Unable to clone entire RFID Card

Question

With an unused RFID card (MIFARE Classic 1K) that I had found in my old wallet, I've decided to clone it onto a blank card.

After executing nfc-mfclassic w X u <Original Card file name> <Blank Card file name>, I did a mfoc -O on the newly cloned blank card and the result was that everything was identically cloned as the original card. However I noticed that when comparing the dump of the newly cloned card to the dump of the clean blank card, I observed that the value of sector 0 was not cloned during the process of cloning using the nfc-mfclassic w X u command. I understand that the manufacturer block on blank cards, the manufacturer block can be clone but why in this example it's not doing that?

Below is the hex dump of the clean blank card before it was cloned.

00000000  de a0 ca 73 c7 08 04 00  01 23 8e aa 37 1d 58 1d  |...s.....#..7.X.|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000030  ff ff ff ff ff ff ff 07  80 69 ff ff ff ff ff ff  |.........i......|
00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000070  ff ff ff ff ff ff ff 07  80 69 ff ff ff ff ff ff  |.........i......|
00000080  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000090  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000b0  ff ff ff ff ff ff ff 07  80 69 ff ff ff ff ff ff  |.........i......|
000000c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000f0  ff ff ff ff ff ff ff 07  80 69 ff ff ff ff ff ff  |.........i......|
00000100  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000110  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000120  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000130  ff ff ff ff ff ff ff 07  80 69 ff ff ff ff ff ff  |.........i......|
00000140  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000150  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000160  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000170  ff ff ff ff ff ff ff 07  80 69 ff ff ff ff ff ff  |.........i......|
00000180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000190  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001b0  ff ff ff ff ff ff ff 07  80 69 ff ff ff ff ff ff  |.........i......|
000001c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001f0  ff ff ff ff ff ff ff 07  80 69 ff ff ff ff ff ff  |.........i......|
00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000210  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000220  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000230  ff ff ff ff ff ff ff 07  80 69 ff ff ff ff ff ff  |.........i......|
00000240  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000250  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000260  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000270  ff ff ff ff ff ff ff 07  80 69 ff ff ff ff ff ff  |.........i......|
00000280  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000290  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000002a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000002b0  ff ff ff ff ff ff ff 07  80 69 ff ff ff ff ff ff  |.........i......|
000002c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000002d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000002e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000002f0  ff ff ff ff ff ff ff 07  80 69 ff ff ff ff ff ff  |.........i......|
00000300  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000310  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000320  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000330  ff ff ff ff ff ff ff 07  80 69 ff ff ff ff ff ff  |.........i......|
00000340  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000350  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000360  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000370  ff ff ff ff ff ff ff 07  80 69 ff ff ff ff ff ff  |.........i......|
00000380  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000390  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000003a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000003b0  ff ff ff ff ff ff ff 07  80 69 ff ff ff ff ff ff  |.........i......|
000003c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000003d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000003e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000003f0  ff ff ff ff ff ff ff 07  80 69 ff ff ff ff ff ff  |.........i......|
00000400

sector zero is usually critical sector. holding meta-data. the authenticated utility might update it. — Kaleem Ullah, Sep 18 '16 at 12:34

score 0 · Answer 1 · answered Sep 18 '16 at 22:49

0

The first block of sector 0 of MIFARE Classic cards is the manufacturer block. This block is read-only on regular card hardware and, thus, cannot be cloned since you cannot write it to another card.

However, there exists special hardware (dedicated card emulators, like Proxmark, and special MIFARE Classic tags from other manufacturers, so-called Chinese clone cards) which allow writing to the manufacturer block. You could use such dedicated hardware to store a clone of a genuine card incuding the first block.

answered Sep 18 '16 at 22:49

Michael Roland

39,663
10
99
206

Would that meant that a RFID card reader like the acr122u be only capable of writing on to the existing card and will only need a proxmark3 to fully clone the entire card including sector 0? – Jaiho Kumpatra Sep 19 '16 at 01:12
1

@JaihoKumpatra No, that reader can read and write just any card. The problem is that block 0 of genuine cards simply cannot be overwritten. You would need a special card (that supports writing to that memory block) in order to create an exact clone. Those cards (the Chinese clone cards) can be written with that reader and the nfc-mfclassic tool. – Michael Roland Sep 19 '16 at 09:03

Unable to clone entire RFID Card

1 Answers1