Duplicate Mifare Ultralight tag


#1

Hello
My school have a new system to come in and out. It use a Mifare Ultralight tag and i wanted to see if i was able to duplicate it and how ?
I have an app to duplicate RFID tags on my phone and it works well with Mifare Classic tags but i’m unable to do this with my Mifare Ultralight tag. I’m still able to read it but i cant copy it. Why ? For now i only have a empty tag but its a Mifare Classic and i rode it cant work, so i’ll bought Mifare Ultralight tags. Do you think i need a tag with a rewritable UID or a normal would work ?
I also have a RC522 reader but i dont own an Arduino board, is it possibe to plug the reader directly in my computer to use it ?

Sorry for my english ( i’m french )


#2

Nearly all NFC chips are designed with an unmodifiable UID, and most access control systems use that UID as the primary, if not only, method of authenticating a device. This makes NFC tags function more like keys and less like programmable chips. From the point of view of the access control system, a key should only ever correspond to a single device, and a single device should only ever have one key. Instead of changing UIDs on devices, you register new devices/UID’s with the system.

Your best solution would be to ask your school to allow you to register an existing NFC tag with their access control system. Then you could use an implant, such as the xNT, which reads as a Mifare Ultralight.

However, if you are set on cloning an existing card, then you will need an off-market chip with a writable page 0 (UID). These chips are always made by third-parties and without the support (or likely even consent) of the manufacturers of the chips they are trying to emulate. Generic 13.56 UID writable cards are pretty common - here’s an Amazon link to a 10 pack. I don’t know if these would be able to work in place of your school’s access tags. It would depend on what kind of information the control system is reading from the tags. If it’s just the UID, which is very possible, then any 13.56 Mhz with the proper UID format will work. However, if the system is configured to read more information, such as the format or type of the card, then these may or may not work.

I’ve also found a few sites that claim to sell writable UID cards specifically targeting a Mifare Ultralight. See this link for one example. I don’t know how reliable these are, but on paper, they should work to clone your school tag.

One thing to note, you will probably need to use a desktop reader/writer instead of just your phone.

Now, if you are looking for something from DangerousThings
DT still has some xM1 implants in stock. These do have a writable UID and might be able to duplicate your school card. However, the xM1 uses a “Chinese backdoor” to emulate a Mifare classic 1k chip, and there are issues with the type of emulation. Additionally, these chips are sensitive to incomplete writes while cloning, and it is not difficult to permanently brick the chip when attempting a clone.

Do a forum search for xM1 and you will find a lot of detailed informaiton from Amal about these chips and how they work


#3

Tanks a lot for your answer.
I’ll try to buy some NFC with writable UID. I don’t want an implant, I just came here because I saw a lot of NFC topics and i thought that someone here could help me.