Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
#1 2024-03-28 18:03:52
- MaxPayne999
- Contributor
- Registered: 2024-03-26
- Posts: 12
Missing keys when trying to clone Mifare Classic 1k
Hello everyone,
I am trying to clone a Mifare Classic 1k used for a coffee machine. More for the learning process than for the coffee itself !
I have a proxmark3, I have flashed the firmware thanks to Iceman's Wiki.
Now I've tried few commands, I am pretty confused because when I use the hf mf autopwn command, I see that 7 keys are missing.
I am not really sure what I am supposed to do next...
Here below you will find the output of the commands :
usb] pm3 --> hw version
[ Proxmark3 RFID instrument ]
[ Client ]
Iceman/master/v4.18341-6-g1a7b2856e-suspect 2024-03-25 13:37:46 20d6f7f37
compiled with............. GCC 13.2.0
platform.................. Linux / x86_64
Readline support.......... present
QT GUI support............ present
native BT support......... absent
Python script support..... present
Lua SWIG support.......... present
Python SWIG support....... present
[ Proxmark3 ]
device.................... device / fw mismatch
firmware.................. RDV4
external flash............ present
smartcard reader.......... absent
FPC USART for BT add-on... absent
[ ARM ]
bootrom: Iceman/master/v4.18341-6-g1a7b2856e-suspect 2024-03-25 13:38:14 20d6f7f37
os: Iceman/master/v4.18341-6-g1a7b2856e-suspect 2024-03-25 13:38:31 20d6f7f37
compiled with GCC 13.2.1 20231009
[ FPGA ]
fpga_pm3_lf.ncd image 2s30vq100 2024-02-03 15:12:10
fpga_pm3_hf.ncd image 2s30vq100 2024-02-03 15:12:20
fpga_pm3_felica.ncd image 2s30vq100 2024-02-03 15:12:41
fpga_pm3_hf_15.ncd image 2s30vq100 2024-02-03 15:12:31
[ Hardware ]
--= uC: AT91SAM7S512 Rev B
--= Embedded Processor: ARM7TDMI
--= Internal SRAM size: 64K bytes
--= Architecture identifier: AT91SAM7Sxx Series
--= Embedded flash memory 512K bytes ( 69% used )
[usb] pm3 --> hf search
[!] ⚠ No known/supported 13.56 MHz tags found
[usb] pm3 --> hf search
? Searching for ISO14443-A tag...
[+] UID: 8C C3 A6 0C
[+] ATQA: 00 04
[+] SAK: 08 [2]
[+] Possible types:
[+] MIFARE Classic 1K
[=] proprietary non iso14443-4 card found, RATS not supported
[+] Prng detection....... weak
[?] Hint: try `hf mf` commands
[+] Valid ISO 14443-A tag found
[+] UID: 8C C3 A6 0C
[+] ATQA: 00 04
[+] SAK: 08 [2]
[+] Possible types:
[+] MIFARE Classic 1K
[=] proprietary non iso14443-4 card found, RATS not supported
[+] Prng detection....... weak
[?] Hint: try `hf mf` commands
[+] Valid ISO 14443-A tag found
[usb] pm3 --> hf mf autopwn
[!] ⚠ no known key was supplied, key recovery might fail
[+] loaded 5 dynamic keys
[+] loaded 61 keys from hardcoded default array
[=] running strategy 1
[=] .
[=] running strategy 2
[=] .
[+] target sector 0 key type A -- found valid key [ FFFFFFFFFFFF ] (used for nested / hardnested attack)
[+] target sector 0 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 1 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 1 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 2 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 2 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 3 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 3 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 4 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 4 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 5 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 5 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 6 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 6 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 7 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 7 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 8 key type A -- found valid key [ A0A1A2A3A4A5 ]
[+] target sector 9 key type A -- found valid key [ A0A1A2A3A4A5 ]
[+] target sector 10 key type A -- found valid key [ A0A1A2A3A4A5 ]
[+] target sector 11 key type A -- found valid key [ A0A1A2A3A4A5 ]
[+] target sector 12 key type A -- found valid key [ A0A1A2A3A4A5 ]
[+] target sector 13 key type A -- found valid key [ A0A1A2A3A4A5 ]
[+] target sector 14 key type A -- found valid key [ A0A1A2A3A4A5 ]
[+] target sector 15 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 15 key type B -- found valid key [ FFFFFFFFFFFF ]
[-] ⛔ Tag isn't vulnerable to Nested Attack (PRNG is probably not predictable).
[-] ⛔ Nested attack failed --> try hardnested
[=] Hardnested attack starting...
[=] ---------+---------+---------------------------------------------------------+-----------------+-------
[=] | | | Expected to brute force
[=] Time | #nonces | Activity | #states | time
[=] ---------+---------+---------------------------------------------------------+-----------------+-------
[=] 0 | 0 | Start using 4 threads and AVX SIMD core | |
[=] 0 | 0 | Brute force benchmark: 1021 million (2^29.9) keys/s | 140737488355328 | 2d
[=] 1 | 0 | Loaded 0 RAW / 351 LZ4 / 0 BZ2 in 872 ms | 140737488355328 | 2d
[=] 1 | 0 | Using 239 precalculated bitflip state tables | 140737488355328 | 2d
[!!] ? Error: Static encrypted nonce detected. Aborted
[+] found keys:
[+] -----+-----+--------------+---+--------------+----
[+] Sec | Blk | key A |res| key B |res
[+] -----+-----+--------------+---+--------------+----
[+] 000 | 003 | FFFFFFFFFFFF | D | FFFFFFFFFFFF | D
[+] 001 | 007 | FFFFFFFFFFFF | D | FFFFFFFFFFFF | D
[+] 002 | 011 | FFFFFFFFFFFF | D | FFFFFFFFFFFF | D
[+] 003 | 015 | FFFFFFFFFFFF | D | FFFFFFFFFFFF | D
[+] 004 | 019 | FFFFFFFFFFFF | D | FFFFFFFFFFFF | D
[+] 005 | 023 | FFFFFFFFFFFF | D | FFFFFFFFFFFF | D
[+] 006 | 027 | FFFFFFFFFFFF | D | FFFFFFFFFFFF | D
[+] 007 | 031 | FFFFFFFFFFFF | D | FFFFFFFFFFFF | D
[+] 008 | 035 | A0A1A2A3A4A5 | D | ------------ | 0
[+] 009 | 039 | A0A1A2A3A4A5 | D | ------------ | 0
[+] 010 | 043 | A0A1A2A3A4A5 | D | ------------ | 0
[+] 011 | 047 | A0A1A2A3A4A5 | D | ------------ | 0
[+] 012 | 051 | A0A1A2A3A4A5 | D | ------------ | 0
[+] 013 | 055 | A0A1A2A3A4A5 | D | ------------ | 0
[+] 014 | 059 | A0A1A2A3A4A5 | D | ------------ | 0
[+] 015 | 063 | FFFFFFFFFFFF | D | FFFFFFFFFFFF | D
[+] -----+-----+--------------+---+--------------+----
[=] ( D:Dictionary / S:darkSide / U:User / R:Reused / N:Nested / H:Hardnested / C:statiCnested / A:keyA )Thank you for your support.
Offline
#2 2024-03-30 10:06:06
- MaxPayne999
- Contributor
- Registered: 2024-03-26
- Posts: 12
Re: Missing keys when trying to clone Mifare Classic 1k
I also tried hardenest, but same reuslts :
sb] pm3 --> hf mf hardnested --tblk 4 --ta
[!] ⚠ Key is wrong. Can't authenticate to block: 0 key type: A
[usb] pm3 --> hf mf brute
[=] Running bruteforce stage 0
[=] ......
[=] ......
[=] ......
[=] Running bruteforce stage 1
[=] Current cracking speed (keys/s): 6
[=] ...
[=] ...
[=] ...
[=] Running bruteforce stage 2
[=] Current cracking speed (keys/s): 14
[=] Time in brute mode: 61.7s
[=] Total keys checked: 548
[+] found keys:
[+] -----+-----+--------------+---+--------------+----
[+] Sec | Blk | key A |res| key B |res
[+] -----+-----+--------------+---+--------------+----
[+] 000 | 003 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
[+] 001 | 007 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
[+] 002 | 011 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
[+] 003 | 015 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
[+] 004 | 019 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
[+] 005 | 023 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
[+] 006 | 027 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
[+] 007 | 031 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
[+] 008 | 035 | A0A1A2A3A4A5 | 1 | ------------ | 0
[+] 009 | 039 | A0A1A2A3A4A5 | 1 | ------------ | 0
[+] 010 | 043 | A0A1A2A3A4A5 | 1 | ------------ | 0
[+] 011 | 047 | A0A1A2A3A4A5 | 1 | ------------ | 0
[+] 012 | 051 | A0A1A2A3A4A5 | 1 | ------------ | 0
[+] 013 | 055 | A0A1A2A3A4A5 | 1 | ------------ | 0
[+] 014 | 059 | A0A1A2A3A4A5 | 1 | ------------ | 0
[+] 015 | 063 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
[+] -----+-----+--------------+---+--------------+----
[+] ( 0:Failed / 1:Success )Offline
#3 2024-03-31 19:26:43
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,507
- Website
Re: Missing keys when trying to clone Mifare Classic 1k
You will need to sniff...
Offline
#4 2024-04-01 12:58:33
- MaxPayne999
- Contributor
- Registered: 2024-03-26
- Posts: 12
Re: Missing keys when trying to clone Mifare Classic 1k
ok tanks for your reply, I will try to sniff. I will let you know.
Offline
#5 2024-04-03 17:21:54
- MaxPayne999
- Contributor
- Registered: 2024-03-26
- Posts: 12
Re: Missing keys when trying to clone Mifare Classic 1k
I was able to sniff the messages, and I could find the missing key.
Then I could dump the content of the tag, and I cloned it without any problem.
Now, I am trying to understand the dump content, and how the amount is stored.
I read the content with an amount of 0.57€ and with 0.14€ and I tried to find the differences but I don't understand what's really happening :
With 0.57€ :
"0": "8CC3A60CE508040004A78AA4786D7E90",
"1": "00000000000000000000000000000000",
"2": "00000000000000000000000000000000",
"3": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
"4": "00000000000000000000000000000000",
"5": "00000000000000000000000000000000",
"6": "00000000000000000000000000000000",
"7": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
"8": "00000000000000000000000000000000",
"9": "00000000000000000000000000000000",
"10": "00000000000000000000000000000000",
"11": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
"12": "00000000000000000000000000000000",
"13": "00000000000000000000000000000000",
"14": "00000000000000000000000000000000",
"15": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
"16": "00000000000000000000000000000000",
"17": "00000000000000000000000000000000",
"18": "00000000000000000000000000000000",
"19": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
"20": "00000000000000000000000000000000",
"21": "00000000000000000000000000000000",
"22": "00000000000000000000000000000000",
"23": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
"24": "00000000000000000000000000000000",
"25": "00000000000000000000000000000000",
"26": "00000000000000000000000000000000",
"27": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
"28": "00000000000000000000000000000000",
"29": "00000000000000000000000000000000",
"30": "00000000000000000000000000000000",
"31": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
"32": "D15A88657B63EA7626A9B9B32C818432",
"33": "11591385B56EFA32468F4A7029F31A69",
"34": "AD2EC872C213F76691B291639B1FDE60",
"35": "A0A1A2A3A4A50F00FFFF63CBD2BE54EA",
"36": "A4EBD1CFD26C57118F76BD70B76529B2",
"37": "3ADB2949CC66C37835982019FE25BCE7",
"38": "31E081E415030B96A04B4E377A8706B7",
"39": "A0A1A2A3A4A50F00FFFF63CBD2BE54EA",
"40": "0337911CD3CE01CCBCEF044D12E6FECE",
"41": "E2FC1F69745116FF2E5A9C797D6DC7FE",
"42": "4779F5B75910906B35982019FE25BCE7",
"43": "A0A1A2A3A4A50F00FFFF63CBD2BE54EA",
"44": "31E081E415030B968C8282B7B72F9F7E",
"45": "3B4560E4B0DB41C8A7A32A4B7764F0F7",
"46": "FD7C3A247C3758AB35982019FE25BCE7",
"47": "A0A1A2A3A4A50F00FFFF63CBD2BE54EA",
"48": "00000000000000000000000000000000",
"49": "00000000000000000000000000000000",
"50": "00000000000000000000000000000000",
"51": "A0A1A2A3A4A50F00FFFF63CBD2BE54EA",
"52": "FDB6B6D2F1071E5135982019FE25BCE7",
"53": "00000000000000000000000000000000",
"54": "00000000000000000000000000000000",
"55": "A0A1A2A3A4A50F00FFFF63CBD2BE54EA",
"56": "00000000000000000000000000000000",
"57": "00000000000000000000000000000000",
"58": "00000000000000000000000000000000",
"59": "A0A1A2A3A4A50F00FFFF63CBD2BE54EA",
"60": "00000000000000000000000000000000",
"61": "00000000000000000000000000000000",
"62": "00000000000000000000000000000000",
"63": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF"
With 0.14€
"0": "8CC3A60CE508040004A78AA4786D7E90",
"1": "00000000000000000000000000000000",
"2": "00000000000000000000000000000000",
"3": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
"4": "00000000000000000000000000000000",
"5": "00000000000000000000000000000000",
"6": "00000000000000000000000000000000",
"7": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
"8": "00000000000000000000000000000000",
"9": "00000000000000000000000000000000",
"10": "00000000000000000000000000000000",
"11": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
"12": "00000000000000000000000000000000",
"13": "00000000000000000000000000000000",
"14": "00000000000000000000000000000000",
"15": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
"16": "00000000000000000000000000000000",
"17": "00000000000000000000000000000000",
"18": "00000000000000000000000000000000",
"19": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
"20": "00000000000000000000000000000000",
"21": "00000000000000000000000000000000",
"22": "00000000000000000000000000000000",
"23": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
"24": "00000000000000000000000000000000",
"25": "00000000000000000000000000000000",
"26": "00000000000000000000000000000000",
"27": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
"28": "00000000000000000000000000000000",
"29": "00000000000000000000000000000000",
"30": "00000000000000000000000000000000",
"31": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
"32": "D15A88657B63EA7626A9B9B32C818432",
"33": "11591385B56EFA32468F4A7029F31A69",
"34": "AD2EC872C213F76691B291639B1FDE60",
"35": "A0A1A2A3A4A50F00FFFF63CBD2BE54EA",
"36": "D582C119457EF199A52EEFBFC94BC2FA",
"37": "DD749EA41149F46C35982019FE25BCE7",
"38": "31E081E415030B968C8282B7B72F9F7E",
"39": "A0A1A2A3A4A50F00FFFF63CBD2BE54EA",
"40": "3B4560E4B0DB41C8AE878BA69D2D382B",
"41": "F5D1BA5757DD644C83EA4894C98D00E8",
"42": "4779F5B75910906B35982019FE25BCE7",
"43": "A0A1A2A3A4A50F00FFFF63CBD2BE54EA",
"44": "31E081E415030B968C8282B7B72F9F7E",
"45": "3B4560E4B0DB41C8A1199FDF89A421F7",
"46": "FD7C3A247C3758AB35982019FE25BCE7",
"47": "A0A1A2A3A4A50F00FFFF63CBD2BE54EA",
"48": "00000000000000000000000000000000",
"49": "00000000000000000000000000000000",
"50": "00000000000000000000000000000000",
"51": "A0A1A2A3A4A50F00FFFF63CBD2BE54EA",
"52": "FDB6B6D2F1071E5135982019FE25BCE7",
"53": "00000000000000000000000000000000",
"54": "00000000000000000000000000000000",
"55": "A0A1A2A3A4A50F00FFFF63CBD2BE54EA",
"56": "00000000000000000000000000000000",
"57": "00000000000000000000000000000000",
"58": "00000000000000000000000000000000",
"59": "A0A1A2A3A4A50F00FFFF63CBD2BE54EA",
"60": "00000000000000000000000000000000",
"61": "00000000000000000000000000000000",
"62": "00000000000000000000000000000000",
"63": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF"I can see fow blocks are changing, but I am not able to understand the logic.
57 = 39 in hexadecimal but can't find any 0x00 0x39. I've tried reverting the bytes order too. I've also tried to compute CRC... I miss something..
If you have any clue how am I supposed to understand the dump it could be nice.
Thanks
Offline
#6 2024-04-03 17:42:23
- fazer
- Contributor
- Registered: 2019-03-02
- Posts: 154
Re: Missing keys when trying to clone Mifare Classic 1k
Hello, your dump is encrypted with a key.
Your key, Aztek or Luxéo badge for a coffee machine?
In your pm3 / lua script there are tools that will do the job.
http://www.proxmark.org/forum/viewtopic.php?id=12023 <<<<< look here
Your XTEA key = C38C198B-0CA646D8-609E5310-590CFFCB with your UID.
Your key to decrypt your dump = 63CBD2BE54EA
Last edited by fazer (2024-04-03 18:27:29)
Offline
#7 2024-04-03 19:41:03
- MaxPayne999
- Contributor
- Registered: 2024-03-26
- Posts: 12
Re: Missing keys when trying to clone Mifare Classic 1k
Thanks for your reply !
Indeed it make sense now.
You are right, it is written Aztek on the reader of the machine.
I had a look at the thread you mentioned.
I assume that I need to use the hf_14a_aztek.lua script right ?
How should I run it using the key to decrypt ? How did you find the XTEA key ?
Sorry for the beginner questions.
Thanks
Offline
#8 2024-04-04 11:35:38
- fazer
- Contributor
- Registered: 2019-03-02
- Posts: 154
Re: Missing keys when trying to clone Mifare Classic 1k
Hello, yes you must use your key to decrypt your dump with the script that is in the pm3 tools, check if your key is in there if not add it."63CBD2BE54EA"
Your XTEA key with a little homemade software.
Offline
#9 2024-04-04 13:20:09
- MaxPayne999
- Contributor
- Registered: 2024-03-26
- Posts: 12
Re: Missing keys when trying to clone Mifare Classic 1k
Not sure to understand where am I supposed to add the key.
I read the code of hf_14a_aztek and hf_mf_dump_luxeo but no there is no editable variable key.
Or maybe should I pass it as argument when I call the script ?
Offline
#10 2024-04-04 16:09:13
- fazer
- Contributor
- Registered: 2019-03-02
- Posts: 154
Re: Missing keys when trying to clone Mifare Classic 1k
local keys = {
"FFA33386441C",
"4B6A43059B64",
"C8BE6250C9C5",
}
script hf_mf_dump_luxeo,This is a script that tries to dump and decrypt the data of a specific type of Mifare laundromat token.
OBS! Tag must be on the antenna.
]]
example = [[
script run hf_mf_dump_luxeo
maybe here I don't work with this script so?. try he has to do the job.
Oh yes, you will have to calculate the new “crc” after modifying the balance.
Last edited by fazer (2024-04-04 17:43:51)
Offline
#11 2024-04-04 20:19:52
- MaxPayne999
- Contributor
- Registered: 2024-03-26
- Posts: 12
Re: Missing keys when trying to clone Mifare Classic 1k
Works perfectly thank you very much
[usb] pm3 --> script run hf_mf_dump_luxeo.lua
[+] executing lua hf_mf_dump_luxeo.lua
[+] args ''
[=] Current debug log level..... 0 ( none )
[=] setting device debug loglevel to 0
[#] Debug log level......... 0 ( off )
UID: 8CC3A60C
XTEA key: C38C198B 0CA646D8 609E5310 590CFFCB
Ciphered data:
D15A88657B63EA7626A9B9B32C818432
11591385B56EFA32468F4A7029F31A69
AD2EC872C213F76691B291639B1FDE60
D582C119457EF199D693EAE8DF4DF11F
DD749EA41149F46C35982019FE25BCE7
31E081E415030B968C8282B7B72F9F7E
3B4560E4B0DB41C832A6952604E57790
F5D1BA5757DD644C0AD1C640C29E39C9
4779F5B75910906B35982019FE25BCE7
31E081E415030B968C8282B7B72F9F7E
3B4560E4B0DB41C8B68ABB8A5A87A3B1
FD7C3A247C3758AB35982019FE25BCE7
Header:
4C55582F550000000000000000002843
24020410091009100000000000004A2D
2E02040A010001000000000000006972
CRC16/ARC = 0x7269 OK
DataA:
0500108300DBB5262404441300190100
0E000000000000000000000000000000
00007F7F7F7F7F1F1F1F0000FF034227
000000002402270000000000000049FE
Version 0x0005
Credit : 0.14
CRC16/ARC = 0xFE49 OK
Date: 2024/04/04 13:19
DataB:
0400108300DBB4F72404440800020100
39000000000000000000000000000000
00007F7F7F7F7F1F1F1F0000FF034227
00000000240227000000000000003CCB
Version 0x0004
Credit : 0.57
CRC16/ARC = 0xCB3C OK
Date: 2024/04/04 08:02
Footer:
01000000000001D10000000000000000
[+] finished hf_mf_dump_luxeo.luaNow I am pretty surprised that the amount is not the same on DataA (0.14€) and DataB (0.57€).
Now if I want to modify this value, do I need to modify the plain text and recipher the dump ?
Offline
#12 2024-04-05 16:03:25
- fazer
- Contributor
- Registered: 2019-03-02
- Posts: 154
Re: Missing keys when trying to clone Mifare Classic 1k
Hello, data A balance, data B old balance, yes you must modify your data A balance as well as the CRC and re-encrypt to make a restore in your original badge, I advise you to make a clone of this badge as far as possible to to try.
Just for information.
in your header 0910 0910 site code repeated 2 times
Last edited by fazer (2024-04-13 07:26:22)
Offline
#13 2024-04-06 20:41:19
- MaxPayne999
- Contributor
- Registered: 2024-03-26
- Posts: 12
Re: Missing keys when trying to clone Mifare Classic 1k
Hello, thank you for the infos again Fazer, very useful !
I modified the value and recalculated the CRC.
Now how should I re-encrypt the data ?
Offline
#14 2024-04-07 10:18:55
- fazer
- Contributor
- Registered: 2019-03-02
- Posts: 154
Re: Missing keys when trying to clone Mifare Classic 1k
Hi, OBS! Tag must be on the antenne
you need the badge on the antenna I can't help you, maybe a change in the script??.
Offline
#15 2024-04-08 07:58:12
- MaxPayne999
- Contributor
- Registered: 2024-03-26
- Posts: 12
Re: Missing keys when trying to clone Mifare Classic 1k
Hi !
Ok but which script I need to use ?
Offline
#16 2024-04-08 16:42:00
- fazer
- Contributor
- Registered: 2019-03-02
- Posts: 154
Re: Missing keys when trying to clone Mifare Classic 1k
Hello, I think the same script that you used because it must do decryted and crypted? I guess.
Offline
#17 2024-04-09 12:51:42
- MaxPayne999
- Contributor
- Registered: 2024-03-26
- Posts: 12
Re: Missing keys when trying to clone Mifare Classic 1k
Indeed there is a function xteaCrypt in the script but not called. I am trying to modify the script the re-cipher the decrypted data.
Offline
#18 2024-04-11 09:19:19
- MaxPayne999
- Contributor
- Registered: 2024-03-26
- Posts: 12
Re: Missing keys when trying to clone Mifare Classic 1k
So, I modified the script in order to change the balance and recalculate the CRC of the clear data. Then I used the xteaCrypt function to cipher the modified data and display it. Then, I just changed the initial binary dump in accordance, and reload it.
Works perfectly fine.
Thanks fazer for your help.
The thread is now resolved.
Offline
#19 2024-04-11 16:10:00
- fazer
- Contributor
- Registered: 2019-03-02
- Posts: 154
Re: Missing keys when trying to clone Mifare Classic 1k
good evening, you're welcome
Offline