Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2019-06-20 01:14:44

dontlook
Contributor
Registered: 2017-01-28
Posts: 57

dump and restore from card does not update SAK

I have a normal Mifare card

usb] pm3 --> hf searc
[=] Checking for known tags...
          
 UID : 12 0F 50 79           
ATQA : 00 04          
 SAK : 08 [2]          
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1 | 1k Ev1          
[=] proprietary non iso14443-4 card found, RATS not supported          
[=] Answers to magic commands: NO           
[+] Prng detection: HARD           
          
[+] Valid ISO14443-A tag  found

Note not magic card and SAK of 08

I then dump and restore the card to this tag
Pre-restore

usb] pm3 --> hf sear
[=] Checking for known tags...
          
 UID : 12 12 11 22           
ATQA : 00 04          
 SAK : 88 [2]          
TYPE : Infineon MIFARE CLASSIC 1K          
[=] proprietary non iso14443-4 card found, RATS not supported          
[+] Answers to magic commands (GEN 1a): YES           
[+] Prng detection: WEAK           
          
[+] Valid ISO14443-A tag  found

Post-restore/cload

usb] pm3 --> hf sea
[=] Checking for known tags...
          
 UID : 12 0F 50 79           
ATQA : 00 04          
 SAK : 88 [2]          
TYPE : Infineon MIFARE CLASSIC 1K          
[=] proprietary non iso14443-4 card found, RATS not supported          
[+] Answers to magic commands (GEN 1a): YES           
[+] Prng detection: WEAK           
          
[+] Valid ISO14443-A tag  found

SAK is still 88 and not 08 to match the original card.

The clone won't work on the door.

If I run

[usb] pm3 --> hf mf csetuid 120F5079 0004 08
--wipe card:NO  uid:12 0F 50 79           
[+] old block 0:  12 0F 50 79 34 88 04 00 C8 23 00 20 00 00 00 18           
[+] new block 0:  12 0F 50 79 34 08 04 00 C8 23 00 20 00 00 00 18           
[+] old UID:00 00 00 00           
[+] new UID:12 0F 50 79           
[usb] pm3 --> hf search
[=] Checking for known tags...
          
 UID : 12 0F 50 79           
ATQA : 00 04          
 SAK : 08 [2]          
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1 | 1k Ev1          
[=] proprietary non iso14443-4 card found, RATS not supported          
[+] Answers to magic commands (GEN 1a): YES           
[+] Prng detection: WEAK           
          
[+] Valid ISO14443-A tag  found

The card will then open the door.

If I run the cload command again to load the same data on to the  magic tag, it changes the SAK back to 88.

Is this expected behavior?

I thought the SAK value was in block 0.   

Let me know if this should be in filed as a bug.  Using RRG repo, but its been a thing for a while.

Offline

Board footer

Powered by FluxBB