This app was mentioned in 23 comments, with an average of 1.22 upvotes
Those RFID tags you are using are easily copied. I ran into the same issue. Once with unchangeable IDs are a lot more expensive. If you have an Android phone, install the Mifare Classic Tool and you'll see how easy it is to copy. The Mifare tool can read and write those RFID tags you have. If you have one in your pocket that app will easily "sniff" the data off of it.
Right. Its a miifare classic, so it can only be edited by specific apps, and you have to manually edit the code
If you want to do that, I would recommend this app:
https://play.google.com/store/apps/details?id=de.syss.MifareClassicTool
I was able to use the MIFARE classic tool to read and write the raw data. Obviously this is implied by the name but the app only works on Mifare classic NFC cards
Mifare classic has a broken algorithm nicknamed crapto 1, which is easy to bypass.
You can get a Linux box and download some software to duplicate them. You just need a standard NFC reader.
But you cannot duplicate the UID that way. A lot of these systems don't delve into the cryptographic layer. They typically rely on UID cloning which requires additional kit such as the proxmark.
I think you can even break mifare classic with your mobile.
Try this:
https://play.google.com/store/apps/details?id=de.syss.MifareClassicTool&hl=en_GB
This is a tool to write to the card... If it is mifare classic... which is most likely
You can clone it with a smartphone with NFC enabled. Look at this app https://play.google.com/store/apps/details?id=de.syss.MifareClassicTool&hl=en. But it's probably less "hacker" than the RFID reader for your film. :)
You can use Mifare Classic Tool to get a dump. It's output is color coded so that you can easily see the keys and it can also decode the access control bits for you. It can should also allow you to overwrite it sector by sector if necessary, allowing you to change the keys in the process.
If both keys are shown there, at least one of the keys per sector should allow you to overwrite them (besides the UID part of sector 0). If only one of the keys is listed, you'll need something like an ACR122U reader or a proxmark to find the unknown key using one of the exploits against Mifare Classic.
You can use Mifare Classic Tool to get a dump. It's output is color coded so that you can easily see the keys and it can also decode the access control bits for you. It can should also allow you to overwrite it sector by sector if necessary, allowing you to change the keys in the process.
​
If both keys are shown there, at least one of the keys per sector should allow you to overwrite them (besides the UID part of sector 0). If only one of the keys is listed, you'll need something like an ACR122U reader or a proxmark to find the unknown key using one of the exploits against Mifare Classic.
I didn't have luck with MiFARE Classic on my phone. Wanted to use it for parking garage.
I think most Android phones don't use MiFare. https://play.google.com/store/apps/details?id=de.syss.MifareClassicTool&hl=en
> even though my phone doesn't directly support it.
Can you elaborate on 'it' ? Just that app, or Mifare Classic tags?
Have you tried MifareClassicTool? https://play.google.com/store/apps/details?id=de.syss.MifareClassicTool&hl=en
The method depends on your type of card and sometimes even its brand. I'm sure you won't have too much trouble finding a geek to do it for you, but here's what i know.
Simple RFID 125khz access cards can simply be cloned with a handheld cloner device. If you can do that, you can make a smaller clone of your keycard or something.
More complex 13.56MHz NFC cards have their own readers but can also be cloned with just a phone and an app, like these Mifare cards that have a dedicated cloning app on the Play store.
Rarely, cards will have some kind of secondary security measure like an extra chip. But someone who has some experience with this stuff can easily figure out any trick as long as you have the card. These measure are usually just taken against people passing by and trying to clone cards from people's pockets or wallets.
RFID tags can be formatted kind of like how SSDs can be formatted. A popular way of formatting tags is called NDEF, which stores data in 'records'. My guess is that the reader program you downloaded assumes that tags are NDEF formatted and looks for records, but the tag isn't formatted at all.
My university uses MiFare classic 4k cards to open doors. As far as I understand it they're basically the same as 1k cards, just they can store more data. None of the data on it matters though, because the readers on the doors only look at the UID. If this is how your school does it (which is likely) then you'll need software that can change the UID and a 'Chinese magic' UID changeable tag just like u/PoorPoorQ6600 said.
My school gave us MiFare classic 1k cards that we used to pay for our lunch. In that system, the reader didn't check the UID but it looked at a number stored in one of the 32 blocks. The number corresponded to a student/teacher in the database. The block that had the data was the only block with anything in it (the rest were filled with 0s) and it was locked with a different key to the rest. If this is how your school does it, you'll need to find the block(s) where the data is kept, work out their keys and copy everything over to the new tag in the right place. On the 7th page of this PDF there's an ok diagram of the structure of the data in a MiFare 1k tag. (Note the bit that says: "Block 0 is a special read-only data block keeps the manufacturer data and the UID of the tag". Chinese magic cards don't have that restriction, so you can change the UID.) To work out the keys, I'd suggest starting with this list of keys and trying them in order. This is the same extended-std.keys
as the one in the app I mentioned below. If none of those keys work, you'll have to crack the encryption like u/telxonhacker said. u/PoorPoorQ6600 mentioned MFOC, which will do that.
To determine what method your school uses, it would useful to examine a full dump of all the data on the card. I like to use MiFare Classic Tool on my phone because it's got a handy long list of common encryption keys. There's an iOS equivalent, but I can't remember what it's called. It's definitely possible to do this on the computer too with your reader, but since the only experimenting I've done so far has been on by phone or with an Arduino I don't know what to use yet. Try https://nfc-tools.github.io and especially their mfcuk
and mfoc
tools. The acr122 uses a PN532 chip as its RFID chip, which is what a lot of mobile phones use. It's extremely capable - it can read lots of types of tags and even emulate them.
If there's no data on the card, then they're definitely checking the UID. In that case just clone the UID to a UID changeable tag. If there is data, they're probably looking at that to determine whether you're allowed in. In that case, you'll need to copy the data over into the same blocks as where it came from and set the encryption keys to the same as what they are on the original. Any old tag will do for this one, it doesn't have to be UID changeable. You could try both methods if you're unsure.
You can get RFID tags in all sorts of shapes and sizes on Aliexpress, including stickers, cards, rings and tiny ones that go on your fingernails. Most of them are UID changeable - look for UID or CUID in the listing title.
Not sure what you did, but the app you mentioned does states in the description that it can't crack key to the "encrypted" sectors:
https://play.google.com/store/apps/details?id=de.syss.MifareClassicTool&hl=en
> There will be no "brute-force" attack capability in this application. It is way too slow due to the protocol.
> This App can NOT crack/hack any MIFARE Classic keys. If you want to read/write an RFID-Tag, you need keys for this specific tag first. For additional information please read/see Getting Started from the links section.
https://github.com/ikarus23/MifareClassicTool#getting-started
> The application comes with standard key files called std.keys and extended-std.keys, which contains the well known keys and some standard keys from a short Google search. You can try to read a tag with this key file using "Read Tag" from main menu.
Maybe you got lucky and the hotel is using some well known shitty key :D good job
Install the MIFARE Classic Tool app on the Android.
You can use it to read the tag and see what's on it.
I don't have an iPhone and don't know the shortcuts app, but my guess is, that the app just looks at the UID of the NFC sticker and executes an action accordingly. The sticker might be completely empty.
I believe tasker is an (the?) equivalent of shortcuts for Android. Apparently there is a plugin to make it work with NFC.
Dependiendo de la tarjeta, es posible con un Android app (por ejemplo https://play.google.com/store/apps/details?id=de.syss.MifareClassicTool).
I'm not sure, but I think it can be done with apps like this
https://play.google.com/store/apps/details?id=de.syss.MifareClassicTool
If the system actually uses the NFC tag's UID, you're in luck. This means you can copy the tag's UID with an app like MIFARE Classic Tool.
When you have the UID, simply write it to a new tag using aforementioned app again.
Note: on standard NFC tags, you won't be able to write anything to sector 0 (where the UID is located). You need a special card that allows this. (I have this one, pretty sure there are much cheaper variants online).
You can't influence the NFC UID of your Android device without making changes to your device's firmware (NFC stack). If you're interested, read this and this.
This app claims it can emulate any UID if you have a rooted device. I haven't tried it out yet though.
​
Good luck!
No, it's not
Simply use this: https://play.google.com/store/apps/details?id=de.syss.MifareClassicTool
you can totally scan and duplicate nfc and rfid keycards. this is trivial on an android phone that supports NFC https://play.google.com/store/apps/details?id=de.syss.MifareClassicTool
This worked for me:
/* * edited by Velleman / Patrick De Coninck * Read a card using a mfrc522 reader on your SPI interface * Pin layout should be as follows (on Arduino Uno - Velleman VMA100): * MOSI: Pin 11 / ICSP-4 * MISO: Pin 12 / ICSP-1 * SCK: Pin 13 / ISCP-3 * SS/SDA (MSS on Velleman VMA405) : Pin 10 * RST: Pin 9 * VCC: 3,3V (DO NOT USE 5V, VMA405 WILL BE DAMAGED IF YOU DO SO) * GND: GND on Arduino UNO / Velleman VMA100 * IRQ: not used */
#include <SPI.h> #include <RFID.h>
#define SS_PIN 10 #define RST_PIN 9
RFID rfid(SS_PIN,RST_PIN);
int led = 4; int serNum[5]; /* * This integer should be the code of Your Mifare card / tag */ int cards[][5] = {{61, 10, 242, 178, 119}};
bool access = false;
void setup(){ Serial.begin(115200); SPI.begin(); rfid.init();
pinMode(led, OUTPUT); digitalWrite(led, LOW); }
void loop(){
if(rfid.isCard()){
if(rfid.readCardSerial()){ Serial.print(rfid.serNum[0]); Serial.print(" "); Serial.print(rfid.serNum[1]); Serial.print(" "); Serial.print(rfid.serNum[2]); Serial.print(" "); Serial.print(rfid.serNum[3]); Serial.print(" "); Serial.print(rfid.serNum[4]); Serial.println("");
for(int x = 0; x < sizeof(cards); x++){ for(int i = 0; i < sizeof(rfid.serNum); i++ ){ if(rfid.serNum[i] != cards[x][i]) { access = false; break; } else { access = true; } } if(access) break; }
}
if(access){ Serial.println("Welcome Velleman "); /* * Valid card : Switch ON the LED for 1000 ms (1 second) */ digitalWrite(led, HIGH); delay(1000);
digitalWrite(led, LOW);
access = false;
} else {
/*
* NON-Valid card : switch ON and OFF the LED twice for 0,5 seconds
*/
Serial.println("Not allowed!");
digitalWrite(led, HIGH);
delay(500);
digitalWrite(led, LOW);
delay(500);
digitalWrite(led, HIGH);
delay(500);
digitalWrite(led, LOW);
}
}
rfid.halt(); }
THIS Android app also help with inspecting and verifying my RFID tags and cards.
It is likely Mifare Classic 4K which uses encryption and cannot be copied by regular cloners purchased on eBay. Unlike most key fobs such as HID Prox, AWID, Indala, and IoProx it runs on 13.56Mhz which offers the ability to add features such as strong encryption. Most other keys operate on 125Khz and simply transmit a un-encrypted serial number.
If you download Mifare Classic Tools on an android phone you should be able to read details of the key fob to confirm its format. Mifare Classic encryption uses a home-brewed protocol from NXP semiconductors called Crypto1. This protocol has been proven to be very weak and was broken years ago.
Take a look at clonemykey's compatibility page, on the 6th row down. Is that it? They copy most key fobs. I'd contact them.
>MIFARE doesn't refer to any one tag type
I was being lazy, I earlier referenced Mifare Classic, and that's the specific type I was bringing up.
>Android devices can perform an anti-collision and that's it
Not quite, check out things like Mifare Classic Tool [1]. This is where I come back to the popularity of NXP vs Broadcom chips. It catches some people by surprise[2] that there is such a stark difference.
> it is not compliant with any NFC Forum tag type
This is less clear to me. To start, Adafruit has an NFC intro that says[3]
>>Mifare Classic 1K and 4K cards can be configured as NFC Forum compatible NDEF tags
which isn't saying its explicitly a NFC Forum tag type, but compatible. NXP puts out two notes [4], [5] that are all about storing NDEF messages into Mifare Class and Mifare Plus tags, and it is also a little circumspect
>> The NFC Forum has also defined four different tag types that are able to stored NDEF data. This document extends the tag types of the NFC Forum...
Please don't take my use of links and quotes as overly argumentative, I just think that its worth providing the material for a technical topic.
[1] https://play.google.com/store/apps/details?id=de.syss.MifareClassicTool&hl=en [2] http://stackoverflow.com/questions/19430542/what-current-android-phones-use-an-nfc-controller-from-nxp [3] https://learn.adafruit.com/adafruit-pn532-rfid-nfc/ndef [4] http://www.nxp.com/documents/application_note/AN1304.pdf [5] http://www.nxp.com/documents/application_note/AN1305.pdf