Closed luminouw closed 3 years ago
Quick port from ATQA and SAK commands used in RevE-Rebooted firmware. Allows specifying custom values, and could be used to defeat UID based systems.
Example: for DESFIRE, use the MIFARE_CLASSIC_1K_7B mode, set the correct UID.
SAK=20 100:OK ATQA=0344 100:OK
When presenting the Chameleon Mini to a PM3, we get the following :
[+] UID: 04 20 31 22 F3 54 82 [+] ATQA: 03 44 [+] SAK: 20 [1] [+] MANUFACTURER: NXP Semiconductors Germany [+] Possible types: [+] MIFARE DESFire MF3ICD40 [+] MIFARE DESFire EV1 2K/4K/8K / DESFire EV1 CL2 2K/4K/8K [+] MIFARE NTAG424DNA [+] ATS: 10 78 80 A0 00 04 20 31 22 F3 52 80 20 03 44 E3 48 5B [+] - TL : length is 16 bytes [+] - T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256) [+] - TA1 : different divisors are NOT supported, DR: [], DS: [] [+] - TB1 : SFGI = 0 (SFGT = (not needed) 0/fc), FWI = 10 (FWT = 4194304/fc) [+] - TC1 : NAD is NOT supported, CID is NOT supported
Excellent!
iceman1001
commented
3 years ago
Quick port from ATQA and SAK commands used in RevE-Rebooted firmware. Allows specifying custom values, and could be used to defeat UID based systems.
Example: for DESFIRE, use the MIFARE_CLASSIC_1K_7B mode, set the correct UID.
When presenting the Chameleon Mini to a PM3, we get the following :