Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2017-09-21 19:46:13

hph86
Contributor
Registered: 2017-09-19
Posts: 3

Chinese Magic Card CUID/Gen2 recovery

Hi everyone,

I have ordered several magic cards (gen1 and gen2). For a gen2 CUID card I have screwed up the BCC of the 4-byte UID. That has bricked the card in a way that it does not show up in nfc-list anymore. However, I can still "talk" to the card. Thus, I am trying to patch my libnfc to make it ignore the wrong BCC.

Now my question: Does my endeavor make sense or isn't it possible to trick libnfc into authenticating to sector0 and re-writing a correct BCC? From the blog posts I have read so far, I can see that it seems to be a known/common problem, but I could not find a definitive answer if unbricking a CUID card is possible (and nobody impleneted it yet) or if it is impossible.

Best regards!


P.S.: I am currently working with an ACR122 on libnfc while my PM3 is in transit.

Offline

#2 2017-09-22 17:17:06

Dot.Com
Contributor
From: Hong Kong
Registered: 2016-10-05
Posts: 180
Website

Re: Chinese Magic Card CUID/Gen2 recovery

Probably perma bricked. Even the chinese company who does it as no answers to it yet.

Until now I have not find a way to fix it yet. Probably no answer to it till date.

A bad access bits probably bricks it instantly. So to guys out there. Be warned about it.

Offline

#3 2017-09-24 19:20:59

hph86
Contributor
Registered: 2017-09-19
Posts: 3

Re: Chinese Magic Card CUID/Gen2 recovery

Thanks for your reply! I will poke around some more with it and post my findings here

Offline

#4 2017-09-25 10:00:44

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Chinese Magic Card CUID/Gen2 recovery

Haven't tried to "recover" a gen2,  since its suppose to follow protocols quite well. 
ie write a bad bcc and the readers will think its a bad card.  Luckily PM3 has options,  you use the hf 14a raw commands to make a custom anti-collision and but the mifare authentication part will be hard to get by.   

We would need a  "hf mf raw" command which does mifare classic protocol.

Online

Board footer

Powered by FluxBB