Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.

"Learn the tools of the trade the hard way." +Fravia

You are not logged in.


Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2023-12-22 14:03:53

Registered: 2023-10-30
Posts: 3

Access Rights Mifare Classic

I was mucking around one night and wrote some data to all the sector trailers i can get the keys no problem

[+] -----+-----+--------------+---+--------------+----
[+]  Sec | Blk | key A        |res| key B        |res
[+] -----+-----+--------------+---+--------------+----
[+]  000 | 003 | 24BB421C7973 | D | 863933AE8388 | D
[+]  001 | 007 | FFFFFFFFFFFF | D | FFFFFFFFFFFF | D
[+]  002 | 011 | FFFFFFFFFFFF | D | FFFFFFFFFFFF | D

But when trying to read data the following occours

[=] --[ FFFFFFFFFFFF ]-- has been inserted for unknown keys where res is 0
[=] transferring keys to simulator memory ( ok )
[=] dumping card content to emulator memory (Cmd Error: 04 can occur)
[#] Block   4 Cmd 0x30 Cmd Error 04
[#] Error No rights reading sector  1 block  0
[#] Block   5 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block   5 Cmd 0x30 Wrong response len, expected 18 got 0
etc etc

Considering it says [ FFFFFFFFFFFF ]-- has been inserted for unknown keys where res is 0,
I think i may have written -d 00000000000000000000000000000000 to the sector trailers.

Is there anything i can do or is it time to throw it in the bin?



#2 2023-12-23 09:15:28

Registered: 2013-04-25
Posts: 9,523

Re: Access Rights Mifare Classic

if you were running on a modern fw,  then it should have warned you about writing a bad ST.

You can look in your .proxmark3/log*    or history files for which command you used.


#3 2023-12-27 18:04:39

Registered: 2023-02-15
Posts: 16

Re: Access Rights Mifare Classic

Your res is not 0, so the keys are *really* FFFFFFFFFF. But yes, writing invalid (or unusual) access condition can do exactly that.
Things to try:
* Is it a Gen1 or Gen4 magic? In that case, wipe with backdoor commands
* Read with the KeyB
* As mentioned by iceman, figure out what exactly was written
* Blindly write a known-good trailer

As for throwing away, that may be a bit too harsh for just a few dead sectors. You still have some space for experimentation, or an UID-only card for simpler systems.


Board footer

Powered by FluxBB