Cracking MIFARE Classic. To decrypt the contents of a MIFARE Classic card, we must first find the keys. This will be done in two steps. Find the first key using mfcuk. Based on open global standards for both RF interface and cryptographic methods, our MIFARE DESFire product family provides highly secure microcontroller-based ICs.
Early chinese magic card ARE NOT COMPATIBLE at all wit nfc mobile phones (they need special commands that cannot be sent using the phone - tested). Latest chinese magic card should not need those special commands so you should be able to write them with an nfc phone (not tested). Nfc mobile phone MUST HAVE an NXP nfc chip inside to work with mifare cards; Broadcom nfc chips ARE NOT COMPATIBLE with mifare cards (ex Galaxy S3 has nxp chip, S4 broadcom chip; your phone is compatible with all original mifare if you managed to dump the card with MCT but will only works with mifare chinese magic '2nd generation' cards). PM3 for android (proxdroid) is a software to control proxmark3 via Android but you need to buy a proxmark3 to use it but it's not so easy to set it up. I don't know how to simulate a mifare in an nfc mobile phone, never tested that possibility and I don't know if it is actually possible.
Driver License Parser Python. This interesting thread can have some answers about card emulation: Last edited by asper (2014-01-12 15:52:28). You must ask the seller if block0 is writable with normal write command or only using special commands, this is the only way to know if it is a 1st or2nd generation card (hoping he will tell you the truth). The 'backdoored' are usually 1st generation so you can write block0 only with pm3 or with a dedicated reader/writer; they can always be used as standard mifare with your phone but block0 will be impossible to write with your phone. Only with 2nd generation you can edit block0 with your phone (probably but not tested). If you have doubts just ask the seller. Last edited by asper (2014-01-12 23:45:03).
I was successfully able to copy my Mifare Classic 1K onto this card. Now I am just trying to figure out what the data on Sector 0 represents. If I am able to figure that out, then possibly I can guess someone elses Sector 0 and copy their card without having their card in hand. I know the Sector 0 contains the UID, but the UID doesn't really mean anything right now. Like it doesn't match any number on the card. Still trying to figure this out.
Thanks for the help everyone, I am happy that I have successfully gotten to this point. If you do not have the keys for your card, you will probably need to use proxmark to bruteforce the keys. For me, I got lucky because both of my keys were common keys so I did not have to use a proxmark in my case. I used the Mifare Classic Tool to dump the data from my card onto my phone using the default keys. Then I looked at the data and the data only existed on Sector 0 but on most cards Sector 0 is not writeable so I purchased a UID changeable card in which Sector 0 can be changed. I used Mifare Classic Tool again to copy the dump from my phone to my UID changeable card.
I selected the option to also write Sector 0 to the card. I was successful in being able to copy a Mifare Classic 1K onto a blank UID changeable card. So I am not exactly sure about your case because this was my first attempt at anything related to RFID but I am pretty sure if you don't have the keys you will have to brute them which can't be done by phone, so you will probably need proxmark. Hi, I think I managed to dump my card by brute forcing the keys. No need for a proxmark, just used mfoc (only 5 min.). According to some other sources, mfcuk would be faster, but it has been running for 25min now on only one sector and hasn't found anything yet. According to the people of my company, they use payment saldo's on the card only.
So no central database, I would like to find a way to 'decrypt' the HEX-values on my card to read out my current money saldo. Any thoughts? Did mfcuk worked in the end? Ok, so you're using a newer client software on the PC-side, but the device is old. I would recommend that you flash the device with the new code. I always recommend using the latest versions, since a lot of us are reluctant to spend time helping out with problems for older builds, but if the version you are using is 'recent enough' that'll probably work. So, go to armsrc, 'make', then go to./client/, and use the flasher to flash at least osimage and fpgaimage (linux: 'flasher /dev/ttyACM3./armsrc/obj/osimage.elf./armsrc/obj/fpgaimage.elf').