1 (edited by wous 2014-04-04 12:57:28)

Topic: Decrypting mifare dump

Hi,

I've succesfully cracked my mifare classic 1k card with mfoc. I'm now just guessing how to decrypt the data I see with my hex editor.

This is the sector where a balance should be in, so it should be some kind of value.

ASCII

..©—.sæ¬ÿÿÿÿÿÿÿÿ
!.çè44Çæÿÿÿÿÿÿÿÿ
Ò...¾..3ÿÿÿÿÿÿÿÿ
¹.|ŒCó..ˆ.Ëž.Ó.q

HEX

81 1A A9 97 0E 73 E6 AC FF FF FF FF FF FF FF FF
 21 00 E7 E8 34 34 C7 E6 FF FF FF FF FF FF FF FF
 D2 03 00 00 BE 00 01 33 FF FF FF FF FF FF FF FF
 B9 14 7C 8C 43 F3 7F 07 88 00 CB 9E 11 D3 06 71

This is the sector in HEX. It should be in ascii 3,07. Can anyone help me out?

Thanks a lot!

Re: Decrypting mifare dump

Yes i just have understood what it does mean. What is the use of your card ? Public transport...??

just tell me and i'll tell you what it does mean. And also if you could send me the whole dumped file.

Re: Decrypting mifare dump

No, it's a card for access and payments within a company. I'm not going to send the whole dump file, because some personal information could be on it, this is a clean sector with only the balance. Please explain how to decrypt, thank you!

Re: Decrypting mifare dump

bump, can't pm you..

Re: Decrypting mifare dump

i also have a dump file id like decrypted...if anyone could help...one is mifare ultralight c and i have mifare classic...or atleast help on how to do it..i use windows with acr122u reader...ive read this reader sucks with libnfc and under kali i keep getting driver timeout errors...not really sure how to decrypt data given using smart card magic under windows need help...they are both transport cards..thanks in advance

Re: Decrypting mifare dump

You can open mfd file in hex editor like mcedit and it will hex data with decoded ASCII.

Also try use my mifare dump parser https://github.com/zhovner/mfdread it now show you ASII but show dump structure.

7 (edited by wous 2014-08-16 10:36:04)

Re: Decrypting mifare dump

noko wrote:

You can open mfd file in hex editor like mcedit and it will hex data with decoded ASCII.

Also try use my mifare dump parser, it now show you ASII but show dump structure.


As you can see, I already decoded to ASCII (with a hex editor). Just the ASCII is some random data wherein I can't find any structure or readable data. I know which sector contains which data due to comparing multiple cards, that's one step.


I hope someone can help me out

8 (edited by maho33 2014-08-27 08:07:48)

Re: Decrypting mifare dump

3,07 (307) in decimal is 01 33 in hex smile

D2 03 00 00 BE 00 -> 01 33<-  FF FF FF FF FF FF FF FF

10.00  or 1000(without comma) = 03E8 in hex
so replace your 01 33 with 03E8 and test if the current value is then 10.00 smile

Re: Decrypting mifare dump

maho33 wrote:

3,07 (307) in decimal is 01 33 in hex smile

D2 03 00 00 BE 00 -> 01 33<-  FF FF FF FF FF FF FF FF

10.00  or 1000(without comma) = 03E8 in hex
so replace your 01 33 with 03E8 and test if the current value is then 10.00 smile


That is what I needed! I had to stay with decimal in stead of ASCII. Thanks a lot!