Hello Maybe you people can help me out.
I’m currently experimenting with my gym wrist band that’s basically a Mifare Classic 1k chip embedded in a wrist band. It has two functions:
- Open the front door to the building.
- Lock and unlock the locker.
I’ve (kind of?) successfully cloned the wrist band to a Magic Mifare Classic 1k card (not an implant, yet). Well, at least it opens the front door. However, it doesn’t work in combination with the RFID-based locker. It doesn’t lock or unlock when presenting the cloned card. This is the type of lock that’s installed:
You basically push the wrist band against the black thingy and push it in. If your tag is accepted, it stays inside and closes the lock.
I think there are two possible scenarios:
-
Some kind of RFID reception problem. However, I know that the people working in the gym also use RFID cards like I did, instead of wrist bands to open the lockers. I’ve also tested a few other positions to present my card, with no luck.
-
I didn’t clone the wrist band properly. I’ve used a Proxmark3 easy with the latest Iceman firmware and the autopwn command for Mifare-based chips. This the log of identifying, pwning and dumping the wrist band:
pm3 --> hf mf info
[=] --- ISO14443-a Information ---------------------
[+] UID: 2E 5A A9 E1
[+] ATQA: 00 04
[+] SAK: 08 [2]
[=]
[=] --- Tag Signature
[=] IC signature public key name: NXP MIFARE Classic MFC1C14_x
[=] IC signature public key value: 044F6D3F294DEA5737F0F46FFEE88A356EED95695DD7E0C27A591E6F6F65962BAF
[=] Elliptic curve parameters: NID_secp128r1
[=] TAG IC Signature: 223F930225BFBA6A56F94C6BA907A1EE7163AA0DA2C98AECAD31D428E82DEA7D
[+] Signature verification: successful
[=] --- Keys Information
[+] loaded 2 user keys
[+] loaded 61 keys from hardcoded default array
[+] Sector 0 key A... A0A1A2A3A4A5
[+] Sector 1 key A... FFFFFFFFFFFF
[=] --- Fingerprint
[=] --- Magic Tag Information
[=] <N/A>
[=] --- PRNG Information
[+] Prng................. hard
[usb] pm3 --> hf mf autopwn
[=] MIFARE Classic EV1 card detected
[+] loaded 5 user keys
[+] loaded 61 keys from hardcoded default array
[=] running strategy 1
[=] running strategy 2
[=] .
[+] target sector 0 key type A -- found valid key [ A0A1A2A3A4A5 ]
[+] target sector 1 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 1 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 2 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 2 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 3 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 3 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 4 key type A -- found valid key [ A0A1A2A3A4A5 ]
[+] target sector 5 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 5 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 6 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 6 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 7 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 7 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 8 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 8 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 9 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 9 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 10 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 10 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 11 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 11 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 12 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 12 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 13 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 13 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 14 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 14 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 15 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 15 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector 16 key type A -- found valid key [ 5C8FF9990DA2 ]
[+] target sector 16 key type B -- found valid key [ D01AFEEB890A ]
[+] target sector 17 key type A -- found valid key [ 75CCB59C9BED ]
[+] target sector 17 key type B -- found valid key [ 4B791BEA7BCC ]
[=] Hardnested attack starting...
[SNIP]
[+] target sector 0 key type B -- found valid key [ 8627C10A7014 ]
[=] Hardnested attack starting...
[SNIP]
[+] 017 | 071 | 75CCB59C9BED | D | 4B791BEA7BCC | D ( * )
[+] -----+-----+--------------+---+--------------+----
[=] ( D:Dictionary / S:darkSide / U:User / R:Reused / N:Nested / H:Hardnested / C:statiCnested / A:keyA )
[=] ( * ) These sectors used for signature. Lays outside of user memory
[?] MAD key detected. Try `hf mf mad` for more details
[+] Generating binary key file
[+] Found keys have been dumped to `[...]hf-mf-2E5AA9E1-key-003.bin`
[=] --[ FFFFFFFFFFFF ]-- has been inserted for unknown keys where res is 0
[=] transferring keys to simulator memory ( ok )
[=] dumping card content to emulator memory (Cmd Error: 04 can occur)
[#] Block 16 Cmd 0x30 Cmd Error 04
[#] Error No rights reading sector 4 block 0
[#] Block 17 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 17 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 18 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 18 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 19 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 19 Cmd 0x30 Wrong response len, expected 18 got 0
[-] ⛔ fast dump reported back failure w KEY A, swapping to KEY B
[#] Block 4 Cmd 0x30 Cmd Error 04
[#] Error No rights reading sector 1 block 0
[#] Block 5 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 5 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 6 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 6 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 7 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 7 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 8 Cmd 0x30 Cmd Error 04
[#] Error No rights reading sector 2 block 0
[#] Block 9 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 9 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 10 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 10 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 11 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 11 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 12 Cmd 0x30 Cmd Error 04
[#] Error No rights reading sector 3 block 0
[#] Block 13 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 13 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 14 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 14 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 15 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 15 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 20 Cmd 0x30 Cmd Error 04
[#] Error No rights reading sector 5 block 0
[#] Block 21 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 21 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 22 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 22 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 23 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 23 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 24 Cmd 0x30 Cmd Error 04
[#] Error No rights reading sector 6 block 0
[#] Block 25 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 25 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 26 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 26 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 27 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 27 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 28 Cmd 0x30 Cmd Error 04
[#] Error No rights reading sector 7 block 0
[#] Block 29 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 29 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 30 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 30 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 31 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 31 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 32 Cmd 0x30 Cmd Error 04
[#] Error No rights reading sector 8 block 0
[#] Block 33 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 33 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 34 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 34 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 35 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 35 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 36 Cmd 0x30 Cmd Error 04
[#] Error No rights reading sector 9 block 0
[#] Block 37 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 37 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 38 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 38 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 39 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 39 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 40 Cmd 0x30 Cmd Error 04
[#] Error No rights reading sector 10 block 0
[#] Block 41 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 41 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 42 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 42 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 43 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 43 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 44 Cmd 0x30 Cmd Error 04
[#] Error No rights reading sector 11 block 0
[#] Block 45 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 45 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 46 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 46 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 47 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 47 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 48 Cmd 0x30 Cmd Error 04
[#] Error No rights reading sector 12 block 0
[#] Block 49 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 49 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 50 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 50 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 51 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 51 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 52 Cmd 0x30 Cmd Error 04
[#] Error No rights reading sector 13 block 0
[#] Block 53 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 53 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 54 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 54 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 55 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 55 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 56 Cmd 0x30 Cmd Error 04
[#] Error No rights reading sector 14 block 0
[#] Block 57 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 57 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 58 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 58 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 59 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 59 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 60 Cmd 0x30 Cmd Error 04
[#] Error No rights reading sector 15 block 0
[#] Block 61 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 61 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 62 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 62 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 63 Cmd 0x30 Wrong response len, expected 18 got 0
[#] Block 63 Cmd 0x30 Wrong response len, expected 18 got 0
[-] ⛔ fast dump reported back failure w KEY B
[-] ⛔ Dump file is PARTIAL complete
[=] downloading card content from emulator memory
[+] Saved 1024 bytes to binary file `[...]hf-mf-2E5AA9E1-dump-006.bin`
[+] Saved to json file `[...]hf-mf-2E5AA9E1-dump-006.json`
[=] autopwn execution time: 43 seconds
[usb] pm3 --> hf mf dump
[=] Using... hf-mf-2E5AA9E1-key.bin
[+] Loaded binary key file `[...]hf-mf-2E5AA9E1-key.bin`
[=] Reading sector access bits...
[=] .................
[+] Finished reading sector access bits
[=] Dumping all blocks from card...
🕓 Sector... 15 block... 3 ( ok )
[+] Succeeded in dumping all blocks
[+] time: 9 seconds
[=] -----+-----+-------------------------------------------------+-----------------
[=] sec | blk | data | ascii
[=] -----+-----+-------------------------------------------------+-----------------
[=] 0 | 0 | 2E 5A A9 E1 3C 88 04 00 C8 23 00 20 00 00 00 15 | .Z..<....#. ....
[=] | 1 | 15 00 00 00 00 00 00 00 C0 2E 00 00 00 00 00 00 | ................
[=] | 2 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 3 | A0 A1 A2 A3 A4 A5 78 77 88 C1 86 27 C1 0A 70 14 | ......xw...'..p.
[=] 1 | 4 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 5 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 6 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 7 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 2 | 8 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 9 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 10 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 11 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 3 | 12 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 13 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 14 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 15 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 4 | 16 | 12 AF 00 00 16 00 00 00 00 00 00 00 00 98 BE 01 | ................
[=] | 17 | 00 00 00 00 80 FF FF 0C 80 FF FF 80 00 00 00 00 | ................
[=] | 18 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 19 | A0 A1 A2 A3 A4 A5 0F 00 FF AA CA A3 C3 B5 6D 7A | ..............mz
[=] 5 | 20 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 21 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 22 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 23 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 6 | 24 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 25 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 26 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 27 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 7 | 28 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 29 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 30 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 31 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 8 | 32 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 33 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 34 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 35 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 9 | 36 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 37 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 38 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 39 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 10 | 40 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 41 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 42 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 43 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 11 | 44 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 45 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 46 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 47 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 12 | 48 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 49 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 50 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 51 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 13 | 52 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 53 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 54 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 55 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 14 | 56 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 57 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 58 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 59 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 15 | 60 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 61 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 62 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 63 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] -----+-----+-------------------------------------------------+-----------------
[?] MAD key detected. Try `hf mf mad` for more details
[+] Saved 1024 bytes to binary file `[...]hf-mf-2E5AA9E1-dump-007.bin`
[+] Saved to json file `[...]hf-mf-2E5AA9E1-dump-007.json`
[usb] pm3 --> hf mf mad
[=] Authentication ( ok )
[#] Auth error
[=] --- MIFARE App Directory Information ----------------
[=] -----------------------------------------------------
[=] ------------ MAD v1 details -------------
[!] ⚠️ Card publisher not present 0x00
[=] ---------------- Listing ----------------
[=] 00 MAD v1
[=] 01 [0000] free
[=] 02 [0000] free
[=] 03 [0000] free
[=] 04 [2EC0] (unknown)
[=] 05 [0000] free
[=] 06 [0000] free
[=] 07 [0000] free
[=] 08 [0000] free
[=] 09 [0000] free
[=] 10 [0000] free
[=] 11 [0000] free
[=] 12 [0000] free
[=] 13 [0000] free
[=] 14 [0000] free
[=] 15 [0000] free
This is the log of reading the clone:
[usb] pm3 --> hf mf cview
[+] View magic Gen1a MIFARE Classic 1K
[=] .................................................................
[=] -----+-----+-------------------------------------------------+-----------------
[=] sec | blk | data | ascii
[=] -----+-----+-------------------------------------------------+-----------------
[=] 0 | 0 | 2E 5A A9 E1 3C 88 04 00 C8 23 00 20 00 00 00 15 | .Z..<....#. ....
[=] | 1 | 15 00 00 00 00 00 00 00 C0 2E 00 00 00 00 00 00 | ................
[=] | 2 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 3 | A0 A1 A2 A3 A4 A5 78 77 88 C1 86 27 C1 0A 70 14 | ......xw...'..p.
[=] 1 | 4 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 5 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 6 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 7 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 2 | 8 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 9 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 10 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 11 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 3 | 12 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 13 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 14 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 15 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 4 | 16 | 12 AF 00 00 16 00 00 00 00 00 00 00 00 98 BE 01 | ................
[=] | 17 | 00 00 00 00 80 FF FF 0C 80 FF FF 80 00 00 00 00 | ................
[=] | 18 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 19 | A0 A1 A2 A3 A4 A5 0F 00 FF AA CA A3 C3 B5 6D 7A | ..............mz
[=] 5 | 20 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 21 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 22 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 23 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 6 | 24 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 25 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 26 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 27 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 7 | 28 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 29 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 30 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 31 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 8 | 32 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 33 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 34 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 35 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 9 | 36 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 37 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 38 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 39 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 10 | 40 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 41 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 42 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 43 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 11 | 44 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 45 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 46 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 47 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 12 | 48 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 49 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 50 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 51 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 13 | 52 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 53 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 54 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 55 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 14 | 56 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 57 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 58 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 59 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] 15 | 60 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 61 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 62 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[=] | 63 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF | .........i......
[=] -----+-----+-------------------------------------------------+-----------------
[?] MAD key detected. Try `hf mf mad` for more details
[usb] pm3 --> hf mf mad
[=] Authentication ( ok )
[#] Auth error
[=] --- MIFARE App Directory Information ----------------
[=] -----------------------------------------------------
[=] ------------ MAD v1 details -------------
[!] ⚠️ Card publisher not present 0x00
[=] ---------------- Listing ----------------
[=] 00 MAD v1
[=] 01 [0000] free
[=] 02 [0000] free
[=] 03 [0000] free
[=] 04 [2EC0] (unknown)
[=] 05 [0000] free
[=] 06 [0000] free
[=] 07 [0000] free
[=] 08 [0000] free
[=] 09 [0000] free
[=] 10 [0000] free
[=] 11 [0000] free
[=] 12 [0000] free
[=] 13 [0000] free
[=] 14 [0000] free
[=] 15 [0000] free
Is the dump actually okay? It showed plenty of errors after autopwn but not after i dumped it to a file. Or could they be checking for the NXP signature? From my understanding it’s not possible for me to clone this signature to my magic card, so the reader could be able to detect that. But on the other hand, that does feel a bit far fetched, considering the RFID lock accepts various types and forms of tags…
Any idea? Thanks! <3