RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-01-07 16:48:15 +08:00
Code Issues Projects Releases Packages Wiki Activity

magic cards identification

Browse source
This commit is contained in:
Philippe Teuwen 2020-09-10 19:24:57 +02:00
parent 25c45ef659
commit a5026fbdf0
1 changed files with 83 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

89
doc/magic_cards_notes.md
View file

@ -57,6 +57,14 @@ UID 7b:
## MIFARE Classic Gen1A aka UID
### Identify
```
hf 14a info
...
[+] Magic capabilities : Gen 1a
```
### Magic commands
raw commands 40/41/43
@ -98,8 +106,24 @@ script run remagic
Similar to Gen1A, but supports only commands 40/43
### Identify
```
hf 14a info
...
[+] Magic capabilities : Gen 1b
```
## MIFARE Classic DirectWrite aka Gen2 aka CUID
### Identify
```
hf 14a info
...
[+] Magic capabilities : Gen 2 / CUID
```
### Magic commands
Android compatible
@ -144,10 +168,24 @@ Same as MIFARE Classic DirectWrite, but block0 can be written only once.
Initial UID is AA55C396
### Identify
Only possible before personalisation.
```
hf 14a info
...
[+] Magic capabilities : Write Once / FUID
```
## MIFARE Classic DirectWrite, UFUID version
Same as MIFARE Classic DirectWrite, but block0 can be locked with special command.
### Identify
**TODO**
### Proxmark3 commands
To lock definitively block0:
@ -160,12 +198,17 @@ hf 14a raw -c 85000000000000000000000000000008
## MIFARE Classic, other versions
**todo** ZXUID, EUID, ICUID ?
**TODO**
Some cards exhibit a specific SAK=28 ??
* ZXUID, EUID, ICUID ?
* Some cards exhibit a specific SAK=28 ??
## MIFARE Classic APDU aka Gen3
### Identify
**TODO**
### Magic commands
Android compatible
@ -220,8 +263,18 @@ To change UID: same commands as for MFC DirectWrite
To do reader-only attack: at least two versions exist.
* https://github.com/nfc-tools/nfc-supercard for card with ATS: 0978009102DABC1910F005
* https://github.com/netscylla/super-card/blob/master/libnfc-1.7.1/utils/nfc-super.c for ??
* type 1: https://github.com/nfc-tools/nfc-supercard for card with ATS: 0978009102DABC1910F005
* type 2: https://github.com/netscylla/super-card/blob/master/libnfc-1.7.1/utils/nfc-super.c for ??
### Identify
Only type 1 at the moment:
```
hf 14a info
...
[+] Magic capabilities : super card
```
# MIFARE Ultralight
@ -243,11 +296,15 @@ Int is internal, typically 0x48
## MIFARE Ultralight Gen1A
### Identify
**TODO**
### Characteristics
#### Magic commands
**todo**
**TOOD**
#### UID
@ -272,11 +329,15 @@ script run remagic -u
## MIFARE Ultralight DirectWrite
### Identify
**TODO**
### Characteristics
#### Magic commands
**todo**
**TODO**
#### UID
@ -322,12 +383,20 @@ Same commands as for MFUL DirectWrite
# NTAG
### Identify
**TODO**
## NTAG213 DirectWrite
Same commands as for MFUL DirectWrite
## NTAG21x
### Identify
**TODO**
### Characteristics
Emulates fully NTAG213, 213F, 215, 216, 216F
@ -344,6 +413,10 @@ script run mfu_magic -h
## "DESFire" APDU, 7b UID
### Identify
**TODO**
### Magic commands
Android compatible
@ -436,6 +509,10 @@ Some vendor allow to specify an ID (PUPI) when ordering a card.
## ISO15693 magic
### Identify
**TODO**
### Proxmark3 commands
Always set a UID starting with `E0`.