Chinese Magic Card CUID/Gen2 recovery

hph86 · 2017-09-21 19:46:13

Hi everyone,

I have ordered several magic cards (gen1 and gen2). For a gen2 CUID card I have screwed up the BCC of the 4-byte UID. That has bricked the card in a way that it does not show up in nfc-list anymore. However, I can still "talk" to the card. Thus, I am trying to patch my libnfc to make it ignore the wrong BCC.

Now my question: Does my endeavor make sense or isn't it possible to trick libnfc into authenticating to sector0 and re-writing a correct BCC? From the blog posts I have read so far, I can see that it seems to be a known/common problem, but I could not find a definitive answer if unbricking a CUID card is possible (and nobody impleneted it yet) or if it is impossible.

Best regards!

P.S.: I am currently working with an ACR122 on libnfc while my PM3 is in transit.

Dot.Com · 2017-09-22 17:17:06

Probably perma bricked. Even the chinese company who does it as no answers to it yet.

Until now I have not find a way to fix it yet. Probably no answer to it till date.

A bad access bits probably bricks it instantly. So to guys out there. Be warned about it.

hph86 · 2017-09-24 19:20:59

Thanks for your reply! I will poke around some more with it and post my findings here

iceman · 2017-09-25 10:00:44

Haven't tried to "recover" a gen2, since its suppose to follow protocols quite well.
ie write a bad bcc and the readers will think its a bad card. Luckily PM3 has options, you use the hf 14a raw commands to make a custom anti-collision and but the mifare authentication part will be hard to get by.

We would need a "hf mf raw" command which does mifare classic protocol.

Proxmark3 community

Announcement

#1 2017-09-21 19:46:13

Chinese Magic Card CUID/Gen2 recovery

#2 2017-09-22 17:17:06

Re: Chinese Magic Card CUID/Gen2 recovery

#3 2017-09-24 19:20:59

Re: Chinese Magic Card CUID/Gen2 recovery

#4 2017-09-25 10:00:44

Re: Chinese Magic Card CUID/Gen2 recovery

Board footer