Early chinese magic card ARE NOT COMPATIBLE at all wit nfc mobile phones (they need special commands that cannot be sent using the phone - tested). Latest chinese magic card should not need those special commands so you should be able to write them with an nfc phone (not tested).

Nfc mobile phone MUST HAVE an NXP nfc chip inside to work with mifare cards; Broadcom nfc chips ARE NOT COMPATIBLE with mifare cards (ex Galaxy S3 has nxp chip, S4 broadcom chip; your phone is compatible with all original mifare if you managed to dump the card with MCT but will only works with mifare chinese magic '2nd generation' cards). PM3 for android (proxdroid) is a software to control proxmark3 via Android but you need to buy a proxmark3 to use it but it's not so easy to set it up.

I don't know how to simulate a mifare in an nfc mobile phone, never tested that possibility and I don't know if it is actually possible. This interesting thread can have some answers about card emulation: Last edited by asper (2014-01-12 15:52:28). You must ask the seller if block0 is writable with normal write command or only using special commands, this is the only way to know if it is a 1st or2nd generation card (hoping he will tell you the truth). The 'backdoored' are usually 1st generation so you can write block0 only with pm3 or with a dedicated reader/writer; they can always be used as standard mifare with your phone but block0 will be impossible to write with your phone. Only with 2nd generation you can edit block0 with your phone (probably but not tested). If you have doubts just ask the seller. Last edited by asper (2014-01-12 23:45:03).

2008 年的时候，荷兰恩智浦（NXP）公司开发的 RFID 产品 Mifare Classic 就被破解了，黑历史在这里就不在具体说了，想详细了解. How to Crack Mifare Classic Cards. How to Crack Mifare. If you manage to crack all the keys you can see the HEX encoded contents of the key on your terminal and. 2008 年的时候，荷兰恩智浦（NXP）公司开发的 RFID 产品 Mifare Classic 就被破解了，黑历史在这里就不在具体说了，想详细了解.

I was successfully able to copy my Mifare Classic 1K onto this card. Now I am just trying to figure out what the data on Sector 0 represents. If I am able to figure that out, then possibly I can guess someone elses Sector 0 and copy their card without having their card in hand. I know the Sector 0 contains the UID, but the UID doesn't really mean anything right now.

Honeywell Dial Set Chronotherm Manual Meat there. Like it doesn't match any number on the card. Still trying to figure this out. Thanks for the help everyone, I am happy that I have successfully gotten to this point. If you do not have the keys for your card, you will probably need to use proxmark to bruteforce the keys.

For me, I got lucky because both of my keys were common keys so I did not have to use a proxmark in my case. I used the Mifare Classic Tool to dump the data from my card onto my phone using the default keys. Then I looked at the data and the data only existed on Sector 0 but on most cards Sector 0 is not writeable so I purchased a UID changeable card in which Sector 0 can be changed. I used Mifare Classic Tool again to copy the dump from my phone to my UID changeable card. I selected the option to also write Sector 0 to the card. I was successful in being able to copy a Mifare Classic 1K onto a blank UID changeable card.

So I am not exactly sure about your case because this was my first attempt at anything related to RFID but I am pretty sure if you don't have the keys you will have to brute them which can't be done by phone, so you will probably need proxmark. Hi, I think I managed to dump my card by brute forcing the keys. No need for a proxmark, just used mfoc (only 5 min.). According to some other sources, mfcuk would be faster, but it has been running for 25min now on only one sector and hasn't found anything yet. According to the people of my company, they use payment saldo's on the card only.

So no central database, I would like to find a way to 'decrypt' the HEX-values on my card to read out my current money saldo. Any thoughts?