I have a habit of consolidating all of my nfc/rfid tags onto generic / multi use tags (stickers if possible) that I can stick to the back of my phone (inside the case).
This just helps make sure I don’t need to carry around 5+ tags on my keys all day.
To do this I’ve used many things over the years, but currently have/use the flipper zero. This has worked without issue until I met with our new office’s MiFare Ultralight C tags.
I’ve tried the default dictionary that comes with the tool, but it doesn’t seem to work (still shows some sectors as protected).
Is there any way out there to do this yet, without brute forcing (or with brute forcing “safely” via a computer with a bit more resources than the trusty f0 and not locking my tag)?
I’ve got some “magic” tags from here that I plan to write to:
The flipper comes with a built in dictionary that it tries when first reading the card. I can add more dictionary values but hesitant to until I fully unstable how the anti tamper protection works.
here’s the tough part. if you are sure this is an Ultralight C, not an Ultralight C EV1, then there is no auth counter and you can try as many times as you like. If it’s an Ultralight C EV1 then it may have a counter and it may be active, and it may brick the chip (lock it unreadable) if you try an admin password more times than the auth counter is set for.
So many tag detection mechanisms in pretty much every piece of software I’ve seen do not care to, or know how to, differentiate tags all that well. Hell NFC Tools on Android calls every NTAG2xx chip an Ultralight. Your best bet might be to use an Android phone with TagInfo and see what chip type it detects. If anything is going to be able to ID an NXP chip properly, it’s NXP’s TagInfo app.
TagInfo says IC type MIFARE Ultralight C (MF0ICU2). Is that enough to prove it’s not an EV1 (and therefore I can chuck a brute force attack at it without worry?
if its from a hotel, dm me the uid ill give you the key (the uid is not pii and you can check out my forum profile to verify that im legit just being helpful)
This is going to sound stupid, but I assume as it’s because I’m a new member I don’t have the ability to message (at least I can’t find the button when clicking on you!). Happy if I send to the email on your github page?
It’s not technically a hotel (it’s our new offices, but they are part of a hotel complex).
