I found this and was like yay this is what I needed but then halfway through you are like oh and I assume you have this and that and know this and I got so lost
amazing, i like to listen your voice, seems u have lot to teach, have u made some series out of this? from beginner to advanced? no evil intents here just want to be ready for apocalypse and clone my own cards
Hi Quentyn, I really enjoyed the video and I am really looking forward to the next one. Just an observation but I noticed that there are not many recent videos where attacks on the readers are performed with a proxmark. Are those hard to do? or just not popular because they are rarely working nowadays?. Many thanks! - Federico
when you say attack on the reader you mean taking the keys from the reader its self ? thats only really needed with a mifare ultralight where the reader sends the key in plaintext as a card is read
@@QuentynTaylor I am wondering what would be the approach you would take with a MIFARE DESFire 4k. Cloning this card doesn't seem like an easy thing. Google is not my best friend right now :-)
Ummm, yes, but now try with a card with no keys... With just one key you can do a typical nested or hardnested attack and thats It, you own It. With no keys, you can try with mfcuk, but if the Mifare Classic 1K is emulated, like with a Mifare Classic EV1, then you can't use mfcuk. You need a reader attack... Which I would like to learn on Proxmark. Would you like to try?
Quentyn, great content. Been busy with my ChameleonTiny…. But i found the documentation fairly poor…. Is they chameleon also capable of cloning / writing to a physical Chinese card ? It seems that it can only copy into the device itself not to a clone card …. Or should I replace the (upgraded) firmware to iceman’s?
Hello, Quentyn! I was wondering what if you are not able to match any of the default keys at first, then of course you are not able to do the nested attack. What approach would you recommend? Thanks.
Great video! I did clone one of my card but I can't write again on the same card. I know that the restore command works on blank cards but is it possible to reset a magic card to blank?
yes have a look in the scripts section, "script list" will show them. remagic is probably the one you want ( assuming you are running the iceman build)
to the best of my knowledge you cant at the moment, you can emulate the UID if the system is based on that alone ( easiest way is to grab an EV2 card from lab401 if you are EU based)
i dont have an iclass cards, when i do i will have a play with them. Re the chinese proxmarks, they can work but if there is an issue you have no support. i had an rdv3 ages ago which i gave away and it is still working apparently
Hi Quentyn how are you? I have an encrypted Ntag213,Nag215,Ntag216 etc,Ultralight C,Ultralight EV1 can i use proxmark3 to copy it or do i need proxmark3 rdv4.0
Quentyn Taylor Thanks for your reply. I have another question: when you successfully copy a fob you will have two fobs with the same code, would they both work? Would you be able to identify each one of them when they have been used?
@@massimofacci2809 yes they should as they will be the exact same fob as far as the reader is concerned. Make sure that you set the ATQA and SAK as well as the exact card type correct and you should be fine. Note that some readers can detect magic cards ( they attempt to write to sector 0 ) so if thats an issue you will need to get write once tags ( which are magic tags only till the ID has been set for the 1st time)
Hi@@QuentynTaylor there are a couple of version of proxmark 3. I have seen v3 - v2, and they all have different option on how they come. Could you suggest a website and recommend which one to buy for what i need to do. I don't want to get stuch not been able to read encrypted cards. Thanks
@@massimofacci2809 ( assuming from your name you are EU) i would grab one from www.lab401.com not the cheapest place but guaranteed to be genuine and work. I am not affiliated with them but their delivery is fast and they have everything you want
Hi, today I tried to copy an lift card using hf mf autopwn. The original card was mifare 1k magic fob. When I tried cload the dump to card it wasn’t copying all the blocks on the magic 1k ic fob. I tried to dump the keys, Changed uid and tried to restore as well but some of the blocks couldn’t be copied successfully in my pm3. What might have I done wrong.
Is this any different than Mifare Ultralight? Would doing same commands in the mfu option work? Lastly, would this work without the iceman firmware? I have the Chinese knockoff so it's got smaller memory to install iceman and I rather not compromise skipping some features just to have iceman... maybe I should've gotten a legit RDV4.
@@TechnologistAtWork no you would have to reflash the firmware to re add and delete card types you want to swap before. *however* there are a lot of card types you will probably never encounter and can remove safely
Hi Quentyn, It's me again. So I just got the latest proxmark3 and I started to follow your steps for the same type of card. It was strange for me that the card didn't work when I tried to restore it. Now I can see that when I do "hf mf restore 1" I get the following messages from time to time "#db# Authentication failed. Card timeout. #db# Auth error " so I assume this must be the issue why the card is not restored properly, after all the nested and csetuid worked just like in your video. Have you seen something like this before?, many thanks - Federico
Ok, a few hours later I am still trying. It seems that one of the lines show "#db# Cmd Error: 04" but in your video, you get the same output with this cmd error 04. I can't figure out why I am getting "#db# Auth error"
hi to confirm the card is a magic card ? can you try the remagic and format-mifare scripts ? run script list to find the complete list and then script run (your script). Make sure that you also set the ATQA and SAK correctly
Headphone Users will love your intro
Fantastic video! Well-spoken, well-paced, and using proper nomenclature. Thank you so much for this. I love to learn.
Love it!
The typing of commands and still mess up, I do it all the time myself. *lol*
it shows its genuine :) you would have thought by now i could remember them too
You still did a bang-up job!
This was nice, more please.
The intro and outro music is extremaly loud!
Apologies I didn't realise when I read that the video that it was quite so loud. It's fixed in more recent videos
I found this and was like yay this is what I needed but then halfway through you are like oh and I assume you have this and that and know this and I got so lost
excellent work..keep like this
thanks for your video!! i'm starting now with proxmark3 and my implants
amazing, i like to listen your voice, seems u have lot to teach, have u made some series out of this? from beginner to advanced? no evil intents here just want to be ready for apocalypse and clone my own cards
do you have a video on copying mifare desfare ev1 cards please? :o)
Hi Quentyn, I really enjoyed the video and I am really looking forward to the next one. Just an observation but I noticed that there are not many recent videos where attacks on the readers are performed with a proxmark. Are those hard to do? or just not popular because they are rarely working nowadays?. Many thanks! - Federico
when you say attack on the reader you mean taking the keys from the reader its self ? thats only really needed with a mifare ultralight where the reader sends the key in plaintext as a card is read
@@QuentynTaylor I am wondering what would be the approach you would take with a MIFARE DESFire 4k. Cloning this card doesn't seem like an easy thing. Google is not my best friend right now :-)
@@federico22285 at the moment you cant, you can emulate the serial number of the card and thats it
Does this work for Proxmark3 Easy ?
Quentyn, great video! Is there a "magic card" that you would recommend for Mifare Classic 4K? I am in the States so Lab401 is a bit tricky on freight
the lab401 cards just work, if in the USA have a look at sneak technologies
Ummm, yes, but now try with a card with no keys... With just one key you can do a typical nested or hardnested attack and thats It, you own It. With no keys, you can try with mfcuk, but if the Mifare Classic 1K is emulated, like with a Mifare Classic EV1, then you can't use mfcuk. You need a reader attack... Which I would like to learn on Proxmark. Would you like to try?
Quentyn, great content. Been busy with my ChameleonTiny…. But i found the documentation fairly poor…. Is they chameleon also capable of cloning / writing to a physical Chinese card ? It seems that it can only copy into the device itself not to a clone card …. Or should I replace the (upgraded) firmware to iceman’s?
the chameleon is more for presenting cards rather than for cloning its self as it cant crack encryption
Hello, Quentyn! I was wondering what if you are not able to match any of the default keys at first, then of course you are not able to do the nested attack. What approach would you recommend? Thanks.
i would start to gether nonces and then start a darkside attack. I havent jet found a mifare card that isnt vulnerable to something..
@@QuentynTaylor Hi, what nonces do you mean and what commands can be used to get them?
Can you do this with a card that has a different UID ? (UID not changeable)
Great video! I did clone one of my card but I can't write again on the same card. I know that the restore command works on blank cards but is it possible to reset a magic card to blank?
yes have a look in the scripts section, "script list" will show them. remagic is probably the one you want ( assuming you are running the iceman build)
@@QuentynTaylor I had to flash the iceman firmware but once done, it worked. Thanks a lot ! Love your channel
@@charlesteinturier2539 glad you got it working - the iceman distro is the best one to be honest
Hi Quentyn - Have you had any luck with cloning "MIFARE DESFire EV2" apartment fobs? Would be great to hear your thought. Cheers!
to the best of my knowledge you cant at the moment, you can emulate the UID if the system is based on that alone ( easiest way is to grab an EV2 card from lab401 if you are EU based)
Does this work for mifare 2k and 4k cards/fobs?
picopass and felica tag found? How to copy that?
Hi Quentyn,
I’m trying to copy an iclass Card. Would this tutorial work for iclass cards? Also... have you had any experience with Chinese proxmark3?
i dont have an iclass cards, when i do i will have a play with them. Re the chinese proxmarks, they can work but if there is an issue you have no support. i had an rdv3 ages ago which i gave away and it is still working apparently
Hi Quentyn how are you? I have an encrypted Ntag213,Nag215,Ntag216 etc,Ultralight C,Ultralight EV1 can i use proxmark3 to copy it or do i need proxmark3 rdv4.0
you should be able to copy all of those cards with a 3 - all are supported on the 3 - let me know if you get stuck
Quentyn Taylor Thanks for your reply.
I have another question: when you successfully copy a fob you will have two fobs with the same code, would they both work? Would you be able to identify each one of them when they have been used?
@@massimofacci2809 yes they should as they will be the exact same fob as far as the reader is concerned. Make sure that you set the ATQA and SAK as well as the exact card type correct and you should be fine. Note that some readers can detect magic cards ( they attempt to write to sector 0 ) so if thats an issue you will need to get write once tags ( which are magic tags only till the ID has been set for the 1st time)
Hi@@QuentynTaylor there are a couple of version of proxmark 3. I have seen v3 - v2, and they all have different option on how they come. Could you suggest a website and recommend which one to buy for what i need to do. I don't want to get stuch not been able to read encrypted cards. Thanks
@@massimofacci2809 ( assuming from your name you are EU) i would grab one from www.lab401.com not the cheapest place but guaranteed to be genuine and work. I am not affiliated with them but their delivery is fast and they have everything you want
Hello, I'm new to this and cant figure out where to start, any reccomendations?
it depends on what you want to do, the proxmark forums are a great place or just following a tutorial like this one
is mifare plus 2k cloneable?
what I don't understand is why do we need to crack anything if we are cloning?
because you cant copy unless you can read all sectors
Hi, today I tried to copy an lift card using hf mf autopwn. The original card was mifare 1k magic fob. When I tried cload the dump to card it wasn’t copying all the blocks on the magic 1k ic fob. I tried to dump the keys, Changed uid and tried to restore as well but some of the blocks couldn’t be copied successfully in my pm3. What might have I done wrong.
Generating binary key file
[+] Found keys have been dumped to hf-mf-0606024B-key-1.bin
[=] FYI! --> OxFFFFFFFFFFFF
unordinary scenery :)
Is this any different than Mifare Ultralight? Would doing same commands in the mfu option work?
Lastly, would this work without the iceman firmware? I have the Chinese knockoff so it's got smaller memory to install iceman and I rather not compromise skipping some features just to have iceman... maybe I should've gotten a legit RDV4.
Well you can strip cards you aren't going to work with to make it fit? Then if you need those cards you can add them back in
@@QuentynTaylor I don't want to reflash firmware all the time. Is that a yes or no on the mifare ultralight? If no what is the method for that?
@@TechnologistAtWork no you would have to reflash the firmware to re add and delete card types you want to swap before. *however* there are a lot of card types you will probably never encounter and can remove safely
So does this work on the rfid Mifare ones?
Have you used the Blue tooth stand alone module with the rdv4 yet?
yes, when i 1st got it but i normally just use the cable as its easier
Still very confusing
The music at the beginning at the end of your video Is way too loud what the dfff!!!!
Hi Quentyn, It's me again. So I just got the latest proxmark3 and I started to follow your steps for the same type of card. It was strange for me that the card didn't work when I tried to restore it. Now I can see that when I do "hf mf restore 1" I get the following messages from time to time "#db# Authentication failed. Card timeout.
#db# Auth error " so I assume this must be the issue why the card is not restored properly, after all the nested and csetuid worked just like in your video. Have you seen something like this before?, many thanks - Federico
Ok, a few hours later I am still trying. It seems that one of the lines show "#db# Cmd Error: 04" but in your video, you get the same output with this cmd error 04. I can't figure out why I am getting "#db# Auth error"
hi to confirm the card is a magic card ? can you try the remagic and format-mifare scripts ? run script list to find the complete list and then script run (your script). Make sure that you also set the ATQA and SAK correctly
Quentyn Taylor That worked perfectly, thanks a lot :-)
Would the same procedure work for mifare plus cards?
yes it should do - i dont have one handy to test sadly
@@QuentynTaylor No it wouldn't, AES128...
This video is long overdue
MBS hotel card. haha
Salto System