A rechargeable transport card has just been released in my neighbourhood and I’d like to know how likely it is that I could clone it. pm3 has this to say about it:
[usb] pm3 → hf mfu info
[=] — Tag Information --------------------------
[+] TYPE: MIFARE Ultralight EV1 128bytes (MF0UL2101)
[+] UID: 04 56 24 A2 43 15 91
[+] UID[0]: 04, NXP Semiconductors Germany
[+] BCC0: FE ( ok )
[+] BCC1: 65 ( ok )
[+] Internal: 48 ( default )
[+] Lock: 00 00 - 0000000000000000
[+] OneTimePad: 00 00 00 00 - 00000000000000000000000000000000
[=] — Tag Counters
[=] [0]: FF FF 01
[+] - BD tearing ( ok )
[=] [1]: 00 00 00
[+] - BD tearing ( ok )
[=] [2]: 00 07 00
[+] - BD tearing ( ok )
[=] — Tag Silicon Information
[=] Wafer Counter: 19048564 ( 0x122A874 )
[=] Wafer Coordinates: x 342, y 36 (0x156, 0x24)
[=] Test Site: 2
[=] — Tag Version
[=] Raw bytes: 00 04 03 01 01 00 0E 03
[=] Vendor ID: 04, NXP Semiconductors Germany
[=] Product type: Ultralight
[=] Product subtype: 01, 17 pF
[=] Major version: 01
[=] Minor version: 00
[=] Size: 0E, (128 bytes)
[=] Protocol type: 03, ISO14443-3 Compliant
[=] — Tag Configuration
[=] cfg0 [37/0x25]: 00 00 00 FF
[=] - strong modulation mode disabled
[=] - pages don’t need authentication
[=] cfg1 [38/0x26]: 00 05 00 00
[=] - Unlimited password attempts
[=] - NFC counter disabled
[=] - NFC counter not protected
[=] - user configuration writeable
[=] - write access is protected with password
[=] - 05, Virtual Card Type Identifier is default
[=] PWD [39/0x27]: 00 00 00 00 - (cannot be read)
[=] PACK [40/0x28]: 00 00 - (cannot be read)
[=] RFU [40/0x28]: 00 00 - (cannot be read)
[+] — Known EV1/NTAG passwords
[+] Found default password FF FF FF FF pack 00 00
[=] ------------------------ Fingerprint -----------------------
[=] Reading tag memory…
[=] ------------------------------------------------------------
[usb] pm3 →