Issue 180 in libnfc: Format/Overwrite of mifare classic "fails"
lib...@googlecode.com
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 180 by maxmust...@gmail.com: Format/Overwrite of mifare
classic "fails"
http://code.google.com/p/libnfc/issues/detail?id=180
I cloned a mifare classic card onto an empty card.Now everytime I write to
this card I get a error like this:
[code]failed to write trailer block 3
xnfc_initiator_transceive_bytes: Timeout[/code]
I tried to overwrite the card with the empty dump I got from
http://www.libnfc.org/_media/libnfc/documentation/empty_mfd_example.zip
but it went like this:
[code]thomas@pluto ~ $ nfc-mfclassic w b Downloads/14f1f9d7.mfd clean
Connected to NFC reader: ACS ACR122U 00 00 / ACR122U103 - PN532 v1.6 (0x07)
Found MIFARE Classic card:
ATQA (SENS_RES): 00 04
UID (NFCID1): ec c3 66 d3
SAK (SEL_RES): 08
Guessing size: seems to be a 1024-byte card
Writing 64 blocks |nfc_initiator_transceive_bytes: Timeout
failed to write trailer block 3
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 7
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 11
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 15
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 19
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 23
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 27
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 31
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 35
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 39
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 43
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 47
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 51
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 55
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 59
x.|
Done, 4 of 64 blocks written.
thomas@pluto ~ $ nfc-mfclassic w b tim-100 Downloads/14f1f9d7.mfd
Connected to NFC reader: ACS ACR122U 00 00 / ACR122U103 - PN532 v1.6 (0x07)
Expected MIFARE Classic card with UID starting as: 14f1f9d7
Found MIFARE Classic card:
ATQA (SENS_RES): 00 04
UID (NFCID1): ec c3 66 d3
SAK (SEL_RES): 08
Guessing size: seems to be a 1024-byte card
Writing 64 blocks |nfc_initiator_transceive_bytes: Mifare Authentication
Error
!
Error: authentication failed for block 00
thomas@pluto ~ $ nfc-mfclassic w b tim-100
Connected to NFC reader: ACS ACR122U 00 00 / ACR122U103 - PN532 v1.6 (0x07)
Found MIFARE Classic card:
ATQA (SENS_RES): 00 04
UID (NFCID1): ec c3 66 d3
SAK (SEL_RES): 08
Guessing size: seems to be a 1024-byte card
Writing 64 blocks |nfc_initiator_transceive_bytes: Mifare Authentication
Error
nfc_initiator_transceive_bytes: Mifare Authentication Error
nfc_initiator_transceive_bytes: Mifare Authentication Error
nfc_initiator_transceive_bytes: Mifare Authentication Error
nfc_initiator_transceive_bytes: Mifare Authentication Error
nfc_initiator_transceive_bytes: Mifare Authentication Error
nfc_initiator_transceive_bytes: Mifare Authentication Error
nfc_initiator_transceive_bytes: Mifare Authentication Error
nfc_initiator_transceive_bytes: Mifare Authentication Error
!
Error: authentication failed for block 00
thomas@pluto ~ $ mifare-classic-format
Found Mifare Classic 1k with UID ecc366d3. Format [yN] y
Formatting 16 sectors [.mifare-classic-format: No known authentication key
for sector 0
[/code]
I also added the keys that were used to write to the card to the default
keys of mifare-classic-format.
I'm using a touchatag pad 072f:2200 with the acsccid 1.0.2 driver and
libnfc 1.5.1.
lib...@googlecode.com
Status: WontFix
Owner: rco...@il4p.fr
Labels: -Priority-Medium Priority-Low OpSys-All
Comment #1 on issue 180 by rco...@il4p.fr: Format/Overwrite of mifare
classic "fails"
http://code.google.com/p/libnfc/issues/detail?id=180
Hi,
Don't use this dump nor this tool (nfc-mfclassic) to format a Mifare
Classic tag.
lib...@googlecode.com
Comment #2 on issue 180 by maxmust...@gmail.com: Format/Overwrite of mifare
classic "fails"
http://code.google.com/p/libnfc/issues/detail?id=180
What should I use?mifare-classic-format doesn't work for me.
I get this output:
Found Mifare Classic 1k with UID ec010000. Format [yN] y
Formatting 16 sectors [.mifare-classic-format: No known authentication key
for sector 0
even thought the B key for the sector 0 is known.
lib...@googlecode.com
Comment #3 on issue 180 by maxmust...@gmail.com: Format/Overwrite of mifare
classic "fails"
http://code.google.com/p/libnfc/issues/detail?id=180
Oh and the reason I wrote this post wasn't to say I can't format my cards
this way I posted it because I can't overwrite mifare cards.I got an empty
card and I want to write a modified dump to the card or an old dump and
this just doesn't work (see above)
lib...@googlecode.com
Status: Feedback
Comment #4 on issue 180 by rco...@il4p.fr: Format/Overwrite of mifare
classic "fails"
http://code.google.com/p/libnfc/issues/detail?id=180
Which card do you use Mifare Classic or Special Mifare Classic card with
UID customisable ? Because I can't reproduce this bug myself...
About mifare-classic-format, feel free to wrote a patch to support it and
post it under nfc-tools issues system.
lib...@googlecode.com
Comment #5 on issue 180 by maxmust...@gmail.com: Format/Overwrite of mifare
classic "fails"
http://code.google.com/p/libnfc/issues/detail?id=180
I use a mifare classic 1k card and I don't know if the UID is customisable.
It was an "empty card" and the first time I wrote a mc dump it worked
without any problems.After I tried to overwrite the card with another dump
I got this errors even thought I used a dump with all the keys to overwrite
the card.
lib...@googlecode.com
Comment #6 on issue 180 by BSg...@gmail.com: Format/Overwrite of mifare
classic "fails"
http://code.google.com/p/libnfc/issues/detail?id=180
Hello,
I am experiencing the same error. HW used: Touchatag reader, blank card
from ebay (not changeable UID). What happens is that I can only write to
this card once. Any attempt to write (any mifare dump) after ends with the
error described above. Is there any known fix to this error yet? I did
search at google but no success yet. Or is there any other tool to format
the mifare card? Thanks!
lib...@googlecode.com
Comment #7 on issue 180 by trener....@gmail.com: Format/Overwrite of mifare
classic "fails"
http://code.google.com/p/libnfc/issues/detail?id=180
Hello,
I had similar problem and I have found solution. Actually it's workaround.
Before you write new dump into your card you should format it using
mifare-classic-format. But there is problem described in Comment 2: No
known authentication key for sector 0. It's because your card have another
image written - it means KEYs A and B aren't default. You can find those
keys i.e. by breaking your card using mfoc. After that you should edit file
mifare-classic-format.c, actually default_keys[] array, and append there
each of your keys. Each row represents particular key. After that you
should run make, sudo make install.
Now your mifare-classic-format will be able to format your card. After
formatting all KEYs will be reset to 0x00 0x00 0x00 0x00 0x00 0x00. Good
luck!
lib...@googlecode.com
Comment #8 on issue 180 by trener....@gmail.com: Format/Overwrite of mifare
classic "fails"
http://code.google.com/p/libnfc/issues/detail?id=180
OK, I have full explenation now. As you know there are 2 different keys:
KEY A and B. Each sector key can have different access permissions. I.e.
read, read-write etc. Those access permissions are stored among other bytes
on card image. It's worth to see Mifare specification;) Now, if you write
your image into blank card, 2 things will happen: Your keys will change and
access permissions will change. After that you will be able to write same
blocks using KEY A, and some blocks using KEY B. You can do that
executing "nfc-mfclassic w a image.img image_with_keys.img", and
next "nfc-mfclassic w b image.img image_with_keys.img". It should work
without card formatting described in my previous comment. I hope this will
help you.
lib...@googlecode.com
Comment #9 on issue 180 by rco...@il4p.fr: Format/Overwrite of mifare
classic "fails"
http://code.google.com/p/libnfc/issues/detail?id=180
Really good trener.bit !
How do you think nfc-mfclassic should work to prevent from this kind of
annoying ?
lib...@googlecode.com
Comment #10 on issue 180 by romain.t...@gmail.com: Format/Overwrite of
Well, basically "nfc-mfclassic w" does the right thing (i.e. what you ask
it to do)… If you don't want to lock your card, don't write a dump that
locks the card.
Invalid ?
lib...@googlecode.com
Status: Invalid
Comment #11 on issue 180 by romu...@libnfc.org: Format/Overwrite of mifare
classic "fails"
http://code.google.com/p/libnfc/issues/detail?id=180
(No comment was entered for this change.)
lib...@googlecode.com
Comment #12 on issue 180 by niewoehn...@gmail.com: Format/Overwrite of
Hello!
Today I had the same Problem as some of you and I wasn't able to solve it.
I even can't write the dump from mfoc.
------------
$ nfc-mfclassic w A blank_dump2 dump
NFC reader: ACS / ACR122U PICC Interface opened
Found MIFARE Classic card:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
UID (NFCID1): 72 b8 97 15
Guessing size: seems to be a 1024-byte card
xxxxfailed to write trailer block 7
x............xxxfailed to write trailer block 23
xxxxfailed to write trailer block 27
xxxxfailed to write trailer block 31
xxxxfailed to write trailer block 35
xxxxfailed to write trailer block 39
x........................|
Done, 36 of 64 blocks written.
-------------
-------------
$ nfc-mfclassic w B blank_dump2 dump
NFC reader: ACS / ACR122U PICC Interface opened
Found MIFARE Classic card:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
UID (NFCID1): 72 b8 97 15
Guessing size: seems to be a 1024-byte card
xxxxfailed to write trailer block 7
x...............failed to write trailer block 23
x...failed to write trailer block 27
x...failed to write trailer block 31
x...failed to write trailer block 35
x...failed to write trailer block 39
x........................|
Done, 53 of 64 blocks written.
-------------
And also adding the keys to mifare-classic-format.c didn't help:
$ mifare-classic-format dump
Found Mifare Classic 1k with UID 72b89715. Format [yN] y
for sector 0
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
lib...@googlecode.com
Comment #13 on issue 180 by yob...@gmail.com: Format/Overwrite of mifare
classic "fails"
http://code.google.com/p/libnfc/issues/detail?id=180
It may be due to some specific ACL bits.
Could you show us:
* the content of the dump you want to write
* the content of the card
I can understand there are private data and I don't really need full dumps
but I need to see the ACL bits of the dumps (so the bytes of each trailing
block between key bytes).
lib...@googlecode.com
Comment #14 on issue 180 by niewoehn...@gmail.com: Format/Overwrite of
Thank you for your answer!
The dump i want to write is the one I dumped when the card was empty:
blank_dump2
The current content is in "dump".
mfoc.txt is the output of mfoc
Attachments:
mfoc.txt 7.4 KB
blank_dump2 4.0 KB
dump 4.0 KB
lib...@googlecode.com
Comment #15 on issue 180 by yob...@gmail.com: Format/Overwrite of mifare
classic "fails"
http://code.google.com/p/libnfc/issues/detail?id=180
* block 3 ACL: 61EF09 means it's forbidden to write on that block (and on
block 1) with whatever key, A or B. Only blocks 2 and 3 can be written
using only key B.
* block 7 ACL: 4B478B means blocks 6 & 7 can only be written with key B,
block 4 & 5 cannot be written at all.
* blocks 23, 27, 35, 39 ACL: 70F788 means those blocks cannot be written
and their data blocks can only be written with key B.
So as you see the current ACL bits don't allow to format the card back to a
fully writable state.
I suggest you to study carefully the specifications of ACL bits of Mifare
Classic to understand this kind of behavior.
lib...@googlecode.com
Comment #16 on issue 180 by yob...@gmail.com: Format/Overwrite of mifare
classic "fails"
http://code.google.com/p/libnfc/issues/detail?id=180
Note to developers:
Maybe we could read ACL bits, detect potential failures and inform user, to
get more informative error messages than just "writing failure"
lib...@googlecode.com
Status: New
Labels: -Type-Defect Type-Enhancement
Comment #17 on issue 180 by yob...@gmail.com: Format/Overwrite of mifare
classic "fails"
http://code.google.com/p/libnfc/issues/detail?id=180
Reopened and tagged as enhancement request
lib...@googlecode.com
Comment #18 on issue 180 by niewoehner.michael: Format/Overwrite of mifare
classic "fails"
http://code.google.com/p/libnfc/issues/detail?id=180
Oh, that means the card is more or less "dead"..
Next time I clone a card I'll take a look at the ACLs...
Thank you! :-)
lib...@googlecode.com
Comment #19 on issue 180 by niewoehner.michael: Format/Overwrite of mifare
classic "fails"
http://code.google.com/p/libnfc/issues/detail?id=180
Maybe it would be good to inform the user BEFORE writing wrong ACL to a
card.
lib...@googlecode.com
Comment #20 on issue 180 by yob...@gmail.com: Format/Overwrite of mifare
classic "fails"
http://code.google.com/p/libnfc/issues/detail?id=180
The ACL were not wrong at all, that's still something different.
If ACL is inconsistent then all blocks of that sector are indeed completely
lost.
Here ACL is correct and stipulates that some of the content cannot be
changed anymore.
So we could implement three checks actually:
* check if ACL to be written is consistent, otherwise abort
* check if ACL to be written will lock some blocks. If yes ask for
confirmation (or mandate a --force flag)
* check when a write fails if it's due to the current ACL of the card and
inform the user adequately. In some cases it needs first to be formatted to
allow writing (ACL forbids writing in data blocks but trailer block can
still be written) and in some other cases the card is locked (trailer
sectors cannot be written anymore).
lib...@googlecode.com
Comment #21 on issue 180 by niewoehner.michael: Format/Overwrite of mifare
classic "fails"
http://code.google.com/p/libnfc/issues/detail?id=180
Did you look up the ACL manually in the datasheet or is there a script for
checking them?
lib...@googlecode.com
Comment #22 on issue 180 by yob...@gmail.com: Format/Overwrite of mifare
classic "fails"
http://code.google.com/p/libnfc/issues/detail?id=180
Please use the mailing-list or forum for such kind of questions. I used
http://www.proxmark.org/forum/viewtopic.php?id=1408
lib...@googlecode.com
Comment #23 on issue 180 by michele....@gmail.com: Format/Overwrite of
mifare classic "fails"
https://code.google.com/p/libnfc/issues/detail?id=180
Hi all,
I solved the problem of missing authentication key for sector XY by:
1. cracking the card to get the current keys (#mfoc -O dump)
2. Formatting the card by using the dump as input keyfile
(#mifare-classic-format dump)
It works.
Ciao
Numen.
lib...@googlecode.com
Comment #24 on issue 180 by po...@pocho.cl: Format/Overwrite of mifare
classic "fails"
https://code.google.com/p/libnfc/issues/detail?id=180
Hello everyones!
I'm trying to format a non blank chinesse mifare card and I can't.
I've tried with mifare-classic-format but I got the error "No known
mfcuk + mfoc commands then make and still the same error. I did debug
the .c file but no one success...
Before of that, I had been working around 20 hours with the command
nfc-mfclassic using the mfd file generated by mfoc...
actual keys obtained with mfoc:
---------------------------------------------------------------------
Sector | Key A |ACTS | RESL | Key B |ACTS | RESL
---------------------------------------------------------------------
0 | 302064626664 | . R | . R | 302030303030 | . R | . R
1 | ffffffffffff | . R | . R | ffffffffffff | . R | . R
2 | ffffffffffff | . R | . R | ffffffffffff | . R | . R
3 | 303030302030 | . R | . R | 303030302030 | . R | . R
4 | 203234336620 | . R | . R | 20313864310a | . R | . R
5 | 302030303030 | . R | . R | 302030303030 | . R | . R
6 | 303020303066 | . R | . R | 323420633235 | . R | . R
7 | 303030203030 | . R | . R | 303030203030 | . R | . R
8 | 303165312063 | . R | . R | 303930302030 | . R | . R
9 | 203638326420 | . R | . R | 20626230390a | . R | . R
10 | 302030303030 | . R | . R | 302030303030 | . R | . R
11 | 383420303430 | . R | . R | 643120653237 | . R | . R
12 | ffffffffffff | . R | . R | ffffffffffff | . R | . R
13 | ffffffffffff | . R | . R | ffffffffffff | . R | . R
14 | ffffffffffff | . R | . R | ffffffffffff | . R | . R
15 | ffffffffffff | . R | . R | ffffffffffff | . R | . R
Attached files:
- original.mfd --> mfoc output when the card was working
- actual.mfd --> actual mfoc output
- keys --> actual keys
Anyone could help me?
Thanks!
**sorry for my english is not a good one...
Attachments:
actual.mfd 4.0 KB
original.mfd 4.0 KB
keys 415 bytes
