Hi I have recently gotten an RFID lockbox that came with a mifare 1k fob but the keys on it are all default FFFFFFFFFFFF. There is a setting on the lockbox where I scan whatever fob I want and it will save it as useable for the box. Basically I want to make my own fob with hidden keys. I saw there is a command called write to block but I am unsure beyond the example shown as how do you figure out what the hex bytes for keys different beyond FFFFFFFFFFFF.
Can you post a full dump of the key you’re trying to copy?
Oh I’m not trying to copy a key. I’m trying to add different keys I know to different sectors to make a custom key.
Your box is probably just using the tag’s UID
1 Like
ah ok but is there a way to make custom keyed mifare fobs?
Yes, there is… The fourth block in each sector contains the A & B keys for that sector and as long as the access bits allow (the data between the keys) then you can change the keys to whatever you like.
As an example, block 3 (being the 4th block of sector 1) can contain data such as:
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
The first FFFFFFFFFFFF is the A key for the sector
The FF078069 are the access bits for that sector which define what data is modifiable with which key, and
The final FFFFFFFFFFFF is the B key.
So if you ran a command like:
hf mf wrbl --blk 3 -k FFFFFFFFFFFF -d xxxxxxxxxxxxFF078069yyyyyyyyyyyy
Would change the A key of sector 1 to xxxxxxxxxxxx and the B key to yyyyyyyyyyyy
If you want more info on the access bits there is plenty of info online. Just google ‘mifare access bits calculator’
Hope that helps!
4 Likes
If I have the data from a fob, and just edit the data in block 0 of sector 0, can I write that straight to my xMagic? Or are there checksums that need to match lest I brick my lovely lil chip?
