Hello everyone! I faced such problem. I copied my card using Mifare Classic Tool to gen2 magic tag. But the scanner does not notice the clone, despite the fact that they are identical now. What could be the reason? Thanks!
What do you mean by “doesn’t notice”? Is it reading the card and rejecting it, or not even acknowledging that there’s a card in the field at all? Also, how did you clone the card? It’s entirely possible that you cloned the UID but not the card contents
1 Like
this is a feature of some systems.
gen2det is incredibly rare but it can happen.
double check your clone using a hex dump comparator tool to make sure they’re the exact same. if they are the exact same and its not working then, unfortunately, you have terrible luck and will most likely need a gen3 APDU lockable magic mifare or a chameleon
Thanks for the answer! I made a full dump. And all the sectors of the card and the clone are identical. I can’t say 100%, but it seems the scanner doesn’t even notice the clone. Although the original works.
Thank you! I think this is the key for my problem!
actually there is no real way to check for gen2 except to try to write to sector 0 and that could potentially be destructive to the card, and would rely on access bits allowing it. the back door command for gen1a however is easy to test for and non-destructive, and this is what’s been seen in the wild.
The question here is - how did you make the full dump? If you used MCT to do this, and you did not have keys for a sector further down, like sector 9 or something… then MCT would not be able to dump it properly and it would not be identical.
This is still not answered fully… what do you mean by “doesn’t even notice the clone”… if you mean the reader does nothing… no beeps… no indication it’s getting a read, then possibly it’s not reading the clone. I assume this is a flexM1 gen2 implant you’re talking about, and it might be possible the reader is just shit at reading smaller transponders?
One way to test this would be to present a full sized card… one that is not allowed on the system… you should at least get a beep confirmation from the reader that the card was read, but not allowed access.
gen2 detection has been spotted in a handful of places, even in slightly older systems. its non compromising to anything but gen2, it is rare as hell but its been seen.
1 Like
really? how does it work?
You could read sector 0, make a trivial change, write it, read it and see if it changed, and if so change it back and ignore the card.
But that is about the only way I can think of doing it.
its basically as you said before sending a faux block write.
its non-compromising, same affect of using rolling code that writes to the card on every read like a stored value card.
EDIT: its based off RATs and depending on tag, ATS. it can be detected and in a lot of cases it will proceed to write a block 0 consisting entirely of 0s. to intentionally brick the tag (as discovered by TCPRST) but on occasion its a non offensive detect sending a write byte to block 0, if the write is permitted, access will not be granted or even aknowleged
1 Like
i’m just shocked this would even bother to be implemented in a reader… almost always those are aiming for rock bottom cost, not complex security… it is mifare after all.
usually its an affect of another system in place (EG rolling code) and it doesn’t cost anything to add the implementation, but they can charge people for the added security even if its completely circumventable
1 Like