kimnue
September 6, 2025, 9:03pm
1
i have test clone success with command csetuid and dump and cload file success then
i bought the card from online. and it is magic card Gen2 CUID . so i google at dangerousthing.com . it said Gen2/CUID cant use command for csetuid and dum and cload file . so how can i clone the card . i read and it said it need to use command hf mf wrbl --blk 1 -k A0A1A2A3A4A5 -d 000102030405060708090a0b0c0d0e0f
so here is data of the original card that i want to clone
[usb] pm3 → hf mf info [=]
— ISO14443-a Information -----------------------------
[+] UID: 2E D4 3D 9E [+] ATQA: 00 04 [+] SAK: 08 [1]
[=] — Keys Information
[+] loaded 2 user keys
[+] loaded 61 hardcoded keys
[+] Sector 0 key A… A0A1A2A3A4A5 [+] Sector 0 key B… FFFFFFFFFFFF
[+] Sector 1 key A… D3F7D3F7D3F7 [+] Sector 1 key B… FFFFFFFFFFFF
[+] Block 0… 2ED43D9E590804006263646566676869 | bcdefghi [=]
— Fingerprint [+] Fudan based card [=] — Magic Tag Information [=] <n/a>
[=] — PRNG Information [#] Static nonce… 01200145
[+] Static nonce… yes
so i try guessing if i want uid . i need to write to block 0 with key A = A0A1A2A3A4A5 and key B = FFFFFFFFFFFF
so i run test run command like below
hf mf wrbl --blk 0 -k A0A1A2A3A4A5 -d 2ED43D9E590804006263646566676869 (2ED43D9E590804006263646566676869 guessing from Block0 )
the problem is it failed. can anyone show me run the command how to clone uid from original card to magic card gen2/CUID . does it can change uid . Pls help
You’ll need to use the --force flag to write to block 0
Something like:hf mf wrbl --blk 0 -k A0A1A2A3A4A5 -d 2ED43D9E590804006263646566676869 --force
Also, for Gen2s if you change the UID I think you have to change the BCC accordingly as well, if you haven’t already
1 Like
kimnue
September 7, 2025, 12:15am
3
i mkinda newbies. obe more thing that i dont understand . -d xxxxx what data that should i input in. where to get that data
does -d data that i input is correct data. im guessing from topic 9 . block0
kimnue
September 7, 2025, 12:18am
4
how yo change BCC . im still doesnt know ehat is BCC . just got this pm3 for couple day ^^
kimnue
September 7, 2025, 12:32am
5
now i make it better .
here is original key infomation
[usb] pm3 → hf mf info
[=] — ISO14443-a Information -----------------------------
[=] — Keys Information
=================================================================
Here magiccard CUID
[usb] pm3 → hf mf wrbl --blk 0 -d 2ED43D9E590804006263646566676869 --force
[=] Writing block no 0, key type:A - FFFFFFFFFFFFhf mf rdbl to verify
[=] — ISO14443-a Information -----------------------------
[=] — Keys Information
The uid already change but the secotro 0 and sector 1 of magic card CUID . is not same as original card. No idea how to change data there ?
k1m3r4
October 23, 2025, 9:31am
7
hey could i contact you somehow? im doing the same and im having the same issue with a gen2 card, how did u manage to do it?
amal
October 23, 2025, 2:49pm
8
if you can just hash it out here in the public forum.. that way everyone benefits from the interaction!
3 Likes
k1m3r4
October 24, 2025, 10:56am
9
how did u do it? which commands did u use in the end?
What exactly is the problem you’re having?
1 Like
k1m3r4
October 25, 2025, 3:46pm
12
i have gen2 cards from aliexpress that were allegedly CUID but when i run hf mf cload i get auth error. how to force cload a dump on this card with other command???
k1m3r4
October 25, 2025, 4:27pm
13
i have already set the 0 block with the original card’s one with hf mf wrbl. it works
then i try to use cload on the magic card, i get this:
pm3 → hf mf cload -f “nuevo dump.bin”
[+] Loaded 1024 bytes from binary file ‘nuevo dump.bin’
[=] Copying to magic gen1a MIFARE Classic 1K
[=]
[#] wupC error
[!] Can’t set magic card block: 0
[?] Hint: Verify that it is a GDM and not USCUID derivative
i am frustrated, how can i write the card with the dump? it is gen2 magic card from aliexpress
hf mf cload is for gen1a chips only. it is not for GEN2/CUID chips
use the hf mf restore -hcommand to upload the memory data to the gen2.
2 Likes