Cloning LEGIC Prime MIM256

Support
#1

Howdy Folks,
I have my lunch break right now and since my proxmark arrived, I’ve decided to give it a spin. Flashing bootrom and full image of iceman fork was a breeze. It took me less time compared to brewing a coffee. So now it’s playtime :slight_smile:
I mentioned in my previous topic that I have one tag which I cannot read with the flipper. Well I can read it with the proxmark just fine.
So the usual drill went as follow
lf search - nothing.
hf search and we have a winner

[usb] pm3 → hf search
:clock9: Searching for LEGIC tag…
[+] MCD: **
[+] MSN: ** ** **
[+] TYPE: MIM256 card (234 bytes)

[+] Valid LEGIC Prime tag found

Please bare in mind that * are actual numbers. So I started digging about Legic mim and found this very nice article from KSEC https://tagbase.ksec.co.uk/legic/legic-prime-mim256/

I will for sure spend more time researching this product, but just to cut some corners(and share some experience). Is the mim256 clonable to something like gena1 1k s50 ? Maybe a lame question but I just discovered mim256 15 mins ago. Thanks a lot!

2 Likes
#2

Same here – I appreciate any advice!

I am an absolut newbie, but I found this, and even though I don’t know how to follow this instruction, it sounds promising:

1 Like
#3

Thank you! I just loaded the lua script like so
mkdir ~/.proxmark3/luascripts
cd ~/.proxmark3/luascripts
wget https://raw.githubusercontent.com/zhovner/proxmark3-1/4784cfd3fd2acc12d3057e322cbd8cb719a5325c/client/scripts/Legic_clone.lua

next when I exec pm3 and then
[usb] pm3 → script list

[ Lua scripts ]
├── /Users/$myusername/.proxmark3/luascripts/
│ └── Legic_clone.lua

Next would be to dump the tag memory. Lua is not my strongest language, but it doesn’t look like a quantum mechanics as well.
Let’s see after I dump the data what I could do with it.
Thanks for the link!

#4

btw one more thing( or actually a few)
seems like the legic is officially supported in the proxmark
check this out
hf legic info
also the lua script advices to create a hex dump via
hf legic save my_dump.hex

if you run the iceman fork

[usb] pm3 → hf legic reader

[+] MCD: 11

[+] MSN: 22 33 44

[+] TYPE: MIM256 card (234 bytes)

[usb] pm3 → hf legic dump

[+] TYPE: MIM256 card (234 bytes)

[+] Reading tag memory 256 b…

[=] Using UID as filename

[=] FILE PATH: hf-legic-11223344-dump.bin

[+] saved 256 bytes to binary file hf-legic-11223344-dump.bin

[=] FILE PATH: hf-legic-11223344-dump.eml

[+] saved 32 blocks to text file hf-legic-11223344-dump.eml

[=] FILE PATH: hf-legic-11223344-dump.json

[+] saved to json file hf-legic-11223344-dump.json

now to see how to write this 0 and 1s to another medium

#5

@amal @Pilgrimsmaster
Folks do you know if legic prime mim256 can be emulated or replicated(please check the posts above)? I am almost sure the answer is not really, but I am looking for your input. Thanks!

#6

Here come my excuses

I am away from home at the moment

I dont have my PM3 with me

I don’t have a MIM256 card

I’ve never tried before

Does it provide you with a UID?
How many bytes is the UID?

1 Like
#7

No worries @Pilgrimsmaster
I am researching the topic as we speak. Not much info thou.
Found some official specs under LEGIC Smartcard ICs: LEGIC
I also found the following presentation made from two very interesting individuals, which I am planning to watch right now
26C3: Legic Prime: Obscurity in Depth 1/7 - YouTube
Looks like a nice thing to research and to play with.

1 Like