Last active
October 18, 2023 20:58
-
-
Save wuhanstudio/fe923ae55428d5343695a63408c84e0e to your computer and use it in GitHub Desktop.
Fix Mifare Classic Gen2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| hf 14a config --bcc ignore | |
| hf mf wrbl --force --blk 0 -k FFFFFFFFFFFF -d 010203040408040000004A495256494E | |
| hf 14a config --bcc std |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| hf 14a config --cl2 skip | |
| hf mf cload -f hf-mf-5A66EFC4-dump-1.eml | |
| hf 14a config --cl2 std |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| hf 14a config --atqa force --bcc ignore --cl2 skip --cl3 skip --rats skip | |
| hf mf wrbl --force --blk 0 -k FFFFFFFFFFFF -d 010203040408040000004A495256494E | |
| hf 14a config --atqa std --bcc std --cl2 std --cl3 std --rats std |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Yes it is possible to fix this issue on a Gen2. Only difference being is that you have to rewrite all of B0 using the normal write command hf mf wrbl | |
| The only limiting factor which can prevent fixing this issue on a Gen2 would be if the sector bits (control write/read access to sector) are set in a way that restrict modifying S0. | |
| I’m also assuming you are having the same issue as above with a bad BCC0 only. | |
| In order to understand the issue further and be able to try to get some data from the card, we can disable anti-collision which is the feature that give this error. | |
| Steps to disable anti-collision & write good B0 data (no backdoor commands) | |
| View current anti-collision configuration | |
| hf 14a config | |
| Disable BCC0 checking | |
| hf 14a config --bcc ignore | |
| Try to read card data | |
| hf 14a info | |
| 2.1 If above command works, read S0 contents | |
| hf mf rdsc -s <Sector number> -k <key|12Hex> 2.1.1 Write good B0 to fix BCC0 issue hf mf wrbl --blk 0 -k <key|12Hex> -d <data|16hex>` | |
| Example data/good B0: 010203040408040000004A495256494E | |
| Reset anti-collision to defaults | |
| hf 14a config --bcc st | |
| Please try the above and let me know how it goes. | |
| # All configs | |
| hf 14a config --atqa skip | |
| hf 14a config --bcc ignore | |
| hf 14a config --cl2 skip | |
| hf 14a config --cl3 skip | |
| hf 14a config --rats skip | |
| https://forum.dangerousthings.com/t/ok-so-im-having-trouble/11759/54?page=3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ mv Makefile.platform.sample Makefile.platform | |
| Inside: Makefile.platform | |
| PLATFORM=PM3GENERIC | |
| ========================== | |
| Access Bits: | |
| https://www.nxp.com/docs/en/data-sheet/MF1S50YYX_V1.pdf | |
| # Clone Card | |
| $ sudo miLazyCracker | |
| $ sudo nfc-mfclassic w b new_data.mfd old_data.mfd | |
| $ hf mf autopwn | |
| $ hf mf wrbl --force --blk 0 -k FFFFFFFFFFFF -d 010203040408040000004A495256494E | |
| # Clear card | |
| $ hf mf wipe -f hf-mf-7AA9E8C4-key-006.bin |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment