Then I updated the device and that changed what the lights did completely.Its really not that straight forward, there are different cards with different functionality, some have defaults that make it simple to clone them (if the defaults havent been changed), some have good security and there are currently no methods to clone them unless youve already got access keys.Maybe some of the security isnt that strong but the card type isnt popular enough to have had people scrutinise it.
I have so far had experience with a few different card types, the only relatively easily cloneable one being the Mifare Classic 1K. Proxmark3 Rdv2 Kit How To Clone ThisUnderstanding how to clone this card felt like a bit of a trek, but once I got there it didnt seem like such a big deal. Hopefully this step by step guide means others wont need to do the trek. ![]() They get written when the card is created and that area of memory is then made read only, so it cant be changed. If you want a clone of the card then you want both the UID and the data on the card to be copied across to the new card, but this isnt normally possible due to the UID being read only. Enter the UID changeable, aka Chinese backdoor (seriously) cards, which allow you to change their UID. A good start is to update the device Install from the command line (Im using a Mac here): brew tap proxmarkproxmark3. ![]() This also shows us the UID (ba2ea6ab) of the card, which well need later. From there we can find keys in use by checking against a list of default keys (hopefully one of these has been used): proxmark3 hf mf chk. To copy that data onto a new card, place the (Chinese backdoor) card on the proxmark: proxmark3 hf mf restore 1. Now we just need to give the card the UID we got from the original hf search command: proxmark3 hf mf csetuid ba2ea6ab. This whole process can be completed in a minute or two, so its not a quick read of the card by any means. Why do we need keys When most modern cards are placed next to a card reader theres a handshake to ensure the card has the expected keys. This handshake moves the card through a number of states and only when the handshake successfully completes will the card allow access to all data stored on it. This is the reason that you cant simply clone most cards, you need the correct key to complete the handshake and allow access to the contents of the card. A defensive lesson Some cards use default keys, while this makes it easy to clone a card, it also makes it pretty poor from a defensive point of view. Its like using default admin credentials for a database, it makes an attackers life easy. The lights on the Proxmark I have to admit pretty much ignoring them. When I use it, its always connected to the laptop, so Ive got the console output to see what its doing. There was a point where I tried to understand them, I found a guide, they were starting to make sense.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |