Hello :) What is the fastest way to clone a mifare classic 1k?

mala · May 31, 2024, 8:28pm

Hello friends,

I decided to open a second topic after my previous thread was a complete failure with no end solution.

Here on this thread I would like to know what is the fastest way to clone a mifare classic 1k iso14443a chip? The ones I clone on PM3 usually are “hard” and autopwn runs hardnested attack but sometimes it takes an hour and a little bit more to create a dump file. It works but it’s slow. I tried position my tag over the pm3 in the best spot I can find on hf tune command but it’s still slow. Is there some other faster way to do it , maybe using MCT on android (which didn’t work for me at all) or maybe using the number on the original fob (like some online cloners do ) anything makes it faster I’m happy to try.

Aoxhwjfoavdlhsvfpzha · May 31, 2024, 10:05pm

What sort of system do the cards go to?

mala · May 31, 2024, 11:11pm

It’s a proxmark3 easy 512 . The tags I need to copy are 4 bytes hf iso1444a

Aoxhwjfoavdlhsvfpzha · May 31, 2024, 11:28pm

Right, but what are the tags being used for?

mala · May 31, 2024, 11:31pm

It’s for a lock on a door, the brand of the reader is ICT

Aoxhwjfoavdlhsvfpzha · May 31, 2024, 11:38pm

The fastest way to clone that tag is probably to sniff as many keys as you can from the reader and clone the relevant sections, here’s a little more about the sniffing process:

https://forum.dangerousthings.com/t/dealing-with-mifare-classic-1k-static-encrypted-nonces

Pilgrimsmaster · May 31, 2024, 11:54pm

So the reading is taking the most time!?
How long does the writing take?
How many cards do you need to do?
Do you need them to be all unique?
Could you use one dump and just write that to many?
Do you have access to simply enroll cards into the lock?
Have you looked at using the ICT software and reader/writer?
A flipper is capable of sniffing keys and storing a library…might be worth a test.

mala · June 1, 2024, 5:05am

Sniffing sound like a great idea! I will try that and I will let you know

mala · June 1, 2024, 5:10am

Reading takes a long time but writing takes less than a minute. I need to clone few different cards into different duplicates. Unfortunately I can’t use one dump because it’s different tags for different readers ( which are all ICT ). I don’t have access to enroll cards in to the lock.

mala · June 10, 2024, 5:54pm

Sniffing worked but it also takes time. I found what the problem is. The problem is the fob I have is heavily encrypted. Sector B shows all red and half of sector A shows in red too. I tried different MF1 fob to do autopwn (which only had 2 blocks in red) and it took less than 3 minutes.

Aoxhwjfoavdlhsvfpzha · June 10, 2024, 9:48pm

Now that you have at least one key from sniffing you can feed that key into autopwn to hopefully speed it up too

You’d do:
hf mf autopwn -k <Your_Key_Here>

mala · June 10, 2024, 11:06pm

Easy peasy . Yes it’s definitely faster . You can also use a key like “FFFFFFFFFFFFF” right ? Maybe save a few minutes and skip sniffing. I will try it and I will let you know if its faster.

mala · June 10, 2024, 11:22pm

Yes I tried it it works . I just did a CHK on the keys and use whatever key even if it’s “FFFFFFFFFFFFF” just to save few minutes and skip sniffing. Faster by at least %20