How to change the mifare classic block 0 of 1k cards?
First you need a 7 byte UID completely writable mifare classic 1k card
Search on eBay for 7 Byte UID Changeable Card 1K S50 13.56MHz ISO14443A
Then you will find one. Only those „hacked“ china cards will work. On normal cards you can’t change the first block as you can see down below.
Check if the cards are the same
You can make two hexdumps of the cards to compare them with diff. The contents are the same but not the uid / first block.
Mathiass-MacBook-Pro:test mathias$ diff check.hex original.hex
1c1
< 00000000 04 e8 f9 c2 d7 08 04 00 46 59 25 58 49 10 23 02 |........FY%XI.#.|
---
> 00000000 04 e8 f9 c2 a5 59 80 88 44 00 c8 20 00 00 00 00 |.....Y..D.. ....|
Set the UID
You can try to set the uid with nfc-mfsetuid
Currently only 4 Byte UID is supported. Specify an eight hex character UID
http://manpages.ubuntu.com/manpages/bionic/man1/nfc-mfsetuid.1.html
Mathiass-MacBook-Pro:fitti mathias$ nfc-mfsetuid 04e8f9c2 NFC reader: ACS ACR122U / ACR122U214 opened Sent bits: 26 (7 bits) Received bits: 04 00 Sent bits: 93 20 Received bits: 04 e8 f9 c2 d7 Sent bits: 93 70 04 e8 f9 c2 d7 dc ee Received bits: 08 b6 dd Found tag with UID: 04e8f9c2 ATQA: 0004 SAK: 08 Sent bits: 50 00 57 cd Sent bits: 40 (7 bits) Received bits: a (4 bits) Sent bits: 43 Received bits: 0a Card unlocked Sent bits: a0 00 5f b1 Received bits: 0a Sent bits: 04 e8 f9 c2 d7 08 04 00 46 59 25 58 49 10 23 02 0d 87 Received bits: 0a
Compare dumps
Now you can compare the two hexdumps again to check, if the uid block has been changed.
Mathiass-MacBook-Pro:fitti mathias$ diff check.hex original.hex 1c1 < 00000000 04 e8 f9 c2 d7 08 04 00 46 59 25 58 49 10 23 02 |........FY%XI.#.| --- > 00000000 04 e8 f9 c2 a5 59 80 88 44 00 c8 20 00 00 00 00 |.....Y..D.. ....|
Wrong card
In my case i figured out, that i have ordered the wrong card. The original card has a 7 byte uid and the china cloned card just 4 bytes.
Mathiass-MacBook-Pro:fitti mathias$ nfc-list nfc-list uses libnfc libnfc-1.7.1-191-g216145f NFC device: ACS ACR122U / ACR122U214 opened 1 ISO14443A passive target(s) found: ISO/IEC 14443A (106 kbps) target: ATQA (SENS_RES): 00 44 UID (NFCID1): 04 e8 f9 c2 a5 59 80 SAK (SEL_RES): 08 Mathiass-MacBook-Pro:fitti mathias$ nfc-list nfc-list uses libnfc libnfc-1.7.1-191-g216145f NFC device: ACS ACR122U / ACR122U214 opened 1 ISO14443A passive target(s) found: ISO/IEC 14443A (106 kbps) target: ATQA (SENS_RES): 00 04 UID (NFCID1): 04 e8 f9 c2 SAK (SEL_RES): 08
konntest du das Problem schon lösen?
habe selber hier eine 7 byte mifare karte, die sich ums verrecken nicht kopieren lässt. die keys finden ist kein problem, aber ich bekomme die karte nicht kopiert, da ich nur eine 4 byte blankokarte habe
Die Frage ist halt wo man eine Mifare Classic 1K Karte mit einer 7 Byte UID herbekommt wo komplett beschreibbar ist……
Habe hier eine gefunden:
https://www.ebay.com/itm/7-Byte-UID-Changeable-Card-1K-S50-13-56MHz-ISO14443A/202299569843
Kostet allerdings 22 USD und es wird nur proxmark3 unterstützt.
Das heißt man muss noch für 100€ proxmark3 kaufen und ist somit bei ca. 120€.
Damit bin ich raus. Schade dass es nicht über den ACR122U geht.