Help needed with xm1+

hello everybody

i was wondering if there where any people in the Netherlands near almelo
or someone here to help with cloning my mifare 1k i have an acr122u-a9
i have the xm1+ chip already installed

Hi,

I am not from the Netherlands, sorry but I can try to point you in the right direction and give you some reading.
To ensure the card you want to clone is “clone-able” could you scan it with the app NXP Tag Info and post the info; specifically under the heading “IC Type”?
Does the source card have a 7 byte or 4 byte UID?
Does it need a hardnested attack to gain the keys?

There are already some pretty good guides on the forum and externally that already cover this.
Here is a video made by Amal detailing the exact thing.
Please read this post by Amal about the magic Mifare chips.

I have only used a proxmark for this type of task so take what I say with some salt since youre using an ACR122U.

thank you for the reply

i dowloaded the app and got this info under ic type

IC manufacturer: nxp semiconductors
IC type : MIFARE Classic (MF1S50)

i already have al the keys crackd for the card

i have dowloaded the software that amal uses in his video but it doesent unlock it with the standartkeys
now i do have al the ohter keys but what kind of file format does it need

?

i have confirmd that the card i want to copy onto the xm1+ is also a 4 byte uid

Netherlands :netherlands: = @Vicarious
“near” = …Google maps tells me he is over 2hrs away, but he is super knowledgeable a will be a great resource for you “Locally”
Also, from your other posts, you sound quite “maker” capable, @Vicarious is the co-founder of a makerspace in Heerlen :netherlands:

2 Likes

Thank you i have send him. A message

2 Likes

would thare be anyone who knows how to add my own keys to the software @amal
uses becouse the standartkeys dont work

I have never used the software, but I have watched the video. In theory it looks pretty easy, but does mention a couple of things to be aware of.

When you follow the video through, at what stage do you get your error or begin to veer away from the expected results from the video?
This info might help somebody who is familiar with the software to fault find for you…

Do you have a test card you can practice with?
KSEC sell them in Europe, It might be a good option for you, the Mifare Classic gen1 will be the equivalent of the xM1

https://cyborg.ksecsolutions.com/product/mifare-classic-compatible-1k-magic-uid-changeable-uid-gen1/

1 Like

tank you for your reply
i run into problems when trying to copy my exting card
the software says

no sector encrypted with the default key has been found. exiting

i do already have the keys is thare a way that i could maybe tel the program to use those keys instead of the standert keys or add these keys to the software

i did try it wth a dump file from phone but it doesnt change the uid of the chip

i really hope i can get it working

i did try it wth a dump file from phone but it doesnt change the uid of the chip

Did doing this change the contents of the implant to those of the source card?
Have you checked with another tag (not implant) that the reader is actually checking for the UID? Since on the Mifare Classic its a Non-Unique ID thus many places cant trust to only use it as a method of authentication.

yes it did change the content of the chip but did not change the uid of the chip

i live in an old goverment building and for as far as i know it firtst looks at the uid and then at the contents of the card

when it put the contents on the chip i tried it but it did not work

I havent used the program nor the ACR122U so cant comment on your specific question regarding to adding keys to the software.

i do already have the keys

Im curious how you got the keys originally? What did you use? Did you get both keys (A & B)? Did you check they work and allow you to access the data held on the card?

when it put the contents on the chip i tried it but it did not work

More info here could be helpful. When you say it didnt work, what did happen? Was there a rejection light (usually red), a buzzer, some sirens, a voice saying “Access Denied”? If not, how did you know it didnt work but still read the card?

1 Like

so basically there are multiple attack types for mifare and the oldest requires at least one sector use default keys… so if all sectors on your source card are protected with changed keys, then the old crack won’t work anymore. You will probably have to use a proxmark3 with latest RRG/Iceman firmware and use the autopwn command

hf mf autopwn

Then use the proxmark3 to write that dump file to your xM1

i have used mfoc mfcuk on my linux pc
and as far as i know it got al the keys when i read it with my phone and put in the keys in the mifare app it can read al the sectors

i must say i am a noob in this stuff ant just started al of this a few mothns ago

when i tried it the reader tried to read but it looked like it was not geting the right response or somthing we have these readers


the top one says HID on the bottom

thank you very much

now that i now what i am going to need i wil hunt the web for a proxmark3 for a price i can afford :smiley:

1 Like

Thanks for the pictures and info. Im not familiar with either of the pictured readers so take what I say with some salt and do your own additional research. The readers must be high frequency since they accept your MiFare card.
How do the readers respond to something that isnt the correct card? And when you present your xM1 to the reader does it respond similarly to that?

i have used mfoc mfcuk on my linux pc

Again, something Im not familiar with (I need to read more) so my apologies.

i must say i am a noob in this stuff ant just started al of this a few mothns ago

I am completely the same and still think of myself as a noob but (lots of) reading and testing can solve that.

hunt the web for a proxmark3 for a price i can afford

Depending on budget and practical use a Proxmark3 RDV4 is the cream of the crop/top dog when it comes to RFID research. If that is too steep in price or you cant justify spending that on something you wont really use, have a look at the Proxmark3 Easy. Its a stripped down, no bells and whistles budget version of the Proxmark3 RDV2. It’ll do what you want it to do and then some.

Lab401 is a great place for RFID stuffs in Europe. They dont sell the Proxmark3 Easy but do sell the RDV4. I would also highly suggest getting your hands on some MiFare Classic 1K Gen1a magic tags/cards for testing/practice. They are fairly inexpensive and good as backups that you can throw in a bag, give to a friend, bury deep underground in case you misplace the original card.

We also sell the proxmarks RDv4. Happy to throw some mifare cards in with one if helpful.

https://cyborg.ksecsolutions.com/product-category/rfid-tools/proxmark-kit-addons/

You can clone with the ACR but the proxmark is the way to go.

They’re a lot more expensive than what we offer them as.
https://cyborg.ksecsolutions.com/product-category/rfid-tools/rfid-access-cards/

hallo so i am a bit further then i was i went to @Vicarious
and bought a proxmark 3 easy from him i am now trying to get it to work and run into this problem i did flash the firmware to the same as the software on my pc and hope i did it right i think so

but this is the error i am getting
when i run
pm3
this comes up
[=] Session log /home/simon/.proxmark3/logs/log_20200803.txt
[=] Using UART port /dev/ttyACM0
unknown command:: 0x61334d50[!!]
(between this is some time say 10/15 sec)
:rotating_light: ERROR: cannot communicate with the Proxmark

does anyone have some experience in this ?

That error is often caused by a firmware/software mismatch.

Did you flash it with the correct firmware? I believe if you compile the repo bone stock, it compiles for the RDV4. Make sure you didn’t flash it with RDV4 firmware. And make sure you flash both the bootrom and fullimage. Did you compile the repo yourself, or are you using a precompiled version?