Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
First i found all the keys
Testing block 63, keytype 1, with 85 keys
________________________________________
|Sector|Block| A | B |
|--------------------------------------|
| 1 | 3 |A0A1A2A3A4A5|B0B1B2B3B4B5|
| 2 | 7 |xxxxxxxxxxxxx|YYYYYYYYYYYYY|
| 3 | 11 |xxxxxxxxxxxxx|YYYYYYYYYYYYY| <---- changed for privacy
| 4 | 15 |xxxxxxxxxxxxx|YYYYYYYYYYYYY|
| 5 | 19 |xxxxxxxxxxxxx|YYYYYYYYYYYYY|
| 6 | 23 |xxxxxxxxxxxxx|YYYYYYYYYYYYY|
| 7 | 27 |xxxxxxxxxxxxx|YYYYYYYYYYYYY|
| 8 | 31 |xxxxxxxxxxxxx|YYYYYYYYYYYYY|
| 9 | 35 |xxxxxxxxxxxxx|YYYYYYYYYYYYY|
| 10 | 39 |xxxxxxxxxxxxx|YYYYYYYYYYYYY|
| 11 | 43 |xxxxxxxxxxxxx|YYYYYYYYYYYYY|
| 12 | 47 |xxxxxxxxxxxxx|YYYYYYYYYYYYY|
| 13 | 51|xxxxxxxxxxxxx|YYYYYYYYYYYYY|
| 14 | 55 |xxxxxxxxxxxxx|YYYYYYYYYYYYY|
| 15 | 59 |xxxxxxxxxxxxx|YYYYYYYYYYYYY|
| 16 | 63 |FFFFFFFFFFFF|FFFFFFFFFFFF|
|--------------------------------------|
Do you wish to save the keys to dumpfile? [y/n] ?y
Select a filename to store to (default: dumpkeys.bin )
Secondly i dumped the keys
|-----------------------------------------|
|------ Reading sector access bits...-----|
|-----------------------------------------|
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
|-----------------------------------------|
|----- Dumping all blocks to file... -----|
|-----------------------------------------|
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 0.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 0.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 0.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 0.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 1.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 1.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 1.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 1.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 2.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 2.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 2.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 2.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 3.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 3.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 3.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 3.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 4.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 4.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 4.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 4.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 5.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 5.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 5.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 5.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 6.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 6.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 6.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 6.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 7.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 7.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 7.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 7.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 8.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 8.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 8.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 8.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 9.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 9.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 9.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 9.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 10.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 10.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 10.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 10.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 11.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 11.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 11.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 11.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 12.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 12.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 12.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 12.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 13.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 13.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 13.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 13.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 14.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 14.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 14.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 14.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 15.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 15.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 15.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 15.
Dumped 64 blocks (1024 bytes) to file dumpdata.bin
proxmark3>
Thirdly I convert them to .eml
script run dumptoemul.lua
--- Executing: dumptoemul.lua, args ''
Wrote an emulator-dump to the file Exxx32A.eml
-----Finished
then went to load the file on to the new blank fob and ran into this issue...
proxmark3> hf mf cload Exxx32A
#db# halt error. response len: 1
Chinese magic backdoor commands (GEN 1a) detected
Loading magic mifare 1K
#db# halt error. response len: 1
proxmark3>
Any suggestions where i went wrong?
Last edited by Charlie (2018-02-09 22:10:41)
Offline
could the issue be that block 63 is FFFFFFFFFFFF for both key A and B?
Offline
info on the card...
proxmark3> hf 14a in
UID : ex xx xx 2a
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected
Prng detection: HARDEND (hardnested)
proxmark3>
Last edited by Charlie (2018-02-12 02:46:03)
Offline
you should search the forum for the "halt error".. its known thing.
it shouldn't exist in the latest source from github, so I'm guessing you are running an older firmware/client setup.
Nethertheless, the clone should be ok anyway. well, it depends on how old firmware you are running.
but try reading the clone with hf mf cgetsc and the data should be there.
Online
Thank! I will start looking around
my firmware is pretty recent but not the latest. I will update and try again
Prox/RFID mark3 RFID instrument
bootrom: master/v3.0.1-301-gc839fa2-suspect 2018-02-04 05:20:34
os: master/v3.0.1-301-gc839fa2-suspect 2018-02-04 05:21:39
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/10/27 at 08:30:59
uC: AT91SAM7S512 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 196803 bytes (38%). Free: 327485 bytes (62%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
Offline
The hf 14a in output says no Chinese magic backdoor detected, so I don't think the cload command works with that card.
What gen card is that?
Offline
The hf 14a in output says no Chinese magic backdoor detected, so I don't think the cload command works with that card.
What gen card is that?
Thanks but that is the output from the original fob
Last edited by Charlie (2018-02-25 18:10:15)
Offline
hmmm, yep I missed that. My bad.
Offline
no problem, appreciate the input
Offline
Pages: 1