Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Sorry - I am perfectly confused at this point - Somehow I got the impression that NTAG213 could spit out "anything"
The access card I try to copy onto it is a Mifare Classic 1k where only this data is checked:
[+] UID: 22 xx xx xx
[+] ATQA: 00 04
[+] SAK: 08 [2]
Then I have this NTAG below:
And right now, I am not sure whatever I should just try to make it have the same seven first bytes, or if it can somehow start to act/look as an Mifare - having an 4-byte UID , ATQA and SAK ...
Or am I completely lost, or an NTAG213 can't be used for this purpose?
NTAG213
pm3 --> hf mfu info
[=] --- Tag Information --------------------------
[=] -------------------------------------------------------------
[+] TYPE: NTAG 213 144bytes (NT2H1311G0DU)
[+] UID: 04 5A 62 7A 42 70 81
[+] UID[0]: 04, NXP Semiconductors Germany
[+] BCC0: B4 (ok)
[+] BCC1: C9 (ok)
[+] Internal: 48 (default)
[+] Lock: 00 00 - 0000000000000000
[+] OneTimePad: E1 10 12 00 - 11100001000100000001001000000000
[=] --- NDEF Message
[+] Capability Container: E1 10 12 00
[+] E1: NDEF Magic Number
[+] 10: version 0.1 supported by tag
[+] : Read access granted without any security / Write access granted without any security
[+] 12: Physical Memory Size: 144 bytes
[+] 12: NDEF Memory Size: 144 bytes
[+] Additional feature information
[+] 00
[+] 00000000
[+] xxx - 00: RFU (ok)
[+] x - 00: don't support special frame
[+] x - 00: don't support lock block
[+] xx - 00: RFU (ok)
[+] x - 00: IC don't support multiple block reads
[=] --- Tag Counter
[=] [02]: 00 00 00
[+] - BD tearing ( ok )
[=] --- Tag Signature
[=] IC signature public key name: NXP NTAG21x (2013)
[=] IC signature public key value: 04494E1A386D3D3CFE3DC10E5DE68A499B1C202DB5B132393E89ED19FE5BE8BC61
[=] Elliptic curve parameters: NID_secp128r1
[=] TAG IC Signature: 0A15C4CBFF0212CD43FD0406CF2BFF04F03981FC9D212BE155BD4195751C7983
[+] Signature verification ( successful )
[=] --- Tag Version
[=] Raw bytes: 00 04 04 02 01 00 0F 03
[=] Vendor ID: 04, NXP Semiconductors Germany
[=] Product type: 04, NTAG
[=] Product subtype: 02, 50pF
[=] Major version: 01
[=] Minor version: 00
[=] Size: 0F, (256 <-> 128 bytes)
[=] Protocol type: 03, ISO14443-3 Compliant
[=] --- Tag Configuration
[=] cfg0 [41/0x29]: 04 00 00 FF
[=] - strong modulation mode disabled
[=] - pages don't need authentication
[=] cfg1 [42/0x2A]: 00 05 00 00
[=] - Unlimited password attempts
[=] - NFC counter disabled
[=] - NFC counter not protected
[=] - user configuration writeable
[=] - write access is protected with password
[=] - 05, Virtual Card Type Identifier is default
[=] PWD [43/0x2B]: 00 00 00 00 - (cannot be read)
[=] PACK [44/0x2C]: 00 00 - (cannot be read)
[=] RFU [44/0x2C]: 00 00 - (cannot be read)
[+] --- Known EV1/NTAG passwords
[+] Found default password FF FF FF FF pack 00 00
[=] ------------------------ Fingerprint -----------------------
[=] Reading tag memory...
[=] ------------------------------------------------------------
Thank you for clarifying this.
It's excessive reading that gave me the impression that some UID's that could be set, could make it look just as another card - as if some specific first byte(s) of UID defined the manufacturer.