AloneLiberty
commented
1 year ago Im therefore wondering if it is possible to emulate the partialy cloned card instead of only its uid.
I've explained why it won't work here.
Ive also ran flipper nested for hours multiple times and still nothing as im getting stuck att calibration
Enable "Hard Nested only" in settings and try again. If it will show static encrypted nonce tag you are out of luck. In this case only way will be Proxmark3 and sniffing communication between card and reader.
Description of the feature you're suggesting.
I'm trying to clone some hotel room mifare classic 1k keys managed by Vingcard without any success as I'm not able to retrive all the keys using dictionary attack nor nested attack.
When it comes to the reader attack the reader seems to need to authenticate sector 0 before going onto the other sector thus using mfkey32 only yield sector 0 key A and no other keys.
I belive this is because "detect reader" can only emulate the uid to try tricking the reader to give out the nonce for the keys. But with the vingcards system this doesnt seem to fool it to give the nonce for the other sectors.
After using mfkey32 I always get the same key for sector 0 key A over and over again and none other. Using the cloned card (uncompleted one) with a readable sector 0 seems to make the reader unresponsive (it doesnt blink green nor red) which I belive it to be stuck in a loop as we havent cloned sector 1 yet but it passed the authentication for sector 0.
Im therefore wondering if it is possible to emulate the partialy cloned card instead of only its uid.
Im sorry if I got any terminology wrong in advanced.
Anything else?
I'm 100% sure this is a mifare classic 1k. Ive scanned it independently and it all says mifare classic 1k.
Ive also tried running detect reader multiple times to retrive the nonces but always the same result.
Ive also ran flipper nested for hours multiple times and still nothing as im getting stuck att calibration
This is the same story for all of my other 2 hotel room cards