Need help deciding between Proxmark3 Easy vs Proxmark3 RDV4 for copying Mifare Classic 1K fob

Hi I am new to this world so this is prob a newb question but I have a few questions regarding whether a Proxmark3 Easy from DT vs a Proxmark3 RVD4 from HW is the right tool to solve my problem which is to copy a Mifare Classic 1K fob (I think? photos below).

After sifting thru the internet I can’t find the exact answers and it seems like this community has a lot of knowledge. Here is my question let me know if anyone can help:

I was trying to copy the Fob in this photo below with my flipper zero



and it came back with the following info:

MIFARE Classic 1K

UID: 36 50 EF 62

Keys Found: 28/32

Sectors Read: 14/16

I tried loading on the Xtreme Firmware and running the MFKey32 but no luck finding more keys.

I have access to my key and the reader and from all the searching it seems like the best tool to get these missing keys is the Proxmark3 but not sure which one is the better one for this specific job. Also I am Mac based so just want to make sure there is an easy solution for using the Proxmark3 on a Mac.

Let me know if anyone can help or if you need more info or photos to help me make this decision

Thanks in advance!

Have you tried the “Unlock with reader” option on your flipper?

1 Like

No I have not tried this–I will try and report back–thanks for the quick response!

1 Like

unlock wih reader is for mifare ultralight

@Pmjens extreme has been dead for 9 months seriously stop using it. update to latest momentum there is a wealth of key recovery tools for mifare classic that have been implemented this year. follow this guide when you have updated

if you do want a proxmark, you do not need an rdv4 for the simple task of copying a mifare classic.

3 Likes

Whoops, good to know!

2 Likes

Both will do the job and are extremely similar from a functional perspective.

The Easy is significantly cheaper, and it’s a stack of circuit boards.

The RDV4 is smaller, has a nice plastic case, replaceable antennas, and there’s a Bluetooth module available.

1 Like

Blockquote[quote=“Equipter, post:4, topic:23789, full:true”]
unlock wih reader is for mifare ultralight

@Pmjens extreme has been dead for 9 months seriously stop using it. update to latest momentum there is a wealth of key recovery tools for mifare classic that have been implemented this year. follow this guide when you have updated

if you do want a proxmark, you do not need an rdv4 for the simple task of copying a mifare classic.
[/quote]

Great thank you so much for the info–have gone and updated to Momentum already and will report back if that was enough to get the job done. Thanks again!

1 Like

A post was merged into an existing topic: Trying to clone fob mifare “classic” 1k

Here is what I got back with Flipper with updated Momentum firmware.

I first read the card/fob using the flipper Nfc “read” feature and then went to the saved file and used the “extract MF Keys” and tapped the flipper up against the actual reader (see photo below) which said it read nonces.


Then I ran the MFKey feature and here is what I got back:

Filetype: Flipper NFC device
Version: 4

Device type can be ISO14443-3A, ISO14443-3B, ISO14443-4A, ISO14443-4B, ISO15693-3, FeliCa, NTAG/Ultralight, Mifare Classic, Mifare Plus, Mifare DESFire, SLIX, ST25TB, EMV

Device type: Mifare Classic

UID is common for all formats

UID: 36 50 EF 62

ISO14443-3A specific data

ATQA: 00 04
SAK: 08

Mifare Classic specific data

Mifare Classic type: 1K
Data format version: 2

Mifare Classic blocks, ‘??’ means unknown data

Block 0: 36 50 EF 62 EB 88 04 00 C8 14 00 20 00 00 00 19
Block 1: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 2: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 3: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 5: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 6: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 7: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 9: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 11: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 15: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 17: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 18: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 19: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 21: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 22: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 23: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 24: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 25: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 26: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 27: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 28: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 29: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 31: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 33: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 34: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 35: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 36: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 37: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 38: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 39: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 41: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 42: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 43: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 44: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 45: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 46: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 47: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 49: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 51: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 52: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
Block 53: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
Block 54: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
Block 55: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
Block 56: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
Block 57: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
Block 58: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
Block 59: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
Block 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 61: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 62: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 63: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

I have the .nfc file pasted above and after running the MFkey I got the below info after running the “manual attack” (see screenshot):

And then I got the below after running “give me the keys”:

Then I attempted to Read the card again to see if it had any more sectors or keys available and it was still:

Keys Found: 28/32

Sectors Read: 14/16

Let me know if this is as far as the flipper can take me with this specific key? If so I am willing to buy the Proxmark3 to crack this thing–just want to make sure it can be done using the Proxmark3

Any advice greatly appreciated!

Thanks again!

1 Like

Have you tried a nested attack? If you go to apps → NFC → Mifare Nested.

Edit: whoops apparently the app no longer works on new fw versions. Anyway you should be able to downgrade, crack the key, then go back to a newer version.

Did you manage to figure this out? I just realized that the nested attack is built into the newest version of the NFC app.

I tested writing a random key to a card, read it using NFC → Read, then used the Flipper MFKey app to crack the nonces and was able to successfully find the key, though I used a 1k card and not a 4k.

Noting that I didn’t use the “Extract MFC keys” feature or access a reader.

Not sure if this is different from what you tried or not though.

1 Like