See… the problem with “magic” chips is that they are from China… a land where 10 different “blue cloners” can look identical but have different hardware or firmware or both inside… “gen1a” and “gen2” mean nothing… they are not standards or even product names… they are simply names derived through consensus to describe a loose set of features for illegal, intellectual property infringing chipsets.
For example, I don’t know that Fudan is actually producing these chips, because Fudan’s official statement is that they do not make any “magic” chipsets… at least the last time I talked to them. They deny making any chips that are UID changeable… but this is probably false. I am getting my magic chips through a side deal and I honestly have no idea who actually manufactured them… that’s not information my vendor is willing or possibly even able to share.
Also, when it comes to what can brick and what can’t and why… there are even more questions and possibilities. The actual REAL Mifare S50 1k “Classic” chip is broken into sectors… and of the writable sectors, each has a “sector trailer” which is the last block of the sector. The sector trailer contains access keys (A and B) as well as access bits for that specific sector… so each sector could be keyed differently and have different key permissions. For some reason they made the dumb decision to require you to write not only the access bit settings in “forward order” but also “inverted order”… meaning you write the access bits twice… once in one bit order, and once in the opposite bit order… and if you fuck that up, the entire sector locks and becomes unreadable and totally dead forever… for no real reason.
The Mifare “Classic” approach to memory organization and access permissions is so crazy I had to pour over the documentation for days and the only way to really make sense of it was to write my own little boiled down paper about it;
NFC-Access-Control-for-Mifare-S50.pdf (631.1 KB)
Now… when it comes to the “magic” chips… I see the image you posted mention BCC bits… I have no idea what these are… but if you could find a description of what those actually are or what they mean, then maybe we could explore it a bit.
To be honest, I have not yet attempted to write incorrect access bits to a magic gen2 chip yet… but my assumption was that they would act and behave just like a real Mifare Classic chip, in that if you screwed up the access bits in the sector trailer, then that sector would be dead… and because gen2 is supposed to be just a normal Mifare Classic chip with a writable sector 0, then there is no “back door” way to fix that dead sector. When it comes to a gen1 chip, I’ve written corrupted data to it through the “front door” (normal write operation) and then overwrite the entire memory contents through the back door, restoring function of that dead sector… but maybe there is a way to screw up writing whatever these BCC bits are that really bricks the tag forever… probably as some kind of bad function of the “magic” routines inside the emulator chip (nothing to do with Mifare).
The first run of xM1 chips were so unstable that it could be functioning correctly and then encounter a reader that just wants to access some sectors and then the whole thing would brick and never come back… just terrible.