Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2019-10-31 11:09:31

aqua
Contributor
Registered: 2019-10-25
Posts: 2

Simulate an encrypted ULEV1 card with my Phone

Pretty new here. I'm trying to simulate my room card, which is mifare ultralight ev1 (48byte). After reading some posts (especially this one http://www.proxmark.org/forum/viewtopic.php?id=2392), I guess the steps are as follows:

1. Sniff the communication between my card and my door, and get the key by searching "1b" command.
2. Dump the content with this key.
3. Write the decrypted content into a new card.
4. Simulate this new card with my phone.

My questions:
(a) Has anyone successfully simulated an ultralight ev1 card with your phone? If so, which model is your phone?
(b) My phone is huawei mate 20 pro. It can simulate the encrypted card, but cannot open my door. I guess the reason comes from the encryption. The UID should have been encrypted.
(c) In step 3, which new card can I choose? Are NTAG 213/215/216 OK? If so, why can they communicate with my door correctly? What are differences between 213/215/216? I also find that there are writeable ulev1 cards in Chinese online market (https://www.aliexpress.com/), but I doubt whether they really work.
(d) In step 3, is it true that I can write the new card without password parameter, and if so then the UID will not be encrypted?

I know that if I have a proxmark3 then some of questions may be solved by myself, but I want to buy it after I think I can successfully simulate my card with high probability.

Thanks!


My card info (reading by TagInfo app in Android):

ulev1_1.jpg?att=
ulev1_2.jpg?att=

From the information above I guess the UID is encrypted but the body information is not. The body information may record the valid time that I can open my door, but as long as I prefectly copy the information, I think there can be no error.

Last edited by aqua (2019-10-31 11:13:06)

Offline

#2 2020-06-27 10:32:31

Json50
Contributor
Registered: 2018-08-30
Posts: 21

Re: Simulate an encrypted ULEV1 card with my Phone

True and effective

Offline

Board footer

Powered by FluxBB