Also any MIFARE chip that does not originate from NXP/Infineon/Mikron is violating intellectual property laws. MIFARE clones are surprisingly numerous and are made by many different manufacturers, like Fudan, ISSI, Integral, Silicon craft, Belling, Unicore, Quanray, Angstrem, SHHIC etc. It's like it became an industry standard product.
]]>I discussed at length the UID changeable chips with a sales rep for a large RFID manufacturer in China, and I was informed that the chips are considered at odds with Intellectual Property law and are very much grey market, which is why it took me a good week to find a supplier who had them at all, let alone was able to manufacture a sample batch for me. I've reached out to the sales rep who actually sold me these samples for some clarification, as I'm extremely interested in the origins of these chips. My particular chips show up with a standard 4-byte UID and the bcdefghi manufacturing information, until you load a dump on, after which it shows up as a proper Mifare S50 to the TagReader app.
]]>I'm asking this question because I received a few days ago some UID writeable chips that I ordered from Banggood here. (they were advertised as "Block writable" however they need the "magic command" to change the UID)
I'm wondering if a company created MIFARE chip clones specifically designed to be "UID writable", or if these are emulators based on some kind of microcontroller, or maybe a chip in which a backdoor was discovered but was only intended to be used during manufacturing.
I noticed that the block 0 ends with "bcdefghi" and by googling "mifare bcdefghi" and I found a paper from Nicolas Courtois where at page 99 he says that Kiev transport cards use Fudan microelectronics FM11RF08 and that the block 0 ends with "bcdefghi". Of course this does neither means that FM11RF08 chips are UID changeable nor that a chip which block 0 ends with "bcdefghi" is a Fudan FM11RF08, but this might be a clue concerning the source of these "UID changeable" chips. Maybe i'll order cards with FM11RF08 to see if they have the backdoor to change the UID
]]>