Cloning MIFARE Classic with PM3 Iceman

Hi, the company that deals with waste collection provides us with a card (credit card format) to open the various containers (plastic, paper, organic etc.) the card should be a mifare classic, I would like to clone it on a key fob because 'it’s more convenient, I have the PM3 easy with the Iceman firmware, but I don’t know where to start… who can help me? Thank you… :slight_smile:

1 Like

Do you have the PM3 client up and running?

You can check with hf search

2 Likes

Hello, thanks for replying, here’s the response,

and here;s the response for the blank keyfob

They look similar / identical… (…) now? how to proceed? thanks

1 Like

Do you know if the target fob is a magic tag?

Next you would try hf mf auto on the source card

2 Likes

how can i check it, with hf mf info?

1 Like

That should check for magic capabilities, yes

2 Likes

it says magic tag info: N/A

1 Like

You may need a different target fob then, depending on the system

Some parts of the tag can’t be written to by default, you need a magic chip to be able to clone the whole card

There is a small chance however that whatever system it is doesn’t use the bits that you can’t copy at the moment

2 Likes

so let’s try, maybe I’m lucky… garbage collection system should not be a safe… perheps they did not use the hardcoded part… please tell me how to proceed, i’m a dummy regarding PM3… thanks

1 Like

Have you done this part?

2 Likes

I’ll do now… hold on

after 25 seconds eventually ii says
Card is not vulnerable to Darkside attack (doesn’t send NACK on authentication requests).

[-] No usable key was found!

Does it keep going after that?

Try an hf mf mad just for funsies

1 Like

Auth error
[!] error, read sector 0. card doesn’t have MAD or doesn’t have MAD on default keys

Can you post a picture of the ending of the output from hf mf auto

1 Like

That’s interesting, I don’t think I’ve ever seen that particular error.

You could try repositioning the card on the PM3, trying to get better coupling, as well as making sure the PM3 isn’t over a conductive surface which could cause interference

If none of that works I think you’ll be stuck with trying to sniff the reader, here’s a little more info about that:

2 Likes

thankyou… I’ve tried to reposition the card in the meantime, response is always the same… no luck,., now I have to wrap up, I will read what you suggested and in case I’ll ask for help again… thanks again…

1 Like

Next suggestion is:

  • run autopwn with a dictionary

if that doesn’t work you will need to sniff the traffic to extract a key or two that way.

and of course, always make sure people are on latest source…

1 Like

Hello… I need some more explanation please, I’m on my first experience with PM3 and hf cards, I only used it once to dump/restore an lf t5577 fob…nothing more :slight_smile: what do you mean by “a dictionary”? where can I get a basic knowledge text to learn something more about PM3 and related firmware?