 00 00 00 04 31
Block 12, type A, key 498d1a3c87f6 :00 00 00 00 00 00 00 05 00 00 00 00 00 00 05 32
Block 11, type A, key 008a92a439d0 :00 00 00 00 00 00 78 77 88 10 00 00 00 00 00 00
Block 10, type A, key 008a92a439d0 :55 97 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 09, type A, key 008a92a439d0 :00 f3 02 f1 00 00 00 1c 6b 00 00 00 00 00 00 97
Block 08, type A, key 008a92a439d0 :00 df 02 dd 00 00 00 1c 6b 00 00 00 00 00 00 96
Block 07, type A, key a2ed01b6221a :00 00 00 00 00 00 78 77 88 07 00 00 00 00 00 00
Block 06, type A, key a2ed01b6221a :aa 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 05, type A, key a2ed01b6221a :01 00 00 01 00 00 80 01 00 01 00 00 00 00 80 01
Block 04, type A, key a2ed01b6221a :0d 00 00 8d 37 e5 80 60 00 60 00 00 00 00 d2 02
Block 03, type A, key a0a1a2a3a4a5 :00 00 00 00 00 00 78 77 88 c1 00 00 00 00 00 00
Block 02, type A, key a0a1a2a3a4a5 :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 01, type A, key a0a1a2a3a4a5 :62 00 48 88 49 88 4a 88 4b 88 00 00 00 00 00 00
Block 00, type A, key a0a1a2a3a4a5 :ab ff 5b 93 9c 89 04 00 c2 43 00 00 00 00 00 14
and comes the moment to try to write to the chinese card thanks to nfc-mfclassic
skappy@skappy-portable:~/Téléchargements$ sudo nfc-mfclassic W X originale.mfd chine.mfd
NFC reader: ACS / ACR122U PICC Interface opened
Found MIFARE Classic card:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
UID (NFCID1): ab ff 5b 93
SAK (SEL_RES): 09
Guessing size: seems to be a 320-byte card
Could not read keys file: china.mfd
skappy@skappy-portable:~/Téléchargements$
I do not understand the "Could not read keys file: china.mfd " error .
All the .dmp files are in the same folder ... I have tested many syntax with the nfc-mfclassic command (x, X, w, W...) but it does not change anything ...
May i ask you help please ? Do you know where it gets stuck please?
Thank you very much for your help ?
Have a great day
Offline
For questions about MFOC/MFUC its better to ask in the LIBNFC forum.
But are you sure you have the found keys in the file china.mdf and not in a different file?
Offline
Dear Iceman ,
Yes sorry for that, it is a cut and paste mistake,
I have done load of test with different name and different file type, and chine.mfd also exists in the folder ...
I have tried to contact the people from LIBNFC but no answer at the present time ...(the forum seems to be not so active)
I can't figure out why it does not work ... Everything seems to be ok except the nfc-mfclassic command ...
Have a great day
Offline