Trying to clone a MIFARE Classic 1K to card

aprieto · September 1, 2023, 7:14am

I autopwn my current fob, it found keys and saved 64 blocks to text file /Users/home/hf-mf-B3929B7F-dump-006.eml. I also used autopwn on the new key card and its saved the keys to: hf-mf-B3929B7F-key-003.bin

I tired cload and got the error below, and tried restore but the card still doesn’t work.

Any help is appreciated!

[usb] pm3 --> hf mf cload -f hf-mf-B3929B7F-dump-006.eml
[+] loaded 1024 bytes from text file hf-mf-B3929B7F-dump-006.eml
[=] Copying to magic gen1a card
[=] .[#] wupC1 error
[!] ⚠️  Can't set magic card block: 0
[usb] pm3 --> hf mf restore -f hf-mf-B3929B7F-dump-006.eml -k /Users/home/hf-mf-85008785-key.bin
[=] Using key file... `/Users/home/hf-mf-85008785-key.bin`
[+] loaded 1024 bytes from text file hf-mf-B3929B7F-dump-006.eml
[=] Restoring hf-mf-B3929B7F-dump-006.eml to card
[=]  blk | 
[=] -----+------------------------------------------------------------
[=]    0 | B3 92 9B 7F C5 88 04 00 C8 49 00 20 00 00 00 15 
[Removed for privacy]
[=]   63 | FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF 
[=] -----+------------------------------------------------------------

[=] Done!

Aoxhwjfoavdlhsvfpzha · September 1, 2023, 7:44am

Is your new card a Magic Gen1A card?

Equipter · September 1, 2023, 3:15pm

It’s not answering to the magic wake up command so what you’re using isn’t a gen1a

aprieto · September 1, 2023, 5:50pm

I believe it’s Gen2

Pilgrimsmaster · September 1, 2023, 7:11pm

I personally use MCT for my gen2 reading and writing (Which I do reasonably frequently)

It has many useful functions, but the 3 I use the most

Clone UID

This might be all you need

Otherwise just

Read
Write

Should be pretty straight forward, but let me know if you need some more guidance

The Diff Tool can be useful also

aprieto · September 1, 2023, 10:06pm

Wish I could, but I don’t have Android

amal · September 1, 2023, 10:14pm

I believe on the proxmark3 you just run a restore command for gen2 and there might be a parameter switch for including sector 0 in that restore error process.

ayancey · October 9, 2023, 8:53pm

I have an implanted xMagic which i believe has a gen1a mifare chip. Getting these errors:

command: hf mf cload -f hf-mf-XXXXXXXX-dump.eml

[=] Copying to magic gen1a card
[=] .[#] write block send data error
[!] Can’t set magic card block: 0

and

[=] Copying to magic gen1a card
[=] .[#] wupC1 error
[!] Can’t set magic card block: 0
[usb] pm3 → hf search

Seems like its a bad idea to try and program it only a day or two after implanting? I don’t want to risk corruption but I’m also impatient. Is it safe to run these commands?

Aoxhwjfoavdlhsvfpzha · October 9, 2023, 9:28pm

Yes, but I believe it’s not because you may brick the HF side:

It usually takes a few weeks following an install for swelling to go down, and making it easier to get a good connection with your new implant, so it’s always recommended to wait a while

However, I don’t think the Gen1A chips can be bricked this way, as you can always just use the magic commands to re-write any data that gets messed up. Hopefully someone will come along and confirm that or not

Thanks again @Equipter !

Double however, the LF side of your xMagic absolutely is vulnerable to bricking from poor coupling, so you should wait to play with that until you’re certain you can get a good connection

Long story short:
If you’re impatient and want to play around, stick to HF

Also, welcome to the club!

ayancey · October 9, 2023, 9:58pm

Thank you very much! My buddy got an xEM years ago and unfortunately seems to have bricked it, so I have avoided LF altogether until I buy a cylindrical antenna (this one seems good).

I have a proxmark3 easy right now but have an RDV4 on the way.

Equipter · October 9, 2023, 10:36pm

yes they very much can, although very unlikely it is still totally possible to brick a gen1 with bad writes

my advice? leave it be. for like a week. then when you’re prepared to do your cloning do hf 14a reader -@ and use the pm3’s hf antenna (use the underside of the device) against the implant until you get consistent ID output, then when you know where the coupling is good, do the write command then.

don’t worry if it fails halfway through, coupling needs to be tight

edit to add: @Aoxhwjfoavdlhsvfpzha describes it best but yeah while you’re healing all that blood and tissue fixing going on inside your hand is gonna make it harder to read/write so writing to it will be harder ergo it may not even work on your desired reader until that healing period is over & you’re able to get the most of your implant

Pilgrimsmaster · October 10, 2023, 3:20am

Nooooooooooo!

Oh well.

The RDV4 is good, but so is the easy.
Im assuming you wanted it for the DT LF Antenna

In my opinion, you would have been better off getting a Flipper.

No you have 2 proxmarks…

Anyway.
Your choice.

die-hard-john-mc-clane

ayancey · October 10, 2023, 3:32am

I looked into the flipper at first but it didn’t seem as versatile as proxmark. Is it good for dangerous things implants?

Pilgrimsmaster · October 10, 2023, 5:30am

My opinion, The PM3 is more capable, but now you have 2…

I really like my Flipper, and for most people it is more than enough, others who want to be able to do more diagnostic stuff, a PM3 is a better choice.

FYI
I have a PM3 Easy, A PM3 RDV4 (with DTLF Antenna) and A Flipper.

I use my Flipper >95% of the time.

Very.
The Fliiper reads implants much easier than the PM3, Even the LF xSeries with the RDV4+DT LF Antenna combo.

Also the portability, ease of use are huge bonuses.

ayancey · October 10, 2023, 5:34am

Thank you for the valuable input! I will get both, to be honest.