Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

Pages: 1

#1 2018-09-01 08:06:06

Nathee
Contributor
Registered: 2018-08-31
Posts: 8

[solved] Adel card

I would like to crack card of "Adel" hotel lock. I get formation key A and Key B as below. I write information block 1,2,3 of sector 0 and block 61, 62, 63 of sector 15 to another mifare card S50.

I write block 3 as a0a1a2a3a4a508778fffb0b1b2b3b4b5
I write block 15 as b227951f706f08778fffb227951f706f

I cannot use new card to open hotel lock.
What does I mistake? Must I use CUID for cloning UID too?

uid:27951f70 trgbl=60 trgkey=0         
Found valid key:b227951f706f         
Time in nested: 8.634 (2.159 sec per key)
-----------------------------------------------
Iterations count: 4
|---|----------------|---|----------------|---|         
|sec|key A           |res|key B           |res|         
|---|----------------|---|----------------|---|         
|000|  b0b1b2b3b4b5  | 1 |  b0b1b2b3b4b5  | 1 |         
|001|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|002|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|003|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|004|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|005|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|006|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|007|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|008|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|009|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|010|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|011|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|012|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|013|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|014|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|015|  b227951f706f  | 1 |  b227951f706f  | 1 |         
|---|----------------|---|----------------|---|



When I read sector 0 by key A (a0a1a2a3a4a5) and key B (b0b1b2b3b4b5) as below. I cannot read sector 0 by key A (b0b1b2b3b4b5).

proxmark3> hf mf rdsc 0 A a0a1a2a3a4a5
--sector no:0 key type:A key:a0 a1 a2 a3 a4 a5           
#db# READ SECTOR FINISHED                 
isOk:01         
data   : 27 95 1f 70 dd 08 04 00 62 63 64 65 66 67 68 69           
data   : a0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff aa           
data   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
trailer: 00 00 00 00 00 00 08 77 8f ff 00 00 00 00 00 00           
proxmark3>
proxmark3> hf mf rdsc 0 B b0b1b2b3b4b5
--sector no:0 key type:B key:b0 b1 b2 b3 b4 b5           
#db# READ SECTOR FINISHED                 
isOk:01         
data   : 27 95 1f 70 dd 08 04 00 62 63 64 65 66 67 68 69           
data   : a0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff aa           
data   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
trailer: 00 00 00 00 00 00 08 77 8f ff 00 00 00 00 00 00           



When I read sector 15 by key A and key B as below.

proxmark3> hf mf rdsc 15 A b227951f706f
--sector no:15 key type:A key:b2 27 95 1f 70 6f           
#db# READ SECTOR FINISHED                 
isOk:01         
data   : 17 93 15 48 50 55 85 85 57 56 53 92 88 59 64 92           
data   : 88 88 88 88 88 88 88 88 dd dd dd dd dd 32 00 00           
data   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
trailer: 00 00 00 00 00 00 08 77 8f ff 00 00 00 00 00 00           
proxmark3>
proxmark3> hf mf rdsc 15 B b227951f706f
--sector no:15 key type:B key:b2 27 95 1f 70 6f           
#db# READ SECTOR FINISHED                 
isOk:01         
data   : 17 93 15 48 50 55 85 85 57 56 53 92 88 59 64 92           
data   : 88 88 88 88 88 88 88 88 dd dd dd dd dd 32 00 00           
data   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
trailer: 00 00 00 00 00 00 08 77 8f ff 00 00 00 00 00 00

Last edited by Nathee (2018-09-01 14:07:15)

Offline

#2 2018-09-01 16:14:18

app_o1
Contributor
Registered: 2013-06-22
Posts: 247

Re: [solved] Adel card

I write block 3 as a0a1a2a3a4a508778fffb0b1b2b3b4b5
I write block 15 as b227951f706f08778fffb227951f706f

What about the others blocks? You are missing something...

Offline

#3 2018-09-02 04:29:26

Nathee
Contributor
Registered: 2018-08-31
Posts: 8

Re: [solved] Adel card

I write as below, but it doesn't work.

Sector 0
Block 1  : a0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff aa           
Block 2  : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
Block 3  : a0 a1 a2 a3 a4 a5 08 77 8f ff b0 b1 b2 b3 b4 b5

Sector 15
Block 60  : 17 93 15 48 50 55 85 85 57 56 53 92 88 59 64 92           
Block 61  : 88 88 88 88 88 88 88 88 dd dd dd dd dd 32 00 00           
Block 62  : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
Block 63  : b2 27 95 1f  70 6f  08 77 8f  ff  b2 27 95 1f  70 6f

Last edited by Nathee (2018-09-02 04:30:03)

Offline

#4 2018-09-04 05:58:40

Sentinel
Contributor
Registered: 2012-11-26
Posts: 191

Re: [solved] Adel card

http://www.proxmark.org/forum/viewtopic.php?id=5312

Offline

#5 2018-09-05 14:37:16

Nathee
Contributor
Registered: 2018-08-31
Posts: 8

Re: [solved] Adel card

It work now. I must clone UID too.

Offline

#6 2019-01-24 16:19:54

garavca
Contributor
Registered: 2019-01-24
Posts: 2

Re: [solved] Adel card

I have proxmark 3 easy, but I have no idea how to use it. adel lock, encoder and cards available in my hand. some models need to have the Sak code 19, but on some models the lock code can work without notice. How can I copy these cards or how can I solve the algorithm? I have acr122u on my device but it doesn't work because I can't change the first block. It only works on uid cards and it is very cost effective. If you can help please.

sorry for using google translation. not enough english.

Offline

Pages: 1

Board footer

Powered by FluxBB