Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2019-06-09 03:53:40

dygos2
Contributor
Registered: 2019-06-08
Posts: 6

hf mf csetuid clone does not copy the entire Fob functions

Maybe you guys have experienced this...

I "sucessfully" copy the KeyFob A to Key Fob B using this procedure.


Search:
==============
1- proxmark3> hf sea


Results:
==============
UID : 4d 67 44 9a           
ATQA : 00 04         
SAK : 08 [2]         
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1         
proprietary non iso14443-4 card found, RATS not supported         
Chinese magic backdoor commands (GEN 1a) detected         
Prng detection: WEAK         

Valid ISO14443A Tag Found - Quiting Search

Cloning:
==============

2- proxmark3> hf mf csetuid 4d67449a

Results of the clonning:
==============
uid:4d 67 44 9a           
Chinese magic backdoor commands (GEN 1a) detected         
old block 0:  da 70 33 19 80 08 04 00 62 63 64 65 66 67 68 69           
new block 0:  4d 67 44 9a f4 08 04 00 62 63 64 65 66 67 68 69           
old UID:da 70 33 19           
new UID:4d 67 44 9a

======================================================================

My issue experienced, is that the new Keyfob cloned just access common areas such as elevator, gym, etc, but the main apartment door that also uses a KeyFob it doesn't work.
Any ideas?

Thanks.

Offline

#2 2019-06-09 06:09:48

mwalker
Moderator
Registered: 2019-05-11
Posts: 318

Re: hf mf csetuid clone does not copy the entire Fob functions

My initial though would be the general areas that work just use the UID, but the door that does not uses some data stored on the card.
i.e. you cloned the UID, but not the card data/blocks

Offline

#3 2019-06-09 10:22:58

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: hf mf csetuid clone does not copy the entire Fob functions

Usually when we say cloning we mean a identical copy of the tag.  From id, configurations and memory areas.
It will be easier to have that in mind when reading threads on this forum.

Offline

#4 2019-06-10 18:04:34

dygos2
Contributor
Registered: 2019-06-08
Posts: 6

Re: hf mf csetuid clone does not copy the entire Fob functions

Hello guys and thanks for the Reply!
mwalker, thats a good point! Should I try to copy the data/blocks?
iceman, got it, Ill keep that in mind!

Offline

#5 2019-06-11 00:38:15

dygos2
Contributor
Registered: 2019-06-08
Posts: 6

Re: hf mf csetuid clone does not copy the entire Fob functions

Hello guys...
Have been looking around ways that I can access the blocks and copy it from Key Fob A to B.
I'm really sorry if this is a dummy question, but i'm new on MF/HF codes.
To copy blocks, i'm using these steps, is that a good way to do it?

Add Key Fob A (to be copied from) on the sensor:
Function -> hf mf csave
Answer from PM3 -> Saved to file: 4d67449af40804.eml

Add Key Fob B (new copy)
Function -> hf mf cload 4d67449af40804.eml
Answer from PM3 -> File not Found

I'm following the correct procedure?
Again, im sorry for the basic question.

Offline

#6 2019-06-11 01:06:05

mwalker
Moderator
Registered: 2019-05-11
Posts: 318

Re: hf mf csetuid clone does not copy the entire Fob functions

What is the original card ?
the "c" commands are for the magic cards and wont work on non-magic cards.

Rather then give step by step instructions, I think you need to learn about what you are trying to do.
So, first up.  work out what the original card is, then see if you can read "all" the blocks from that card.
To assist in that, consider the following (all this information can be found by reading the datasheets, so google is your friend).
Assuming mifare classic.
- These cards have x blocks depending on the size (e.g. 1k 4k cards)
- The blocks are grouped into 4 block sectors (for the 1k cards)
- in Sector 1, block 0 is the UID (and some other data), every other sector has its 1st, 2nd  and 3rd blocks for user data.
- The 4th block in every sector holds the keys A and B and what those keys can do.
- you need to use a Key to read a block.  which key will depend on the permissions bits (in the 4th block of each sector)

What I expect you will find is as you try to do something it will either work and you can move forwards or it wont, meaning you need to do something else first.

I highly recommend not trying to write to the 4th block in each sector on a non magic card until you know what you are doing, you can make that sector un-usable if you get it wrong.

That magic cards are good to play with as you can use the c commands to fix anything you get wrong.

Have a play and see if you can work out how to read the original card.  Then come back with a question to help you understand.

Offline

Board footer

Powered by FluxBB