Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2018-02-21 20:43:24

JohnnyB
Contributor
From: PL
Registered: 2018-02-21
Posts: 10

How to change Key A and Key B in Mifare Classic 1k

Hi,
Small issue with Keys.

I tried to change one block in one sector. I used wrbl command, block was changed, but at the same time both keys was changed to 000000000000. Now I need to restore those key.
How to do that using proxmark ?

Also I'm trying to copy one card. Was able to find keys A and B for 15 sectors.
Can I use hardnested just for this one sector/4 blocks ? Probably I'm not using this command properly.
How long it should take to find this key ? Can I create some key DB first with some know key for this card to speed this process ?

Thanks for all information.
Best Regards,
M.

Offline

#2 2018-02-21 22:54:35

davmarie1
Contributor
Registered: 2018-02-19
Posts: 15

Re: How to change Key A and Key B in Mifare Classic 1k

Yes you can add your known keys to the "default_keys.dic" file and then use the "Hf mf chk *1 ? default_keys.dic" command.

Last edited by davmarie1 (2018-02-21 22:55:28)

Offline

#3 2018-02-22 09:09:40

JohnnyB
Contributor
From: PL
Registered: 2018-02-21
Posts: 10

Re: How to change Key A and Key B in Mifare Classic 1k

Thanks.
Do I need to create this file, because I don't have it. Or maybe it will be create automatically when I run some command ?

Offline

#4 2018-02-22 09:17:30

JohnnyB
Contributor
From: PL
Registered: 2018-02-21
Posts: 10

Re: How to change Key A and Key B in Mifare Classic 1k

Already found answer on last question smile.
Ok, now I need to restore Key A and Key B to previouse ones.
I think I'm able to do this with descoder s/w from Idesco, but I want to be able to do this with proxmark and be aware why those keys were change when I changed blocks.
Thanks.

Offline

#5 2018-02-22 13:27:09

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: How to change Key A and Key B in Mifare Classic 1k

Read the 1k datasheet.  The last block of each sector is the sector trailer containing keys and other important things.

Offline

#6 2018-02-22 18:52:25

JohnnyB
Contributor
From: PL
Registered: 2018-02-21
Posts: 10

Re: How to change Key A and Key B in Mifare Classic 1k

Thanks,
I'm reading.
A lot of info smile. So I need to check 6-8 bit to know if keys can be modify ?

Case is that after copy of card in block 39 (trailer of 9 sector) 9 bit was changed from 00 to FF.
When I changed this bit of this block to 00, both keys were changed to 000000000000 .

So probably I shouldn't modified those bits ?

Offline

#7 2018-02-23 03:48:04

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: How to change Key A and Key B in Mifare Classic 1k

You can't program a byte at a time, the whole block is programmed together.  (Also I assume you are referring to byte 9 where the byte numbering begins at 0.)

Truly changing just byte 9 alone will have no affect on the read rights or the keys. But it means you programmed the whole block with all the data that was in the block before except just byte 9.  Also often the keys cannot be read (just shows as 0s) and in some settings none of the sector trailer can be read.  Care must be taken when programming the trailer.

Offline

#8 2018-02-23 09:31:20

JohnnyB
Contributor
From: PL
Registered: 2018-02-21
Posts: 10

Re: How to change Key A and Key B in Mifare Classic 1k

Thanks.
Yes I program whole block (39 - trailer of sector 9) to change this 9  byte (FF to 00).
Orginal:
00 00 00 00 00 00 78 77 88 00 00 00 00 00 00 00
After copy of card with usage of Descoder
00 00 00 00 00 00 78 77 88 FF 00 00 00 00 00 00

We used hardnested to collect all Keys, We had both A and B for Sector 9.
Than I used wrlb command to change this block.
After that KEY a and B for this sector was change to 000000000000

Not sure, still working with manual of Mifire Classic 1K, but maybe when trailer is modify on card key are restored to default.
So to change those settings I should simulate card, copy all  blocks, work on them and then load them to card instead working directly on card.

Thanks for all support.
BR,

Offline

#9 2018-02-23 09:51:37

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: How to change Key A and Key B in Mifare Classic 1k

.... i suggest you read the datasheet before doing more experiments with the sectortrailer.

Offline

#10 2018-02-23 11:31:42

JohnnyB
Contributor
From: PL
Registered: 2018-02-21
Posts: 10

Re: How to change Key A and Key B in Mifare Classic 1k

smile Thanks, I'm reading it now, at the same time I'm changing blocks on a cards with different trailers. It is helpful to understand how those bytes 6-9 are working.

Offline

#11 2020-03-16 16:30:46

Sentinel
Contributor
Registered: 2012-11-26
Posts: 190

Re: How to change Key A and Key B in Mifare Classic 1k

Hi JohnnyB!
Do You have descoder s/w from Idesco ?
I changed the password of the reader (8 CD 2.0 OSDP) for OSDP, now it does not understand me ((
I need to somehow reset it to factory settings...

Offline

Board footer

Powered by FluxBB