Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2017-03-02 13:40:18

dimvia
Contributor
From: rf
Registered: 2016-01-13
Posts: 13

UID Changeable s70 delete 0 sector.

how to format the card? I can make nothing with 0 sector.All others are available uid is read/
proxmark3> hf 14a read
UID : xx xx xx xx           
ATQA : 00 02         
SAK : 18 [2]         
TYPE : NXP MIFARE Classic 4k | Plus 4k SL1         
SAK incorrectly claims that card doesn't support RATS         
ATS : 09 78 00 91 02 da bc 19 10 f0 05           
       -  TL : length is 9 bytes         
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)         
       - TA1 : different divisors are supported, DR: [], DS: []         
       - TB1 : SFGI = 1 (SFGT = 8192/fc), FWI = 9 (FWT = 2097152/fc)         
       - TC1 : NAD is NOT supported, CID is supported         
       -  HB : da bc 19 10           
Answers to chinese magic backdoor commands: NO   

hf list 14a
Recorded Activity (TraceLen = 144 bytes)         
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer         
iso14443a - All times are in carrier periods (1/13.56Mhz)         
iClass    - Timings are not as accurate         
      Start |        End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |         
------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|         
          0 |        992 | Rdr | 52                                                              |     | WUPA         
       2244 |       4612 | Tag | 02  00                                                          |     |           
       7040 |       9504 | Rdr | 93  20                                                          |     | ANTICOLL         
      10692 |      16580 | Tag | xx  xx  xx  xx  xx                                              |     |           
      18944 |      29472 | Rdr | 93  70  4f  xx xx xx xx  39  a7                              |  ok | SELECT_UID         
      30660 |      34244 | Tag | 18  37  cd                                                      |     |           
    4627712 |    4632480 | Rdr | e0  80  31  73                                                  |  ok | RATS         
    4635716 |    4648452 | Tag | 09  78  00  91  02  da  bc  19  10  f0  05                      |  ok |           
    5167744 |    5168736 | Rdr | 40                                                              |     | MAGIC WUPC1         
    5305600 |    5306912 | Rdr | 43                                                              |     | MAGIC WUPC2         
    5444224 |    5448992 | Rdr | 50  00  57  cd   

proxmark3> hf mf csetuid 11111111
--wipe card:NO  uid:11 11 11 11           
#db# wupC1 error                 
Couldn't get old data. Will write over the last bytes of Block 0.         
new block 0:  11 11 11 11 00 00 00 00 00 00 00 00 00 00 00 00           
#db# write block send command error                 
Can't set UID. error=2         


proxmark3> hw ver
[[[ Cached information ]]]
Prox/RFID mark3 RFID instrument         
bootrom: iceman/master/v1.1.0-1685-g325f26e-suspect 2016-11-03 17:04:43
os: iceman/master/v1.1.0-1685-g325f26e-suspect 2016-11-03 17:04:48
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at  9: 8: 8
uC: AT91SAM7S512 Rev B         
Embedded Processor: ARM7TDMI         
Nonvolatile Program Memory Size: 512K bytes. Used: 216402 bytes (41%). Free: 307886 bytes (59%).

Offline

#2 2017-03-02 14:18:40

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: UID Changeable s70 delete 0 sector.

You can't use hf mf c* commands on a Generation2 tag.   Use the normal rdbl/wrbl instead.

Offline

#3 2017-03-02 14:44:06

dimvia
Contributor
From: rf
Registered: 2016-01-13
Posts: 13

Re: UID Changeable s70 delete 0 sector.

Example? Key not read/

Last edited by dimvia (2017-03-02 15:16:06)

Offline

#4 2017-03-02 15:14:35

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: UID Changeable s70 delete 0 sector.

search the forum, read the wiki,  use google,  don't be lazy.

Offline

#5 2017-03-02 15:28:48

dimvia
Contributor
From: rf
Registered: 2016-01-13
Posts: 13

Re: UID Changeable s70 delete 0 sector.

I have already rummaged everything. The key is unknown. crypto_bs errror on 0 sector. Please me.

proxmark3> hf 14a raw -p -b 7 40
received 0 octets

Last edited by dimvia (2017-03-02 15:55:26)

Offline

#6 2017-03-09 12:10:51

dimvia
Contributor
From: rf
Registered: 2016-01-13
Posts: 13

Re: UID Changeable s70 delete 0 sector.

All block 0 is erased. How to write down the new block using hf 14a raw? It works on gen2? remagic.lua not work.
hf 14a raw -p -b 7 40
received 0 octets

hf 14a raw -p -b 7 26
received 2 octets
02 00

A000 and 30000 not work.
I can't rewrite 0 block.

proxmark3> hf 14a raw -p -s e0  50  bc  a5
received 4 octets         
XX XX XX XX           
received 11 octets         
09 78 00 91 02 DA BC 19 10 F0 05           
proxmark3> hf 14a  raw -p 0a  00  00  a6  b0  00  10  14  1d
received 6 octets
0A 00 90 00 F3 93
proxmark3> hf 14a  raw -p 0b  00  00  a6  b0  01  10  19  9b
received 6 octets         
0B 00 90 00 48 8F

Last edited by dimvia (2017-03-09 14:11:54)

Offline

#7 2018-01-09 21:16:59

pruwait
Contributor
Registered: 2018-01-07
Posts: 8

Re: UID Changeable s70 delete 0 sector.

I have a same problem.
My mf s50 is damaged too. Key A|B is not read. Standart keys from *.dic is not working.

I was wrote zero block with 00 using Android MCT.
And now:

 pm3 --> hf search

Card doesn't support standard iso14443-3 anticollision
ATQA : 00 00

Valid ISO14443-A Tag Found - Quiting Search 

pm3 --> hf mf rdbl 0 B FFFFFFFFFFFF
--block no:0, key type:B, key:FF FF FF FF FF FF
#db# Auth error
isOk:00

pm3 -->  hf mf rdbl 0 B 000000000000
--block no:0, key type:B, key:00 00 00 00 00 00
#db# Auth error
isOk:00

pm3 --> hf 14a raw -a -p -b 7 40
received 0 bytes:
pm3 --> hf 14a raw -p -c 3000
received 0 bytes:
pm3 --> hf 14a raw -p -c A000
received 0 bytes:
pm3 --> hf 14a raw -p -c E94094211c18040041424344454647
received 0 bytes:
pm3 --> hf 14a raw -p -c 3000
received 0 bytes:
pm3 --> hf 14a raw -r 00
pm3 --> hf 14a read
Card doesn't support standard iso14443-3 anticollision
ATQA : 00 00
pm3 --> hf 14a list
Recorded Activity (TraceLen = 21 bytes)

Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)

      Start |        End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |
------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|
          0 |        992 | Rdr |52                                                               |     | WUPA
       2244 |       4612 | Tag |00  00                                                           |     |

pm3 --> hf 14a raw -a -p -b 7 52
received 0 bytes:
pm3 --> hf 14a raw -a -p -b 7 52
received 2 bytes:
00 00
pm3 --> hf 14a raw -a -p -b 7 26
received 0 bytes:
pm3 --> hf 14a raw -a -p -b 7 26
received 2 bytes:
00 00

Any idea?

Offline

Board footer

Powered by FluxBB