1

I used the following command to perform a dump of my Mifare Classic 1K card:

mfoc -O my_dump.mdf

Then I used the following command to write the dump into a blank card:

nfc-mfclassic w A my_dump.mdf blank.mdf f

Result: 

NFC reader: ACS / ACR122U PICC Interface opened
Found MIFARE Classic card:
ISO/IEC 14443A (106 kbps) target:
    ATQA (SENS_RES): 00  04  
       UID (NFCID1): a0  b0  5b  56  
      SAK (SEL_RES): 08  
Guessing size: seems to be a 1024-byte card
Writing 64 blocks |...............................................................|
Done, 63 of 64 blocks written.

After that I tried to read my new card with same command used at the beginning:

mfoc -O my_new_dump.mdf

And the result is:

Found Mifare Classic 1k tag
ISO/IEC 14443A (106 kbps) target:
    ATQA (SENS_RES): 00  04  
* UID size: single
* bit frame anticollision supported
       UID (NFCID1): a0  b0  5b  56  
      SAK (SEL_RES): 08  
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092

Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:

Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found
[Key: ffffffffffff] -> [................]
[Key: a0a1a2a3a4a5] -> [/...............]
[Key: d3f7d3f7d3f7] -> [/...............]
[Key: 000000000000] -> [/...............]
[Key: b0b1b2b3b4b5] -> [/...............]
[Key: 4d3a99c351dd] -> [/...............]
[Key: 1a982c7e459a] -> [/...............]
[Key: aabbccddeeff] -> [/...............]
[Key: 714c5c886e97] -> [/...............]
[Key: 587ee5f9350f] -> [/...............]
[Key: a0478cc39091] -> [/...............]
[Key: 533cb6c723f6] -> [/...............]
[Key: 8fd0a4f256e9] -> [/...............]

Sector 00 - Found   Key A: a0a1a2a3a4a5 Unknown Key B
Sector 01 - Unknown Key A               Unknown Key B
Sector 02 - Unknown Key A               Unknown Key B
Sector 03 - Unknown Key A               Unknown Key B
Sector 04 - Unknown Key A               Unknown Key B
Sector 05 - Unknown Key A               Unknown Key B
Sector 06 - Unknown Key A               Unknown Key B
Sector 07 - Unknown Key A               Unknown Key B
Sector 08 - Unknown Key A               Unknown Key B
Sector 09 - Unknown Key A               Unknown Key B
Sector 10 - Unknown Key A               Unknown Key B
Sector 11 - Unknown Key A               Unknown Key B
Sector 12 - Unknown Key A               Unknown Key B
Sector 13 - Unknown Key A               Unknown Key B
Sector 14 - Unknown Key A               Unknown Key B
Sector 15 - Unknown Key A               Unknown Key B


Using sector 00 as an exploit sector
Card is not vulnerable to nested attack

I tried also with the mfcuk command but I cannot read.

Is there someone can help me explaining what happend? Thanks

mirobertod
  • 360
  • 2
  • 12

1 Answers1

1

When reading the card you will not be able to read the sector authentication keys (that are in block 3 of each sector). You will see their values in the dump are replaced with all 00s or all FFs. If you write this dump to any card, you are effectively setting these keys values to different than original.

Michal Gluchowski
  • 1,197
  • 8
  • 16