project:freakcard:start
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
project:freakcard:start [2019/09/01 16:26] – [Low Frequency card] Paradox card demod/clone/emulate abyssal | project:freakcard:start [2019/12/02 01:26] – [High Frequency (HF) card] ISO-15693 magic cards abyssal | ||
---|---|---|---|
Line 359: | Line 359: | ||
This shop sells [[https:// | This shop sells [[https:// | ||
+ | |||
+ | == Magic Desfire == | ||
+ | |||
+ | The "magic Desfire" | ||
+ | |||
+ | * writing NDEF file seems to succeed, but read fails, you get just zeros | ||
+ | * libfreefare segfaults with the magic Desfire | ||
+ | * any SELECT APDU is responded to with OK, but there are no real applications | ||
+ | |||
+ | In short, waste of money. | ||
+ | |||
+ | Setting UID on magic Desfire with Proxmark: | ||
+ | |||
+ | < | ||
+ | hf 14a raw -s -c 02 00 ab 00 00 07 UID | ||
+ | </ | ||
== other mifare cards == | == other mifare cards == | ||
Line 414: | Line 430: | ||
Proxmark can read them and so can some android phones. | Proxmark can read them and so can some android phones. | ||
- | They contain UID and 64 bytes of data. Reading with proxmark can be done with: | + | They contain UID and 4-byte blocks |
< | < | ||
- | hf 15 dumpmemory | + | pm3 --> |
+ | | ||
+ | TYPE : EM-Marin SA (Skidata); EM4233 [IC id = 09] 23,5pF CustomerID-102 | ||
+ | pm3 --> hf 15 dump | ||
+ | [=] Using UID as filename | ||
+ | Reading memory from tag UID E0 16 24 66 1E C1 A5 AD | ||
+ | ....................................................[-] Tag returned Error 15: Unknown error. | ||
+ | |||
+ | |||
+ | block# | ||
+ | ---------+--------------+---+---------- | ||
+ | 0/0x00 | 3F 08 1A 4D | 0 | ?..M | ||
+ | 1/0x01 | 82 18 60 20 | 0 | ..` | ||
+ | 2/0x02 | 00 38 00 50 | 0 | .8.P | ||
+ | 3/0x03 | 1C 48 33 00 | 0 | .H3. | ||
+ | 4/0x04 | 1B 00 00 00 | 0 | .... | ||
+ | 5/0x05 | 00 00 00 00 | 0 | .... | ||
+ | 6/0x06 | 00 00 00 00 | 0 | .... | ||
+ | 7/0x07 | 00 00 00 00 | 0 | .... | ||
+ | 8/0x08 | 00 00 00 00 | 0 | .... | ||
+ | 9/0x09 | 00 00 00 00 | 0 | .... | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
</ | </ | ||
- | Latest proxmark 2.3.0 has some basic ISO 15693 simulation functionality, but it's not working properly yet. | + | Rfxsecure.com sells magic ISO-15693 cards with changeable UID. Either you need the iso15_magic from RRG repo or "hf 15 csetuid" |
- | AFAIK there are no " | + | Changing |
+ | < | ||
+ | proxmark3> | ||
+ | #db# 12 octets read from IDENTIFY request: | ||
+ | #db# NoErr CrcOK | ||
+ | #db# 00 00 bf a5 c1 1e 66 24 | ||
+ | #db# 16 e0 56 a3 | ||
+ | #db# UID = E01624661EC1A5BF | ||
+ | proxmark3> | ||
+ | | ||
+ | new UID | e0 16 24 66 1e c1 a5 ca | ||
+ | Using backdoor Magic tag function | ||
+ | received -1 octets | ||
+ | Thread 4 " | ||
+ | |||
+ | </ | ||
+ | |||
+ | With the magic scripts: | ||
+ | |||
+ | < | ||
+ | script run iso15_magic.lua -u E004013344556677 | ||
+ | </ | ||
+ | Neither will work on the first time likely. Retry at least 3 times. Same with "hf 15 dump" and "hf 15 restore" | ||
+ | Note on cloned skipass ISO-15693 cards - they have counter in sector 2, so as soon as your cloned cards will desync, one of them will stop working. | ||
==== Low Frequency card ==== | ==== Low Frequency card ==== | ||
Emulation in general: http:// | Emulation in general: http:// |
project/freakcard/start.txt · Last modified: 2021/06/05 17:28 by abyssal