Hey all,
I have my NExT chip installed, and Proxmark3 handy, and first item on the agenda was to clone my work fob.
I’ve read a bunch of posts so just trying to string together bits of information.
Running hf mfp info
on my fob gives:
[=] --- Tag Information ---------------------------
[+] UID: 01 23 45 67 78 90 12
[+] ATQA: 00 44
[+] SAK: 08 [2]
[+] MANUFACTURER: NXP Semiconductors Germany
[+] Possible types:
[+] MIFARE Classic 1K CL2
[=] -------------------------- ATS --------------------------
[+] ATS: 0C 75 77 80 02 C1 05 21 30 10 F6 D1 [ D3 00 ]
[=] 0C............... TL length is 12 bytes
[=] 75............ T0 TA1 is present, TB1 is present, TC1 is present, FSCI is 5 (FSC = 64)
[=] 77......... TA1 different divisors are supported, DR: [2, 4, 8], DS: [2, 4, 8]
[=] 80...... TB1 SFGI = 0 (SFGT = (not needed) 0/fc), FWI = 8 (FWT = 1048576/fc)
[=] 02... TC1 NAD is NOT supported, CID is supported
[=] -------------------- Historical bytes --------------------
[=] C1 05 21 30 10 F6 D1
[+] C1..................... Mifare or (multiple) virtual cards of various type
[+] 05.................. length is 5 bytes
[+] 2x............... MIFARE Plus
[+] x1............... 1 kByte
[+] x0............ Generation 1
[+] x0......... Only VCSL supported
[?] Hint: try `hf mfp info`
[=] --- Fingerprint
[=] SIZE: 2K (7 UID)
[=] SAK: 2K 7b UID
[=] --- Security Level (SL)
[+] SL mode: SL1
[=] SL 1: backwards functional compatibility mode (with MIFARE Classic 1K / 4K) with an optional AES authentication
Running hf mf autopwn
doesn’t do much:
[!] ⚠️ no known key was supplied, key recovery might fail
[+] loaded 59 keys from hardcoded default array
[=] running strategy 1
[=] running strategy 2
[=] ......
[-] ⛔ No usable key was found!
As far as I understand, because it’s SL1, I might be in luck downgrading it to a MIFARE Classic?
Edit: just read the NExT can’t do MIFARE Classic anyway, but only MIFARE Ultralight.
I can choose a fob or an access card. Do you think the access card would have any less security on it? Or be the exact same setup as the fob?
Otherwise, the security guys would be happy to enrol my chip if possible but would I have to confirm they allow MIFARE Ultralight?
Would appreciate any help from here!