Reputation: 7343
Android and Mifare Classic RFID Restoration
I was tinkering with this open source Android Application (Mifare Classic Tool) that can read and write to a Mifare Classic RFID (16 Sectors, 4 Blocks each).
I've had success with tinkering with it in terms of sending a whole string of 48 characters to a single sector by sending 16 characters per block, as well as sending the same string of 48 characters to all the sectors available for the user to write on. However, when I tried to let the user write a long string, chop it up to 48 characters and distribute it among the sectors, I was surprised that all writeable sectors were now gone and could not be read, only leaving Sector 0 (Reserved for Manufacturer Data) available.
I know that I damaged the RFID I have and I might have written to Block 3 (which is reserved for Keys A and B as well as Access Conditions) by accident and I know this damage may be irreparable.
However, if I did write to Block 3, then wouldn't that mean that I may have changed the Keys and Access Conditions? Does any one know a way to Brute Force an Mifare Classic RFID in Android so that I can get the keys back? I know I can just add a key file in MCT and paste the input I gave it before it got wiped but that input was in the clipboard (which only takes the last thing you copied). So far I've seen OVC but it only works on Nexus S, I'm using a Nexus 7 tablet which runs on 4.2.2. I know I can just force write the Keys and Access Conditions back but without the proper key, I won't be able to read and much more, write to the RFID.
Help will be very appreciated. I'm at the last of my plans on reviving this RFID and I need all the help I can get to revive it, this is the only RFID I have now and buying another one isn't an option.
Upvotes: 1
Views: 2521
Answers (1)
Reputation: 11
The tag is most likely broken (due to overwriting the Access Conditions with incorrect data). The keys may have changed but even if you get them, these sectors will still be dead.
Due to protocol, there is no effective Brute Force attack on Mifare Classic tags. However, there are several tools to exploit some weaknesses of this technology to retrieve the keys (mfcuk, mfoc, the Proxmark3 device, etc.) But non of them is for Android devices and non of them will bring you back the dead sectors.
[...] buying another one isn't an option.
I'm sorry, but I'm pretty sure this is the only thing you can do...
Upvotes: 1
Related Questions
- Recover Mifare Classic key from authentication trace
- Recover sector in Mifare Classic 1k with overwritten permission bits
- How to access a MIFARE Classic card that uses the MIFARE Application Directory structure?
- MIFARE Classic standard keys
- Emulate Mifare card with Android 4.4
- Authentication after a read failure of a MIFARE card
- Can I recover a MIFARE Classic card?
- Android Mifare Classic authentication Key A not working
- Attempting brute force attack on MIFARE classic 1k
- Reading and writing Mifare Classic 1K RFID on Nexus-S