Assuming it is OK to abuse the forums “motto” with “there are no stupid questions” here goes.
I have just received my new FlexM1 “gen2” implant and Proxmark Easy kit via KSEC UK. Everything is setup and working and I also have a number of KSEC test cards.
I am cloning a high frequency MIFARE classic 4K access card and I have been able to by following the guides and videos clone this card to a 1K magic Gen1 card with the use of the Proxmark Easy and the “hf mf autopwn” / “hf mf cload -f xxxxx.eml” commands.
So far so good. BUT now that I want to test the same process towards a 1K magic Gen2 card as a proof of concept before testing the FlexM1 “gen2” I cannot find any guides here for solely using the Proxmark Easy and not having to use the MCT tool on a mobile phone. I assume that this should be possible?
Am I blind to available information or is the MCT tool the only write option?
Just give me a bit, Im going to take my dog for a run before it gets too hot, then for a swim to cool down. (about 2 hours)
If nobody else has answered you before I get back, i’ll write something up for you.
I’ve always done autopwn on the PM3 EZ and then taken the keys to MCT for the writing, will be curious to see if there’s a better way to do it in just the PM3 EZ
I also have a FlexM1 gen2, It is one of my most used, and favourites.
MOST/MORE people get the gen1a for fear of bricking a gen2.
I haven’t yet, and I use it frequently AND if I ever do, although it will suck, I will simply replace it (out with the old, in with the new)
I love mine, I plan on getting another one, purely for the super convenience, this finally brings me back to your question.
Personally, I prefer to use MCT because, again, for it’s convenience.
So day to day, I use my Flipper for LF stuff and My phone for gen2 stuff.
However since you asked specifically about PM3, if you try the same as the gen1a you will get a Block zero error.
Rather than write this all up, let me find a couple of references for you.
If you are still stuck after that ( hopefully not ) I’ll crack out my PM3, I don’t know the commands off the top of my head because, again, I simply use MCT.
I have a git page bookmarked
that should get you started, whilst I grab you some forum links …
for your gen2 implant you need hf mf restore and hf mf wrbl —b 0
run each of them with the -h flag to build your command. you will need to supply the keyfile for the gen2 and the data file of the original. for block 0 writing (the uid block) you need to attach the —force param.
Cool, thanks, that saved me finding it, or grabbing out my PM3
I never use my PM3 for gen2 because I find MCT easier, faster and more convenient, PLUS I save the card profiles on my phone and always have them with me
Thanks to all for the assistance. I am glad that my various tests were performed on a 1KGen2 test cards of which one works simply using the Clone UID function. The second card which may have been screwed by trying Gen1 commands on it is in a very confusing state after my various testing.
This second 1KGen2 card can be read by the MCT tool BUT NOT any longer by NXP Taginfo so something is screwed up.
the App is identifying it because when it does the full scan it is only finding 1k worth of storage when the SAK indicates 4K of storage. MCT doesn’t do a full scan till you ask it to.
to change it id need to know your block 0 to change the SAK to 08 as with gen2 it’s not so easy to change that single value you must replace the whole block.
