@Hamspiced thanks!!
1 Like
@Hamspiced Got the PM3 and really excited to try this out. In the meantime I got an android phone and tried to read the fob using MCT but it was still missing 2 sectors and 4 keys.
I plugged the Promark 3 Easy into my Mac and entered “PM3” and it came back with the following:
% pm3
[=] Session log /Users/–/.proxmark3/logs/log_20241121150754.txt
[+] Using UART port /dev/tty.usbmodemiceman1
[!!]
Capabilities structure version sent by Proxmark3 is not the same as the one used by the client!
[!!]
[!!]
Let me know if I just need to update the firmware on the PM3 or update it on my Mac to match what is on the PM3?
Thanks!
Try Running the following command
pm3-flash-all
You may have to unplug the proxmark, and then hold the button on the side, plug it in, release the button, and run the command.
1 Like
@Hamspiced that worked perfect!
Ok I ran “auto” and here is what came back:
[usb] pm3 → auto
[=] lf search
[=] Note: False Positives ARE possible
[=]
[=] Checking for known tags…
[=]
[-]
No known 125/134 kHz tags found!
[=] Couldn’t identify a chipset
[=] hf search
Searching for ISO14443-A tag…
[+] UID: 36 50 EF 62 ( ONUID, re-used )
[+] ATQA: 00 04
[+] SAK: 08 [2]
[+] Possible types:
[+] MIFARE Classic 1K
[=] proprietary non iso14443-4 card found, RATS not supported
[=]
[#] BCC0 incorrect, got 0x7a, expected 0x3a
[#] Aborting
[#] BCC0 incorrect, got 0x7a, expected 0x3a
[#] Aborting
[#] BCC0 incorrect, got 0x7a, expected 0x3a
[#] Aborting
[#] BCC0 incorrect, got 0x7a, expected 0x3a
[#] Aborting
[?] Hint: try
hf mfcommands[+] Valid ISO 14443-A tag found
then when I run “hf mf autopwn” I get the following:
[usb] pm3 → hf mf autopwn
[#] BCC0 incorrect, got 0x7a, expected 0x3a
[#] Aborting
[#] BCC0 incorrect, got 0x7a, expected 0x3a
[#] Aborting
[!]no known key was supplied, key recovery might fail
[+] loaded 5 user keys
[+] loaded 61 keys from hardcoded default array
[=] running strategy 1
[=] running strategy 2
[=] …
[+] target sector 1 key type B – found valid key [ FFFFFFFFFFFF ] (used for nested / hardnested attack)
[+] target sector 2 key type B – found valid key [ FFFFFFFFFFFF ]
[+] target sector 6 key type B – found valid key [ FFFFFFFFFFFF ]
[+] target sector 7 key type B – found valid key [ FFFFFFFFFFFF ]
[+] target sector 8 key type B – found valid key [ FFFFFFFFFFFF ]
[+] target sector 12 key type A – found valid key [ FFFFFFFFFFFF ]
[#] BCC0 incorrect, got 0x7a, expected 0x3a
[#] Aborting
[#] BCC0 incorrect, got 0x7a, expected 0x3a
[#] Aborting
This goes on for a long time and then it says:
[-]
[-]
[=] Hardnested attack starting…
[=] ---------±--------±--------------------------------------------------------±----------------±------
[=] | | | Expected to brute force
[=] Time | #nonces | Activity | #states | time
[=] ---------±--------±--------------------------------------------------------±----------------±------
[=] 0 | 0 | Start using 8 threads and AVX2 SIMD core | |
[=] 0 | 0 | Brute force benchmark: 427 million (2^28.7) keys/s | 140737488355328 | 4d
[=] 3 | 0 | Loaded 0 RAW / 351 LZ4 / 0 BZ2 in 2787 ms | 140737488355328 | 4d
[=] 3 | 0 | Using 239 precalculated bitflip state tables | 140737488355328 | 4d
[#] BCC0 incorrect, got 0x7a, expected 0x3a
[#] Aborting
[#] AcquireEncryptedNonces: Can’t select card (ALL)
[#] BCC0 incorrect, got 0x7a, expected 0x3a
[#] Aborting
[#] AcquireEncryptedNonces: Can’t select card (ALL)
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth2 error len=1
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
And then this goes on forever… and there a couple other things that pop up like below:
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
[-]
[#] BCC0 incorrect, got 0x7a, expected 0x3a
[#] Aborting
[#] AcquireEncryptedNonces: Can’t select card (ALL)
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth1 error
[#] AcquireEncryptedNonces: Auth2 error len=1
[#] AcquireEncryptedNonces: Auth1 error
And then it just ends and I get the pm3 prompt again.
Any advice or feedback you can give is greatly appreciated
Again here is what it looks like but not sure if this helps any:
Thanks!
1 Like
I’m afraid I’ll need to pass this one off to someone more knowledgeable than I. I know osx and the little trucks to get the proxmark up and running.
Using the damn thing though I’m still pretty green.
@Aoxhwjfoavdlhsvfpzha any advice on how to identify this tag?
1 Like
Did auto return any LF credentials?
You can also try lf search to double check
As for the mifare classic, my first guess would be that it’s a coupling issue, try positioning the card basically every way you can over/under/around the PM3.
It can help to create a little air gap too sometimes, so placing something small and non-conductive between the tag and PM3 could help in some cases
It’s usually magic cards that are super picky like that in my experience, but it never hurts to check
Also, an hf mf info could potentially be of interest
Two things to point out if you’re new to the proxmark.
There are two antenna. The red one on top is the LF antenna. The Black space a step below it is the HF antenna. So hf search should have the fob resting on the black shelf
1 Like
Looking at how thin it is, I’d be calling it HF.
Theres a possibility it COULD be UHF, I have a UHF tag that looks similar
2 Likes
I never consider UHF
2 Likes
The red headed step child of RFID
1 Like
@Aoxhwjfoavdlhsvfpzha I tried putting it on both antennas and then ran it both ways “lf search” on upper lf antenna and then “hf search” on lower platform hf antenna. I positioned it every which way on the hf antenna (between the circuit boards, both ways, on top, below, etc.) and the best result I got was these two hits below:
[=] hf search
[+] UID: 36 50 EF 62 ( ONUID, re-used )
[+] ATQA: 00 04
[+] SAK: 08 [2]
[+] Possible types:
[+] MIFARE Classic 1K
[=] proprietary non iso14443-4 card found, RATS not supported
[=]
[#] BCC0 incorrect, got 0x7a, expected 0x3a
[#] Aborting
[#] BCC0 incorrect, got 0x7a, expected 0x3a
[#] Aborting
[#] BCC0 incorrect, got 0x7a, expected 0x3a
[#] Aborting
[#] BCC0 incorrect, got 0x7a, expected 0x3a
[#] Aborting[?] Hint: try
hf mfcommands[+] Valid ISO 14443-A tag found
and this one:
[usb] pm3 → auto
[=] lf search[=] Note: False Positives ARE possible
[=]
[=] Checking for known tags…
[=]
[-]
[=] Couldn’t identify a chipset
[=] hf search
Searching for ISO14443-A tag…
[+] UID: 36 50 EF 62 ( ONUID, re-used )
[+] ATQA: 00 04
[+] SAK: C0 [2]
[+] Possible types:
[+] P2P Support / Android
[=] proprietary iso18092 card found
I did get an android phone and used the MCT program to read the fob and I have the .mct file downloaded --here is what it came back as:
+Sector: 0
3650EF62EB880400C814002000000019
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 1
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 2
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 3
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 4
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 5
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 6
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 7
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 8
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 9
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 10
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 11
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 12
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 15
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
And Here is the .nfc file that Flipper zero gave:
Filetype: Flipper NFC device
Version: 4Device type can be ISO14443-3A, ISO14443-3B, ISO14443-4A, ISO14443-4B, ISO15693-3, FeliCa, NTAG/Ultralight, Mifare Classic, Mifare Plus, Mifare DESFire, SLIX, ST25TB, EMV
Device type: Mifare Classic
UID is common for all formats
UID: 36 50 EF 62
ISO14443-3A specific data
ATQA: 00 04
SAK: 08Mifare Classic specific data
Mifare Classic type: 1K
Data format version: 2Mifare Classic blocks, ‘??’ means unknown data
Block 0: 36 50 EF 62 EB 88 04 00 C8 14 00 20 00 00 00 19
Block 1: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 2: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 3: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 5: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 6: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 7: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 9: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 11: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 15: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 17: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 18: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 19: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 21: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 22: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 23: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 24: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 25: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 26: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 27: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 28: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 29: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 31: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 33: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 34: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 35: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 36: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 37: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 38: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 39: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 41: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 42: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 43: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 44: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 45: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 46: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 47: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 49: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 51: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 52: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
Block 53: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
Block 54: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
Block 55: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
Block 56: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
Block 57: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
Block 58: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
Block 59: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
Block 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 61: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 62: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 63: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Would it help to try to identify the fob and reader system to determine what kind of system or encryption it uses?
Here are some links to products that look similar online–not sure if this helps or not (the Keri MS format jumped out because it looks like it has a proprietary cloud-based monitoring system):
https://www.smartcardfocus.com/shop/ilp/id~780/mifare-classic-1k-keyfob-thin-black/p/index.shtml
Photos of the card and reader again below:
Thanks again!
1 Like
The fact the MCT thinks all the keys are FFFFFFFFFFFFFF but neither the flipper nor the PM3 can get it to work is very strange to me
Try an hf mf chk --1k -f mfc_default_keys.dic on the pm3, just for funsies
I don’t see any reason why you couldn’t give cloning a go with the android phone, or manually copy the missing data over to the flipper or something like that at this point
1 Like
@Aoxhwjfoavdlhsvfpzha ran your command and here is what came back:
[usb] pm3 → hf mf chk --1k -f mfc_default_keys.dic
[+] loaded 61 keys from hardcoded default array
[+] Loaded 1943 keys from dictionary file
/usr/local/Cellar/proxmark3/4.18994/bin/../share/proxmark3/dictionaries/mfc_default_keys.dic[=] Start check for keys…
[=] …[#] BCC0 incorrect, got 0x7a, expected 0x3a
[#] Aborting
[#] BCC0 incorrect, got 0x7a, expected 0x3a
[#] Aborting
[#] BCC0 incorrect, got 0x7a, expected 0x3a
[#] Aborting
[#] BCC0 incorrect, got 0x7a, expected 0x3a
[#] Aborting
This goes on forever and then at the very end:
.
[=] time in checkkeys 611 seconds[=] testing to read key B…
[=] Sector: 9, First block: 36, Last block: 39, Num of blocks: 4
[=] Reading sector trailer
[#] Auth error[+] found keys:
[+] -----±----±-------------±–±-------------±—
[+] Sec | Blk | key A |res| key B |res
[+] -----±----±-------------±–±-------------±—
[+] 000 | 003 | ------------ | 0 | ------------ | 0
[+] 001 | 007 | ------------ | 0 | ------------ | 0
[+] 002 | 011 | ------------ | 0 | ------------ | 0
[+] 003 | 015 | ------------ | 0 | ------------ | 0
[+] 004 | 019 | ------------ | 0 | ------------ | 0
[+] 005 | 023 | ------------ | 0 | ------------ | 0
[+] 006 | 027 | ------------ | 0 | ------------ | 0
[+] 007 | 031 | ------------ | 0 | ------------ | 0
[+] 008 | 035 | ------------ | 0 | ------------ | 0
[+] 009 | 039 | FFFFFFFFFFFF | 1 | ------------ | 0
[+] 010 | 043 | ------------ | 0 | ------------ | 0
[+] 011 | 047 | ------------ | 0 | ------------ | 0
[+] 012 | 051 | ------------ | 0 | ------------ | 0
[+] 013 | 055 | ------------ | 0 | ------------ | 0
[+] 014 | 059 | ------------ | 0 | ------------ | 0
[+] 015 | 063 | ------------ | 0 | ------------ | 0
[+] -----±----±-------------±–±-------------±—
[+] ( 0:Failed / 1:Success )[usb] pm3 →
I googled the “BCC0 incorrect, got 0x7a, expected 0x3a” and found an article:
But can’t make heads or tails of this–let me know if you have any advice for me
Thanks!
1 Like
You can try ignoring those BCC errors, but you should know that I have absolutely no idea what issues that might open you up to
I suspect it should be fine, but I dunno
If you want to try that, the command is: hf 14a config --bcc ignore
You can turn it back on with hf 14a config --bcc std
I’m also gonna bug @equipter at this point, he probably knows more about what’s going on 
1 Like
@Aoxhwjfoavdlhsvfpzha Thanks for your help with this–I can’t risk doing anything to the key itself–do you think that command could do harm to the key?
@Equipter let me know if you have any advice for this fob I am trying to clone. Let me know if you have any questions
And thanks again everyone on DT for your help so far!
@Aoxhwjfoavdlhsvfpzha I also found this article which seems similar to the info I have received:
https://www.proxmark.io/www.proxmark.org/forum/viewtopic.php%3Fid=4480.html
Not sure if you think I should try doing a sniff:
hf mf sniff
I think to do that I would need to take my laptop and the pm3 easy hooked up to it to try it on the gate right? I don’t have an external power source for the PM3 Easy. Let me know if you have any advice on trying this
Thanks
Usually you do a sniff to discover missing keys, but at least according to MCT we already know all the keys, there seems to be something else preventing it from working
Have you tried emulating the partial dump with your flipper already?
At this point I’d personally check out the MIFARE Classic Editor app on your flipper and manually plug in the missing info from MCT, and/or copy the data into a PM3 dump and try emulating that way
1 Like
@Aoxhwjfoavdlhsvfpzha still determined to get this work. can you show me how to format the MCT info pasted at the bottom of this post so that I can:
“copy the data into a PM3 dump and try emulating that way”
Would I be able to write it to one of the card that’s came with the PM3 easy pictured below?
+Sector: 0
3650EF62EB880400C814002000000019
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 1
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 2
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 3
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 4
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 5
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 6
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 7
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 8
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 9
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 10
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 11
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 12
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
+Sector: 15
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
Thanks in advance!
1 Like
If this dump is correct, then the only thing on the card is a UID (the ID of the card). Can you run a hf search with one of the cards labeled “CUID”? They should work.
2 Likes
Assuming your CUID card is Gen2 like the one that I got with an Easy, you should be able to run
hf mf wrbl --blk 0 -d 3650EF62EB880400C814002000000019 --force
But if it’s Gen2 you can actually write the dump directly from Mifare Classic Tool!
Go to Write tag, then Write dump (clone). Enable writing to manufacturer block, choose your dump and write!
3 Likes