MrKeyFob app DRM

nerp · October 27, 2023, 3:25am

Has anyone played with the MrKeyFob cloning app? Have figured out all of the DRM it uses for LF rfids (password and trace data) and mifares (special UID and some data in 1 block) but have not figured what it uses for iClass. From my understanding from inspecting the blank MrKeyFob iClass fobs and preliminary inspection of decompiling the .exe, it uses some data on block 18 that is unique to each fob most likely tied into the CSN. This value changes when a credential is is written to it using the app.

I can share the app, dumps, and sniffs for validating a blank, writing, wiping

Already started scrutinizing the decompiled version

amal · October 27, 2023, 6:25pm

I’ve never really looked at this, but my curiosity is piqued. I’ve DM’d you

nerp · November 6, 2023, 1:08am

I included dumps of:

2 mrkeyfob iclass tags
mifare classic 1k gen 4 gdm
LF t5577 restore file to make compatible with program (need to write pg1 also)

Dumps: mrkeyfob dumps - Google Drive

MKF windows app: MKF_V0.7.zip - Google Drive

nerp · November 6, 2023, 1:16am

well we’re all in this together in figuring out what exactly MrKeyFob uses for its own proprietary DRM. Also interesting how MKF explicitly violates the pm3 open source license by not publishing the code.

nerp · November 6, 2023, 2:36am

Pm’d you - also have more information in terms of sniffing the transaction from pm3 running MKF software and iClass tag. Not too much useful information but the more info we have on this the better.

nerp · November 6, 2023, 2:54am

the DRM for mifare is just the UID set to 00 00 00 00 by the looks of it

Am009 · August 5, 2024, 7:51pm

Are these dumps working for iclass? I tried to restore but it dosent show for blank iclass on mkf

Dangerousenti · December 18, 2024, 11:10pm

How do I use the app with proxmark3?