I’m new to using Proxmark3 Easy, and I cloned my apartment fob to one of those cheap blue fobs you can buy on Aliexpress.
I used the commands:
hf mf autopwn
hf mf restore
But what I noticed, was that after the blank fob was written to I cannot write to it a second time.
I get the error:
[#] Auth error
[=] Writing to manufacture block w key B ( fail )
Are these fobs one time use? Or is there a special command to wipe them or make them re-writable?
That depends on what you bought. Got a link?
CUID (gen2 direct write). Should be able to reuse unless you messed up the ACLs. Can you post the full contents of sector 0?
i’m posting this as a PSA… but also because i want to force the issue with China… but “CUID” does not mean gen2… I have had plenty of vendors and suppliers use CUID to mean anything from mifare classic legit cards with no changable UID to gen1a and gen2… but on the other hand they don’t know what “gen2” means either… so I have to ask them every time to confirm how the card / chip works, and I do this by asking for the exact proxmark3 commands used to write to it. Once they send me the commands I know what kind of chip it is.
This is the way.
The exact commands I used were on the first post: hf mf restore
I did not specify the bin file, but it grabbed the correct one automatically after running: hf mf autopwn
I tried writing onto two blank fobs, but after writing to them once, I get an auth error when attempting to write again.
Below is a screenshot of the error.
The bottom screenshot is writing to the fob for the first time without errors.
The top screenshot is attempting to write on the fob that already has been written to with auth errors.
Below is an image of Sector 0, left is the blank fob, right is the written one.
https://imgur.com/a/EPlWFSG
FF in the access bits for sector 0 means you can’t touch block 0. Either this got messed up in the restore, or they didn’t send you a gen2 card.
On the other hand, it’s about as close as we can get to something of a standard name. Trustworthy vendors have always send me the correct tags under those names.
But the copied fob is fully functional.
And as you can see from the before and after screenshots, I had successfully changed sector 0 the first time I wrote onto it.
I obtained the answer on Discord, so I thought I’d share it here in case anyone ran into the same issue.
The sector trailers for the Mifare Classic 1K: blocks 3,7,11… 63 need to be rewritten first.
In my case, blocks 0 to 7 had an auth error, so I need to re-write blocks 3 and 7.
After obtaining the keys to those sectors with: hf mf autopwn
I re-wrote the sectors using: hf mf wrbl --blk [block] -d FFFFFFFFFFFFFF078069FFFFFFFFFFFF -k [key]
After doing this, I’m able to re-write to the fob again with: hf mf restore
No more auth errors.