![]() Please note, comments must be approved before they are published.⚠️Important Update: Nearly 80% of all keycards used within commercial facilities may be prone to hacking due to protocol vulnerabilities. For more information about Magic Cards, check out the Lab401 Academy article: Know your magic cards: Windows/Linux: we can use the LibNFC mf-setuid tool Android: Mifare Classic Tool has a BCC calculator Luckily, many tools make this calculation automatically: If you're manually updating UIDs (by using the Proxmark's hf mf wb0 command) you must have the correct BCC calculated, or you'll brick the card. Now, we've got a new UID, without bricking the card! So, we change the original card's BCC from 0xFC to 0x08, and write the card. If we input our new UID: 0x12345678 (as a Hex String), we are given the BCC value of 0x08. The new BCC value is calculated by XOR-ing each byte with the result of the previous XOR - don’t worry there are many tools online to perform this task, ie: We must calculate the BCC value for our new UID. So if we change the UID without changing the BCC, when we make the change - the card will be bricked. However, the BCC value is derived from the UID value. If we want to modify the UID, instinctively we'd change just the UID values, let's say to 1 2 3 4 5 6 7 8. Let's open a MIFARE Classic 1K Card, with a 4-byte UID dump in a hex editor, we can see the UID value in Block 0 If the BCC is wrong, the card is no longer detectable, and so cannot be read or modified. The BCC is a checksum value for the UID - which acts as 'double check' to ensure that the UID is correct. The most common way to "brick" a magic card is with a bad BCC value. If the Block 0 is improperly configured, the card can be "bricked" - irreversibly broken. However: with great power comes great responsibility. Now, modifiable or "Magic" cards are available for almost every type of MIFARE card, which allows the manufacturer block to be modified. This was a key element in preventing card cloning - badge contents could be changed, but the Manufacturer Block, and the UID could not be changed. In original cards, the Block 0 cannot be modified. Card configuration is defined in the "Block 0" or "Manufacturer Block". All MIFARE cards share the same basic structures: There are many types of cards within the family, each with different storage sizes, encryption and capabilities: Mifare Classic, Ultralight, DESFire, NTAG, and so on. "MIFARE" is a family of High-Frequency 13.56MHz RFID cards, built by Panasonic / NXP that fall into the ISO category 14443a. Introduction to Magic Cards, UIDs and BCCs ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |