Open GoogleCodeExporter opened 9 years ago
GoogleCodeExporter
commented
9 years ago Hi,
Don't use this dump nor this tool (nfc-mfclassic) to format a Mifare Classic
tag.Original comment by romu...@libnfc.org on 27 Dec 2011 at 1:01
GoogleCodeExporter
commented
9 years ago What should I use?mifare-classic-format doesn't work for me.
I get this output:
Found Mifare Classic 1k with UID ec010000. Format [yN] y
Formatting 16 sectors [.mifare-classic-format: No known authentication key for
sector 0
even thought the B key for the sector 0 is known.Original comment by maxmust...@gmail.com on 27 Dec 2011 at 5:21
GoogleCodeExporter
commented
9 years ago Oh and the reason I wrote this post wasn't to say I can't format my cards this
way I posted it because I can't overwrite mifare cards.I got an empty card and
I want to write a modified dump to the card or an old dump and this just
doesn't work (see above)Original comment by maxmust...@gmail.com on 27 Dec 2011 at 5:39
GoogleCodeExporter
commented
9 years ago Which card do you use Mifare Classic or Special Mifare Classic card with UID
customisable ? Because I can't reproduce this bug myself...
About mifare-classic-format, feel free to wrote a patch to support it and post
it under nfc-tools issues system.Original comment by romu...@libnfc.org on 27 Dec 2011 at 6:05
GoogleCodeExporter
commented
9 years ago I use a mifare classic 1k card and I don't know if the UID is customisable.
It was an "empty card" and the first time I wrote a mc dump it worked without
any problems.After I tried to overwrite the card with another dump I got this
errors even thought I used a dump with all the keys to overwrite the card.Original comment by maxmust...@gmail.com on 27 Dec 2011 at 6:31
GoogleCodeExporter
commented
9 years ago Hello,
I am experiencing the same error. HW used: Touchatag reader, blank card from
ebay (not changeable UID). What happens is that I can only write to this card
once. Any attempt to write (any mifare dump) after ends with the error
described above. Is there any known fix to this error yet? I did search at
google but no success yet. Or is there any other tool to format the mifare
card? Thanks!Original comment by BSg...@gmail.com on 21 Feb 2012 at 2:04
GoogleCodeExporter
commented
9 years ago Hello,
I had similar problem and I have found solution. Actually it's workaround.
Before you write new dump into your card you should format it using
mifare-classic-format. But there is problem described in Comment 2: No known
authentication key for sector 0. It's because your card have another image
written - it means KEYs A and B aren't default. You can find those keys i.e. by
breaking your card using mfoc. After that you should edit file
mifare-classic-format.c, actually default_keys[] array, and append there each
of your keys. Each row represents particular key. After that you should run
make, sudo make install.
Now your mifare-classic-format will be able to format your card. After
formatting all KEYs will be reset to 0x00 0x00 0x00 0x00 0x00 0x00. Good luck!Original comment by trener....@gmail.com on 26 Feb 2012 at 11:17
GoogleCodeExporter
commented
9 years ago OK, I have full explenation now. As you know there are 2 different keys: KEY A
and B. Each sector key can have different access permissions. I.e. read,
read-write etc. Those access permissions are stored among other bytes on card
image. It's worth to see Mifare specification;) Now, if you write your image
into blank card, 2 things will happen: Your keys will change and access
permissions will change. After that you will be able to write same blocks using
KEY A, and some blocks using KEY B. You can do that executing "nfc-mfclassic w
a image.img image_with_keys.img", and next "nfc-mfclassic w b image.img
image_with_keys.img". It should work without card formatting described in my
previous comment. I hope this will help you.Original comment by trener....@gmail.com on 1 Mar 2012 at 11:50
GoogleCodeExporter
commented
9 years ago Really good trener.bit !
How do you think nfc-mfclassic should work to prevent from this kind of
annoying ?Original comment by romu...@libnfc.org on 1 Mar 2012 at 1:28
GoogleCodeExporter
commented
9 years ago Well, basically "nfc-mfclassic w" does the right thing (i.e. what you ask it to
do)… If you don't want to lock your card, don't write a dump that locks the
card.
Invalid ?Original comment by romain.t...@gmail.com on 2 Mar 2012 at 10:37
GoogleCodeExporter
commented
9 years ago Original comment by romu...@libnfc.org on 17 Sep 2012 at 9:33
GoogleCodeExporter
commented
9 years ago Hello!
Today I had the same Problem as some of you and I wasn't able to solve it. I
even can't write the dump from mfoc.
------------
$ nfc-mfclassic w A blank_dump2 dump
NFC reader: ACS / ACR122U PICC Interface opened
Found MIFARE Classic card:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
UID (NFCID1): 72 b8 97 15
SAK (SEL_RES): 08
Guessing size: seems to be a 1024-byte card
Writing 64 blocks |xxfailed to write trailer block 3
xxxxfailed to write trailer block 7
x............xxxfailed to write trailer block 23
xxxxfailed to write trailer block 27
xxxxfailed to write trailer block 31
xxxxfailed to write trailer block 35
xxxxfailed to write trailer block 39
x........................|
Done, 36 of 64 blocks written.
-------------
-------------
$ nfc-mfclassic w B blank_dump2 dump
NFC reader: ACS / ACR122U PICC Interface opened
Found MIFARE Classic card:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
UID (NFCID1): 72 b8 97 15
SAK (SEL_RES): 08
Guessing size: seems to be a 1024-byte card
Writing 64 blocks |..failed to write trailer block 3
xxxxfailed to write trailer block 7
x...............failed to write trailer block 23
x...failed to write trailer block 27
x...failed to write trailer block 31
x...failed to write trailer block 35
x...failed to write trailer block 39
x........................|
Done, 53 of 64 blocks written.
-------------
And also adding the keys to mifare-classic-format.c didn't help:
$ mifare-classic-format dump
Found Mifare Classic 1k with UID 72b89715. Format [yN] y
Formatting 16 sectors [.mifare-classic-format: No known authentication key for
sector 0
Is there any way to rewrite/format the card?Original comment by niewoehner.michael on 16 Sep 2013 at 9:08
GoogleCodeExporter
commented
9 years ago It may be due to some specific ACL bits.
Could you show us:
* the content of the dump you want to write
* the content of the card
I can understand there are private data and I don't really need full dumps but
I need to see the ACL bits of the dumps (so the bytes of each trailing block
between key bytes).
Original comment by yob...@gmail.com on 16 Sep 2013 at 9:25
GoogleCodeExporter
commented
9 years ago Thank you for your answer!
The dump i want to write is the one I dumped when the card was empty:
blank_dump2
The current content is in "dump".
mfoc.txt is the output of mfoc
Original comment by niewoehner.michael on 18 Sep 2013 at 12:02
Attachments:
GoogleCodeExporter
commented
9 years ago * block 3 ACL: 61EF09 means it's forbidden to write on that block (and on block
1) with whatever key, A or B. Only blocks 2 and 3 can be written using only key
B.
* block 7 ACL: 4B478B means blocks 6 & 7 can only be written with key B, block
4 & 5 cannot be written at all.
* blocks 23, 27, 35, 39 ACL: 70F788 means those blocks cannot be written and
their data blocks can only be written with key B.
So as you see the current ACL bits don't allow to format the card back to a
fully writable state.
I suggest you to study carefully the specifications of ACL bits of Mifare
Classic to understand this kind of behavior.
Original comment by yob...@gmail.com on 18 Sep 2013 at 8:07
GoogleCodeExporter
commented
9 years ago Note to developers:
Maybe we could read ACL bits, detect potential failures and inform user, to get
more informative error messages than just "writing failure"Original comment by yob...@gmail.com on 18 Sep 2013 at 8:15
GoogleCodeExporter
commented
9 years ago Reopened and tagged as enhancement requestOriginal comment by yob...@gmail.com on 18 Sep 2013 at 8:16
GoogleCodeExporter
commented
9 years ago Oh, that means the card is more or less "dead"..
Next time I clone a card I'll take a look at the ACLs...
Thank you! :-)Original comment by niewoehner.michael on 19 Sep 2013 at 11:45
GoogleCodeExporter
commented
9 years ago Maybe it would be good to inform the user BEFORE writing wrong ACL to a card.Original comment by niewoehner.michael on 19 Sep 2013 at 11:46
GoogleCodeExporter
commented
9 years ago The ACL were not wrong at all, that's still something different.
If ACL is inconsistent then all blocks of that sector are indeed completely
lost.
Here ACL is correct and stipulates that some of the content cannot be changed
anymore.
So we could implement three checks actually:
* check if ACL to be written is consistent, otherwise abort
* check if ACL to be written will lock some blocks. If yes ask for confirmation
(or mandate a --force flag)
* check when a write fails if it's due to the current ACL of the card and
inform the user adequately. In some cases it needs first to be formatted to
allow writing (ACL forbids writing in data blocks but trailer block can still
be written) and in some other cases the card is locked (trailer sectors cannot
be written anymore).
Original comment by yob...@gmail.com on 19 Sep 2013 at 1:13
GoogleCodeExporter
commented
9 years ago Did you look up the ACL manually in the datasheet or is there a script for
checking them?Original comment by niewoehner.michael on 19 Sep 2013 at 2:29
GoogleCodeExporter
commented
9 years ago Please use the mailing-list or forum for such kind of questions. I used
http://www.proxmark.org/forum/viewtopic.php?id=1408 Original comment by yob...@gmail.com on 19 Sep 2013 at 3:17
GoogleCodeExporter
commented
9 years ago Hi all,
I solved the problem of missing authentication key for sector XY by:
1. cracking the card to get the current keys (#mfoc -O dump)
2. Formatting the card by using the dump as input keyfile
(#mifare-classic-format dump)
It works.
Ciao
Numen. Original comment by michele....@gmail.com on 18 Dec 2014 at 9:45
GoogleCodeExporter
commented
9 years ago Hello everyones!
I'm trying to format a non blank chinesse mifare card and I can't.
I've tried with mifare-classic-format but I got the error "No known
authentication key for sector 0"
I did modify the mifare-classic-format.c with the keys that I've get from a
mfcuk + mfoc commands then make and still the same error. I did debug the .c
file but no one success...
Before of that, I had been working around 20 hours with the command
nfc-mfclassic using the mfd file generated by mfoc...
actual keys obtained with mfoc:
---------------------------------------------------------------------
Sector | Key A |ACTS | RESL | Key B |ACTS | RESL
---------------------------------------------------------------------
0 | 302064626664 | . R | . R | 302030303030 | . R | . R
1 | ffffffffffff | . R | . R | ffffffffffff | . R | . R
2 | ffffffffffff | . R | . R | ffffffffffff | . R | . R
3 | 303030302030 | . R | . R | 303030302030 | . R | . R
4 | 203234336620 | . R | . R | 20313864310a | . R | . R
5 | 302030303030 | . R | . R | 302030303030 | . R | . R
6 | 303020303066 | . R | . R | 323420633235 | . R | . R
7 | 303030203030 | . R | . R | 303030203030 | . R | . R
8 | 303165312063 | . R | . R | 303930302030 | . R | . R
9 | 203638326420 | . R | . R | 20626230390a | . R | . R
10 | 302030303030 | . R | . R | 302030303030 | . R | . R
11 | 383420303430 | . R | . R | 643120653237 | . R | . R
12 | ffffffffffff | . R | . R | ffffffffffff | . R | . R
13 | ffffffffffff | . R | . R | ffffffffffff | . R | . R
14 | ffffffffffff | . R | . R | ffffffffffff | . R | . R
15 | ffffffffffff | . R | . R | ffffffffffff | . R | . R
Attached files:
- original.mfd --> mfoc output when the card was working
- actual.mfd --> actual mfoc output
- keys --> actual keys
Anyone could help me?
Thanks!
**sorry for my english is not a good one...Original comment by po...@pocho.cl on 16 Jan 2015 at 3:44
Attachments:
Original issue reported on code.google.com by
maxmust...@gmail.comon 24 Nov 2011 at 6:10