Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2020-02-19 14:09:48
- MrNonoss
- Contributor
- Registered: 2020-02-09
- Posts: 10
[MF CLASSIC] Restore problems
Hi folks,
Sorry to bother with a noob question.
I successfully dumped my "NXP MIFARE CLASSIC 1k" Tag, bruteforcing both all my A and B keys.
I got severall files:
[+] Succeded in dumping all blocks
[+] saved 1024 bytes to binary file hf-mf-843EA7XX-data.bin
[+] saved 64 blocks to text file hf-mf-843EA7XX-data.eml
[+] saved to json file hf-mf-843EA7XX-data.jsonPlus hf-mf-843EA7XX-key.bin
Now, Iwould like to restore it on a brand new "NXP MIFARE CLASSIC 1k" tag...
I managed to write the correct UID, both are:
[usb] pm3 --> hf 14a info
UID : 84 3E A7 DB
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1 | 1k Ev1But the restore command bives me only "#db# Auth error"
[usb] pm3 --> hf mf restore
[=] Restoring hf-mf-843EA7DB-data.bin to card
Writing to block 0: 84 3E A7 XX XX XX XX XX C0 8E 1D D9 55 60 36 12
#db# Auth error
[+] isOk:00I also tried to provide the key and data files:
hf mf restore 1 u 843EA7XX k hf-mf-843EA7XX-key.bin f hf-mf-843EA7XX-data.bin
but with the same result.
Can you pin point me to the right direction?
Thanks a lot
PS: I'm using a proxmark3 RDV4.01 with Iceman firmware
Offline
#2 2020-02-19 17:07:16
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,505
- Website
Re: [MF CLASSIC] Restore problems
...maybe you should read in the datasheet about the manufacture block.
Offline
#3 2020-02-19 18:05:26
- MrNonoss
- Contributor
- Registered: 2020-02-09
- Posts: 10
Re: [MF CLASSIC] Restore problems
Thanks for your answer.
I'm not sure to get the idea...
The "manufacture block" is the 0, containing the UID right?
PS: I tried with à différent tag and it went ok with no problems.
Last edited by MrNonoss (2020-02-19 18:47:42)
Offline
#4 2020-02-24 19:52:28
- MrNonoss
- Contributor
- Registered: 2020-02-09
- Posts: 10
Re: [MF CLASSIC] Restore problems
Hi People.
I'm sorry to refresh this topic, but I Feel like I'm not that far of the understanding.
It has to be something about the Keys on the virgin tag that are not the same as the ones in the dump, but I can't get rid of it.
What makes me mad is that I'm pretty sure the answer is obvious.
Could someone point me to the right direction ?
Offline
#5 2020-02-24 20:32:36
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,505
- Website
Re: [MF CLASSIC] Restore problems
yes, once you restore keys to a tag you set all keys on the card to what was on the dump.
now the pm3 client assumes the tag has default keys. So you would need to?...
Offline
#6 2020-02-24 20:50:48
- MrNonoss
- Contributor
- Registered: 2020-02-09
- Posts: 10
Re: [MF CLASSIC] Restore problems
Hum... Input the correct Keys to the target tag?
I guess that it is what the "k" argument is meant for, but in this case, it didn't worked.
Am I correct saying I need to provide the key file of the original tag, created by the pm3 ?
I also guess the pm3 needs to know the Keys of the virgin tag too to be able to overwrite it. How can I provide both Keys ?
Did I made a mistake by changin the UID of the virgin tag first ?
Last edited by MrNonoss (2020-02-24 20:56:45)
Offline
#7 2020-02-25 11:07:13
- mwalker
- Moderator
- Registered: 2019-05-11
- Posts: 318
Re: [MF CLASSIC] Restore problems
Now, Iwould like to restore it on a brand new "NXP MIFARE CLASSIC 1k" tag...
I managed to write the correct UID, both are:
I did not think you could change the UID on a real Mifare Classic ?
On the clone card, try getting all the keys as see what they look like, that should tell you if they are default or not. If not, you could then set them to default keys, and retry the restore.
Offline
#8 2020-02-25 11:23:11
- MrNonoss
- Contributor
- Registered: 2020-02-09
- Posts: 10
Re: [MF CLASSIC] Restore problems
Thanks for your reply.
The virgin one is a chinese magic UID chageable ^^
This tag have these keys:
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| 484558414354 | 1 | a22ae129c013 | 1 |
|001| 484558414354 | 1 | 49fae4e3849f | 1 |
|002| 484558414354 | 1 | 38fcf33072e0 | 1 |
|003| 484558414354 | 1 | 8ad5517b4b18 | 1 |
|004| 484558414354 | 1 | 509359f131b1 | 1 |
|005| 484558414354 | 1 | 6c78928e1317 | 1 |
|006| 484558414354 | 1 | aa0720018738 | 1 |
|007| 484558414354 | 1 | a6cac2886412 | 1 |
|008| 484558414354 | 1 | 62d0c424ed8e | 1 |
|009| 484558414354 | 1 | e64a986a5d94 | 1 |
|010| 484558414354 | 1 | 8fa1d601d0a2 | 1 |
|011| 484558414354 | 1 | 89347350bd36 | 1 |
|012| 484558414354 | 1 | 66d2b7dc39ef | 1 |
|013| 484558414354 | 1 | 6bc1e1ae547d | 1 |
|014| 484558414354 | 1 | 22729a9bd40f | 1 |
|015| 484558414354 | 1 | 484558414354 | 1 |
|---|----------------|---|----------------|---|So, you mean I should set FFFFFFFFFFFF on all keys?
PS: Thanks to this POST , I tried the "cload" command and it worked like a charm (what a dumbass I am...).
But still, it is interesting to understand in case I would no be dealing with "magic tags"
Last edited by MrNonoss (2020-02-25 11:31:26)
Offline
Pages: 1