Mifare classic tool for Android could work, depending on the coupling, if you use it in conjunction with a mifare classic 1k gen2 (if you want to use your phone; careful, it’s easy to brick) or gen1a (needs a Proxmark with magic commands, harder to brick, can be detected & rejected by some readers) card [or implant, xM1/flexM1 gen1a or gen2]. You can get your Magic Mifare cards from KSEC or similar.
1 Like
Ah, see my confusion…
Well, the HID function won’t work when the HID is HID iClass.
Also, if you have a PM3 Easy, I would reccomend you using that over the Blue Cloner, (the blue Cloner is still good for what it is), but if you are still going to use the blue cloner, make yourself familiar with the password removal commands.
Also when you start using it on actual implants, you might want to consider Roscos great Blue Cloner Mod
I’ve heard that the blue cloner is a risk. which is why I went for the the proxmark3 easy. ( pff, yeah, real easy. its as easy as 98,000,000 simple steps. ha, even then a need to know what steps to take. and in what direction.
my question is simple. can the pm3 clone HF mifare 1k ? of so then how ?
Yes EASY 
I don’t have one in front of me at the moment
Bit earlier when I said
So it will feed you options as you go, for example
We know it is hf
So first part is
hf
We also know it if Mifare
So the second part is
mf
So if you put in command
hf mf
The pm3 won’t know what you want, but it will give you you next command options, so you choose from the list and add in the next option into the string…
If you want to see all mf hf commands, type in
hf mf help
when I am at my computer I can feed you more info, but the step by step SHOULD be EASY enough for you to follow
1 Like
hf mf help. gave me
one of my cards ( nfc tag - coded by building admin ) displays as
[usb] pm3 → hf search
Searching for ISO14443-A tag…
[+] UID: ## ## ## ## ## ## ##
[+] ATQA: 00 44
[+] SAK: 00 [2]
[+] MANUFACTURER: NXP Semiconductors Germany
[+] Possible types:
[+] MIFARE Ultralight
[+] MIFARE Ultralight C
[+] MIFARE Ultralight EV1
[+] MIFARE Ultralight Nano
[+] MIFARE Hospitality
[+] NTAG 2xx
[=] proprietary non iso14443-4 card found, RATS not supported
[?] Hint: try hf mfu info
[+] Valid ISO14443-A tag found
–
im not sure what to do from here to copy / clone from one card to another. ?
Okay, so you are on the right track
.
A couple of things.
It looks like you have an ultralight rather than a classic.
Can you do me a favour and scan with TagInfo
So when it comes to implants you will be looking at the FlexMN (Magic NTAG)
It is capable of emulating the Ultralight.
I don’t have one myself so I can’t help you much around specifics.
I do hope to get one in the future, but until then
Here is the link with some info
With regards to your Proxmark3 output above, you have done everything perfect, however, now it appears to be an ultralight, we have to tweak your commands.
As it says at the bottom of you post
So
HF
MiFareUltralight
Info
When it give you a result like you one above (may be different for the Ultralight commands) again I am not infront of my proxmark.
You would simply look at what you are trying to do (blue/green eg. Recovery or operations etc)
Then find the command (green) you want and add that to you previous command
So example for mifare classic
hf mf dump
Which would result in
Is that starting to make sense?
So if you can check you card with taginfo
Then you can try your commands with the
hf mfu commands
1 Like
Yes thank you mate definitely making more sense now give me a couple hours and I think we might be good. Fingers crossed
1 Like
ik so what im getting is I need to dump “hf mfu dump”. then load that dumped file back onto a new key ?
Sorry again, this is just my morning catchup, and I’m away from home for another couple of days and I don’t have PM3 with me.
I’m not super familiar with ultralight commands
Hopefully somebody can give you the exact command line.
But if it is similar to Mifare Classic it will be something like i.e. (don’t use these commands they are off the top of my head)
The dump command requires a bit more work to get the keys, but
If you simply want to write a new NUID
It will be something LIKE
hf mf csetuid XX XX XX XX w
(The w is to wipe the card)
I would try and find you the commands here on the forum, but “recently” there has been some syntax changes and I may end up giving you the old commands that will probably just give you errors.
That is why it is better to just follow through what the PM3 is prompting you to do step by step.
Sorry I haven’t been much help, but hopefully somebody can jump in to give you more specifics
thanks for your input, there is no urgency and our time zones are opposites ( im in Adelaide Australia )
I will try with the " hf mf csetuid XX XX XX XX w" comand when im in front of my computer next.
Haha, not really opposite.
I’m in NZ 
For some reason I thought you were in the UK it must’ve been your accent.
2 Likes
hmmm, im still having no luck. I dont know what im doing wrong, I know the hex for the "master " key. and following what I know but its not writing , ive tried various destination card types to no avail.
[usb] pm3 → hf search
Searching for ISO14443-A tag…
[+] UID: ## ## ## ## ## ## ##
[+] ATQA: 00 44
[+] SAK: 00 [2]
[+] MANUFACTURER: NXP Semiconductors Germany
[+] Possible types:
[+] MIFARE Ultralight
[+] MIFARE Ultralight C
[+] MIFARE Ultralight EV1
[+] MIFARE Ultralight Nano
[+] MIFARE Hospitality
[+] NTAG 2xx
[=] proprietary non iso14443-4 card found, RATS not supported
[?] Hint: try hf mfu info
[+] Valid ISO14443-A tag found
then
hf mf csetuid 04 92 7A EA A0 65 81 w
and I get this.
Set UID, ATQA, and SAK for magic Chinese card. Only works with magic cards
Usage: hf mf csetuid [h] <UID 8 hex symbols> [ATQA 4 hex symbols] [SAK 2 hex symbols] [w]
Options:
h this help
w wipe card before writing
UID 8 hex symbols
ATQA 4 hex symbols
SAK 2 hex symbols
Examples:
hf mf csetuid 01020304
hf mf csetuid 01020304 0004 08 w
[usb] pm3 →
I’ve also tried with out spaces.
[ usb ] pm3 → hf mf csetuid ############## w
STUMPED ! ? 
Sorry, I obviously haven’t explained myself very well.
Try this and post results
hf mfu info
and / or
hf mfu help
It’s not you , it’s me.
[usb] pm3 → hf mfu help
help This help
----------- ----------------------- recovery -------------------------
keygen Generate 3DES MIFARE diversified keys
pwdgen Generate pwd from known algos
otptear Tear-off test on OTP bits
----------- ----------------------- operations -----------------------
cauth Authentication - Ultralight-C
dump Dump MIFARE Ultralight family tag to binary file
info Tag information
ndef Prints NDEF records from card
rdbl Read block
restore Restore a dump onto a MFU MAGIC tag
wrbl Write block
----------- ----------------------- simulation -----------------------
eload load Ultralight .eml dump file into emulator memory
eview View emulator memory
sim Simulate MIFARE Ultralight from emulator memory
----------- ----------------------- magic ----------------------------
setpwd Set 3DES key - Ultralight-C
setuid Set UID - MAGIC tags only
----------- ----------------------- amiibo ----------------------------
[usb] pm3 →
The PM3 is a powerful and capable tool, it is just not particularly user-friendly…
Anybody else playing along at home and see any errors or have any suggestions, please jump in and contribute.
I would feel more comfortable doing this on something that I own than somebody elses.
I don’t have an ultralight to test this on, so please only try this on a test card and not on an implant until you are sure it works.
What I am thinking you will need to do is this:-
Test that you can write a new UID to your TEST CARD
TEST CARD
hf mfu setuid 04 92 7A EA A0 65 81 w
Followed by a quick
hf search
to see if it has taken the new UID
ORIGINAL
hf mfu dump
TEST CARD
hf mfu restore
Then test your “Test Card” on the system.
Let us know if it works.
yeah. Def not doing this on an implant. the reason I’m event bothering with this Proxmark crap is so I can get my head around the visibility of copying hid externally with, BEFORE I embark on an implant. if I can not successfully clone a card ill give it all up as a bad joke.
I’ve still unsure of what I need to do, when I run HF MFU DUMP ( on the " master card " ) I get this.
[usb] pm3 → hf mfu dump
[+] TYPE: NTAG 213 144bytes (NT2H1311G0DU)
[+] Reading tag memory…
[!] 
Authentication Failed UL-EV1/NTAG
[=] MFU dump file information
[=] -------------------------------------------------------------
[=] Version | 00 04 04 02 01 00 0F 03
[=] TBD 0 | 00 00
[=] TBD 1 | 00
[=] Signature | DF C1 1F 11 A3 C1 B2 34 97 F8 41 D9 4E 71 C6 6F A7 D1 86 31 17 3B 9D F9 09 4F 20 8D 1E 37 A7 FC
[=] Counter 0 | 00 00 00
[=] Tearing 0 | 00
[=] Counter 1 | 00 00 00
[=] Tearing 1 | 00
[=] Counter 2 | 00 00 00
[=] Tearing 2 | BD
[=] Max data page | 43 (176 bytes)
[=] Header size | 56
[=] -------------------------------------------------------------
[=] block# | data |lck| ascii
[=] ---------±------------±–±-----
[=] 0/0x00 | 04 81 7C 71 | | …|q
[=] 1/0x01 | EA A0 65 81 | | …e.
[=] 2/0x02 | AE 48 00 00 | | .H…
[=] 3/0x03 | E1 10 12 00 | 0 | …
[=] 4/0x04 | 0D 72 2D 99 | 0 | .r-.
[=] 5/0x05 | AB 69 B9 C0 | 0 | .i…
[=] 6/0x06 | AC 13 3D 54 | 0 | …=T
[=] 7/0x07 | BA 8A DF 3E | 0 | …>
[=] 8/0x08 | 8A 00 00 00 | 0 | …
[=] 9/0x09 | 00 00 00 00 | 0 | …
[=] 10/0x0A | 00 00 00 00 | 0 | …
[=] 11/0x0B | 00 00 00 00 | 0 | …
[=] 12/0x0C | 00 00 00 00 | 0 | …
[=] 13/0x0D | 00 00 00 00 | 0 | …
[=] 14/0x0E | 00 00 00 00 | 0 | …
[=] 15/0x0F | 00 00 00 00 | 0 | …
[=] 16/0x10 | 00 00 00 00 | 0 | …
[=] 17/0x11 | 00 00 00 00 | 0 | …
[=] 18/0x12 | 00 00 00 00 | 0 | …
[=] 19/0x13 | 00 00 00 00 | 0 | …
[=] 20/0x14 | 00 00 00 00 | 0 | …
[=] 21/0x15 | 00 00 00 00 | 0 | …
[=] 22/0x16 | 00 00 00 00 | 0 | …
[=] 23/0x17 | 00 00 00 00 | 0 | …
[=] 24/0x18 | 00 00 00 00 | 0 | …
[=] 25/0x19 | 00 00 00 00 | 0 | …
[=] 26/0x1A | 00 00 00 00 | 0 | …
[=] 27/0x1B | 00 00 00 00 | 0 | …
[=] 28/0x1C | 00 00 00 00 | 0 | …
[=] 29/0x1D | 00 00 00 00 | 0 | …
[=] 30/0x1E | 00 00 00 00 | 0 | …
[=] 31/0x1F | 00 00 00 00 | 0 | …
[=] 32/0x20 | 00 00 00 00 | 0 | …
[=] 33/0x21 | 00 00 00 00 | 0 | …
[=] 34/0x22 | 00 00 00 00 | 0 | …
[=] 35/0x23 | 00 00 00 00 | 0 | …
[=] 36/0x24 | 00 00 00 00 | 0 | …
[=] 37/0x25 | 00 00 00 00 | 0 | …
[=] 38/0x26 | 00 00 00 00 | 0 | …
[=] 39/0x27 | 00 00 00 00 | 0 | …
[=] 40/0x28 | 00 00 00 BD | 0 | …
[=] 41/0x29 | 04 00 00 FF | 0 | …
[=] 42/0x2A | 00 05 00 00 | 0 | …
[=] 43/0x2B | 00 00 00 00 | 0 | …
[=] 44/0x2C | 00 00 00 00 | 0 | …
[=] ---------------------------------
[=] Using UID as filename
[+] saved 236 bytes to binary file hf-mfu-04817CEAA06581-dump-2.bin
[+] saved to json file hf-mfu-04817CEAA06581-dump-2.json
[usb] pm3 →
and then with hf mfu restore. I get this –
[usb] pm3 → hf mfu restore
Restore dumpfile onto card.
usage:
hf mfu restore [-hlserv] -f [-k ]
options:
-h, --help This help
-f, --file specify a filename to restore
-k, --key key for authentication (UL-C 16 bytes, EV1/NTAG 4 bytes)
-l swap entered key’s endianness
-s enable special write UID -MAGIC TAG ONLY-
-e enable special write version/signature -MAGIC NTAG 21* ONLY-
-r use the password found in dumpfile to configure tag. requires ‘-e’ parameter to work
-v, --verbose verbose
examples/notes:
hf mfu restore -f myfile -s → user specified filename and special write
hf mfu restore -f myfile -k AABBCCDD -s → user specified filename, special write and use key
hf mfu restore -f myfile -k AABBCCDD -ser → user specified filename, special write, use key, …
[usb] pm3 → hf mfu restore -r
[!] hf mfu restore: missing option -f|–file
[!] Try ‘hf mfu restore --help’ for more information.
