Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2016-09-29 10:26:53

HighPressure
Contributor
Registered: 2016-07-17
Posts: 56

Problem with restoring on Dual Chip Tokens?

has anyone of you one of these tokens?

https://www.aliexpress.com/item/Dual-Chip-Frequency-RFID-13-56Mhz-1K-UID-and-EM4305-or-t5577-125-kHz-ID-key/32572857699.html?spm=2114.01010208.3.10.e7axfy&ws_ab_test=searchweb201556_10,searchweb201602_3_10057_10056_10065_10068_10055_10054_10069_10059_10058_418_10073_10017_10070_10060_10061_10052_10062_10053_10050_10051,searchweb201603_7&btsid=1d3b374b-9f68-4aec-9231-3814174b16f6


I got 100pcs of them and currently I write the dump with the acr122u because I get authentication errors when hf mf restore with proxmark

I can dump it without problems
I can restore other tokens without problems
but I cannot restore data to these tokens?

uid changable tokens, but the chinese commands wont work with them for any reason.


not very nice using two tools to transfer 100 tokens to this system lol


for the t5577 its not a problem to read or write data to this tokens.

Offline

#2 2016-09-29 17:58:12

HighPressure
Contributor
Registered: 2016-07-17
Posts: 56

Re: Problem with restoring on Dual Chip Tokens?

just in case someone is curious whats happening here a review:




Prox/RFID mark3 RFID instrument         
bootrom: /master/v1.1.0-1525-g25d52dd-dirty-suspect 2016-09-24 21:44:01
os: /master/v1.1.0-1525-g25d52dd-dirty-suspect 2016-09-24 21:44:03
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at  9: 8: 8
         
uC: AT91SAM7S256 Rev D         
Embedded Processor: ARM7TDMI         
Nonvolatile Program Memory Size: 256K bytes. Used: 219953 bytes (84%). Free: 42191 bytes (16%).         
Second Nonvolatile Program Memory Size: None         
Internal SRAM Size: 64K bytes         
Architecture Identifier: AT91SAM7Sxx Series         
Nonvolatile Program Memory Type: Embedded Flash Memory         


###### first check the empty chines dual token ######
         
pm3 --> hf mf chk *1 ? d
No key specified, trying default keys         
key[ 0] ffffffffffff         
key[ 1] 000000000000         
key[ 2] a0a1a2a3a4a5         
key[ 3] b0b1b2b3b4b5         
key[ 4] aabbccddeeff         
key[ 5] 4d3a99c351dd         
key[ 6] 1a982c7e459a         
key[ 7] d3f7d3f7d3f7         
key[ 8] 714c5c886e97         
key[ 9] 587ee5f9350f         
key[10] a0478cc39091         
key[11] 533cb6c723f6         
key[12] 8fd0a4f256e9         
................................
Time in checkkeys: 22022 ticks 3 seconds
         
testing to read key B...         
Reading block 3         
#db# READ BLOCK FINISHED         
Data:FF FF FF FF FF FF           
Reading block 11         
#db# READ BLOCK FINISHED         
Data:FF FF FF FF FF FF           
|---|----------------|---|----------------|---|         
|sec|key A           |res|key B           |res|         
|---|----------------|---|----------------|---|         
|000|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|001|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|002|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|003|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|004|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|005|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|006|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|007|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|008|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|009|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|010|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|011|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|012|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|013|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|014|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|015|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|---|----------------|---|----------------|---|         
Printing keys to binary file dumpkeys.bin...         
Found keys have been dumped to file dumpkeys.bin. 0xffffffffffff has been inserted for unknown keys.         
         


###### now check if we have the keys for the vending token ######

         
pm3 --> hf mf chk *1 ? d ./vending.dic
check key[ 0]           
check key[ 1]           
check key[ 2]           
check key[ 3]           
check key[ 4]           
check key[ 5]           
check key[ 6]           
check key[ 7]           
check key[ 8]           
check key[ 9]           
check key[10]           
check key[11]           
check key[12]           
check key[13]           
check key[14]           
check key[15]           
................................
Time in checkkeys: 24953 ticks 3 seconds
         
testing to read key B...         
|---|----------------|---|----------------|---|         
|sec|key A           |res|key B           |res|         
|---|----------------|---|----------------|---|         
|000|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |         
|001|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |         
|002|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |         
|003|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |         
|004|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |         
|005|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |         
|006|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |         
|007|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |         
|008|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |         
|009|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |         
|010|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |         
|011|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |         
|012|  a0a1a2a3a4a5  | 1 |  ************  | 1 |         
|013|  a0a1a2a3a4a5  | 1 |  ************  | 1 |         
|014|  a0a1a2a3a4a5  | 1 |  ************  | 1 |         
|015|  a0a1a2a3a4a5  | 1 |  ************  | 1 |         
|---|----------------|---|----------------|---|         
Printing keys to binary file dumpkeys.bin...         
Found keys have been dumped to file dumpkeys.bin. 0xffffffffffff has been inserted for unknown keys.         
         

###### lets make sure we have an fresh dump of the vending token ######

     
pm3 --> hf mf dump
|-----------------------------------------|         
|------ Reading sector access bits...-----|         
|-----------------------------------------|         
#db# READ BLOCK FINISHED         
#db# READ BLOCK FINISHED         
#db# READ BLOCK FINISHED         
#db# READ BLOCK FINISHED         
#db# READ BLOCK FINISHED         
#db# READ BLOCK FINISHED         
#db# READ BLOCK FINISHED         
#db# READ BLOCK FINISHED         
#db# READ BLOCK FINISHED         
#db# READ BLOCK FINISHED         
#db# READ BLOCK FINISHED         
#db# READ BLOCK FINISHED         
#db# READ BLOCK FINISHED         
#db# READ BLOCK FINISHED         
#db# READ BLOCK FINISHED         
#db# READ BLOCK FINISHED         
|-----------------------------------------|         
|----- Dumping all blocks to file... -----|         
|-----------------------------------------|         
#db# READ BLOCK FINISHED         
Successfully read block  0 of sector  0.         
#db# READ BLOCK FINISHED         
Successfully read block  1 of sector  0.         
#db# READ BLOCK FINISHED         
Successfully read block  2 of sector  0. 
..
....
......
and so on
......
....
..
Successfully read block  0 of sector 15.         
#db# READ BLOCK FINISHED         
Successfully read block  1 of sector 15.         
#db# READ BLOCK FINISHED         
Successfully read block  2 of sector 15.         
#db# READ BLOCK FINISHED         
Successfully read block  3 of sector 15.         
Dumped 64 blocks (1024 bytes) to file dumpdata.bin   

#### checking with okteta.. looks good ####
###### so then lets put the empty token on the proxmark and restore it ######

       
pm3 --> hf mf restore     
Restoring dumpdata.bin to card         
Writing to block   0: here my sector 0         
#db# Cmd Error: 04         
#db# Write block error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block   1: something here           
#db# WRITE BLOCK FINISHED         
isOk:01         
Writing to block   2: some data         
#db# WRITE BLOCK FINISHED         
isOk:01         
Writing to block   3: A0 A1 A2 A3 A4 A5 61 E7 89 C1 B0 B1 B2 B3 B4 B5           
#db# WRITE BLOCK FINISHED         
isOk:01         
Writing to block   4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED         
isOk:01         
Writing to block   5: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED         
isOk:01         
Writing to block   6: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED         
isOk:01         
Writing to block   7: A0 A1 A2 A3 A4 A5 78 77 88 69 B0 B1 B2 B3 B4 B5           
#db# WRITE BLOCK FINISHED         

...
....
and so on
......
until we get here:

Writing to block  18: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED         
isOk:01         
Writing to block  19: A0 A1 A2 A3 A4 A5 78 77 88 69 B0 B1 B2 B3 B4 B5           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED 
.....
then success later on again


##############################################

so is this due to restoring an other file with other keys?
but for hf mf restore is no option like for the "nfc-mfclassic" tool where you can choose the keyfile.
I checked cmdhfmf.c and saw it loads the dumpkeys.bin, so basically should it check for the keys to unlock?
but i was wondering where will it know which keys to use to unlock? in my dumpkeys are all my keys included... so anyway it should be able to unlock
I'm not good in programming and I never coded c so, maybe its something else?

######## OK maybe it was an problem with too close to proxmark, lets try it again ########


pm3 --> hf mf restore
Restoring dumpdata.bin to card         
Writing to block   0: same data as first time           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block   1: same here           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block   2: same there     
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block   3: A0 A1 A2 A3 A4 A5 61 E7 89 C1 B0 B1 B2 B3 B4 B5           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block   4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block   5: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block   6: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block   7: A0 A1 A2 A3 A4 A5 78 77 88 69 B0 B1 B2 B3 B4 B5           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block   8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block   9: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  11: A0 A1 A2 A3 A4 A5 78 77 88 69 B0 B1 B2 B3 B4 B5           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  15: A0 A1 A2 A3 A4 A5 78 77 88 69 B0 B1 B2 B3 B4 B5           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Error card response.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  17: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED         
isOk:01         
Writing to block  18: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED         
isOk:01         
Writing to block  19: A0 A1 A2 A3 A4 A5 78 77 88 69 B0 B1 B2 B3 B4 B5           
#db# Authentication failed. Error card response.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED         
isOk:01         
Writing to block  21: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED         
isOk:01         
Writing to block  22: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED         
isOk:01         
Writing to block  23: A0 A1 A2 A3 A4 A5 78 77 88 69 B0 B1 B2 B3 B4 B5           
#db# Authentication failed. Error card response.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  24: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Can't select card         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  25: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  26: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  27: A0 A1 A2 A3 A4 A5 78 77 88 69 B0 B1 B2 B3 B4 B5           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  28: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  29: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  31: A0 A1 A2 A3 A4 A5 78 77 88 69 B0 B1 B2 B3 B4 B5           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  33: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  34: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  35: A0 A1 A2 A3 A4 A5 78 77 88 69 B0 B1 B2 B3 B4 B5           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  36: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  37: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  38: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  39: A0 A1 A2 A3 A4 A5 78 77 88 69 B0 B1 B2 B3 B4 B5           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  41: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  42: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  43: A0 A1 A2 A3 A4 A5 78 77 88 69 B0 B1 B2 B3 B4 B5           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00         
Writing to block  44: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# Authentication failed. Card timeout.         
#db# Auth error         
#db# WRITE BLOCK FINISHED         
isOk:00   




#### when I now do a hf mf dump it fails completely #####


pm3 --> hf mf dump
|-----------------------------------------|         
|------ Reading sector access bits...-----|         
|-----------------------------------------|         
#db# Can't select card         
#db# READ BLOCK FINISHED         
Could not get access rights for sector  0. Trying with defaults...         
#db# Can't select card         
#db# READ BLOCK FINISHED         
Could not get access rights for sector  1. Trying with defaults...         
#db# Can't select card         
#db# READ BLOCK FINISHED         
Could not get access rights for sector  2. Trying with defaults...         
#db# Can't select card         
#db# READ BLOCK FINISHED         
Could not get access rights for sector  3. Trying with defaults...         
#db# Can't select card         
#db# READ BLOCK FINISHED         
Could not get access rights for sector  4. Trying with defaults...         
#db# Can't select card         
#db# READ BLOCK FINISHED         
Could not get access rights for sector  5. Trying with defaults...         
#db# Can't select card         
#db# READ BLOCK FINISHED         
Could not get access rights for sector  6. Trying with defaults...         
#db# Can't select card         
#db# READ BLOCK FINISHED         
Could not get access rights for sector  7. Trying with defaults...         
#db# Can't select card         
#db# READ BLOCK FINISHED         
Could not get access rights for sector  8. Trying with defaults...         
#db# Can't select card         
#db# READ BLOCK FINISHED         
Could not get access rights for sector  9. Trying with defaults...         
#db# Can't select card         
#db# READ BLOCK FINISHED         
Could not get access rights for sector 10. Trying with defaults...         
#db# Can't select card         
#db# READ BLOCK FINISHED         
Could not get access rights for sector 11. Trying with defaults...         
#db# Can't select card         
#db# READ BLOCK FINISHED         
Could not get access rights for sector 12. Trying with defaults...         
#db# Can't select card         
#db# READ BLOCK FINISHED         
Could not get access rights for sector 13. Trying with defaults...         
#db# Can't select card         
#db# READ BLOCK FINISHED         
Could not get access rights for sector 14. Trying with defaults...         
#db# Can't select card         
#db# READ BLOCK FINISHED         
Could not get access rights for sector 15. Trying with defaults...         
|-----------------------------------------|         
|----- Dumping all blocks to file... -----|         
|-----------------------------------------|         
#db# Can't select card         
#db# READ BLOCK FINISHED         



##### lets check token status once again #######

you can see sector 04 and 05 failed and stayed ff'ed and the to be written sector 12-15 too
whats going on? (as I did not define my dictionary its fff'ed)

|---|----------------|---|----------------|---|         
|sec|key A           |res|key B           |res|         
|---|----------------|---|----------------|---|         
|000|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |         
|001|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |         
|002|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |         
|003|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |         
|004|  ffffffffffff  | 1 |  ffffffffffff  | 1 |       
|005|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|006|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |         
|007|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |         
|008|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |         
|009|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |         
|010|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |         
|011|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |         
|012|  a0a1a2a3a4a5  | 1 |  ffffffffffff  | 0 |         
|013|  a0a1a2a3a4a5  | 1 |  ffffffffffff  | 0 |         
|014|  a0a1a2a3a4a5  | 1 |  ffffffffffff  | 0 |         
|015|  a0a1a2a3a4a5  | 1 |  ffffffffffff  | 0 |         
|---|----------------|---|----------------|---|


also when I now do a hf mf chk with my vending dictionary (where the keys will be found) and then try to restore it will fail already at sector 0
no worry with my acr122u I still can recover the token but with proxmark I cant



btw:

pm3 --> hf mf cload e
#db# halt error. response len: 1         
Cant set magic card block: 63 

or

pm3 --> hf mf csetblk 44 01020304050607080910111213141516 w
--block number:44 data:01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16           
#db# wipeC error         
Can't write block. error=2


when I try the chinese comands

Last edited by HighPressure (2016-09-29 17:59:57)

Offline

#3 2016-09-29 18:10:43

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Problem with restoring on Dual Chip Tokens?

First, please use pastebin.com for these logoutputs.
Second,  what kind of tag is your clone tag?  (ie the output from "hf 14a reader")
Third, seems like you are using my fork which has gotten some updates which fixes some issues with "hf mf" commands like timeouts. Are you using the latest source from it?

Online

#4 2016-09-29 21:04:30

gator96100
Contributor
From: Austria
Registered: 2016-03-25
Posts: 177

Re: Problem with restoring on Dual Chip Tokens?

Did you try different distances from proxmark to card?
What's your output from hw tune?
Is it a direct write card(chinese card comands won't work just handle block 0 as normal data block)?

Offline

#5 2016-09-30 04:38:18

cjbrigato
Contributor
Registered: 2016-09-04
Posts: 52

Re: Problem with restoring on Dual Chip Tokens?

Hello,
I got something like every "PisWords" tags as they are the best quality chinese tags I got so far for these price, and you can even ask them for the chinese magic without any more than the 3mm wide coper loop, with even lower price, I dunno if they made it available directly on ali express.
Proxmark RDV2 with any setup I got give 32 to 36mV and is good enough to make shining any of these tags as long as they don't get too close from the antenna.
In my case, just letting plastic-cased tags on the antenna is ok, cards always needing a little ~2mm of light paper as upper ten ok froom anywhere near antenna, and totally nude tag being dependant on their "treatment" (as their integration must not make them being folded in quite same condition as HF antenna's way), but if flat , the 2 or 3mm paper podium is enough te get them work anyway.

Verify that you're not in a in-build of Iceman's fork, as it had modification on "hf mf" about timeouts and mayne other issues, and sometimes being slightly broken on something for a short time. Look for commit's message. on the master branch, it should says if you need to update, or if you're looking for any live-changelog of his work.

Offline

Board footer

Powered by FluxBB