I have a CRT-603-CZ1 smart card reader and I want to read 16 bytes of block 4 of a classic 1k Mifare contactless card. The authentication keys are the defualt values (i.e 0xFFFFFFFFFFFF). So I must send 3 commands to the reader as below :
Load Key APDU command
Authenticate APDU command
Read Block Data
(The corresponding APDU commands are mentioned in the above manual.)
In order to send above APDU commands, I used OpenSCTool and you can see the result in the following:
OpenSCTool:> OSC.exe -s FF82000006FFFFFFFFFFFF -s FF860000050100046000 -s FFB000
0410
Using reader with a card: CREATOR CRT-603 (CZ1) CCR RF 0
Failed to connect to card: Card is invalid or cannot be handled
OpenSCTool:> OSC.exe -s FF82000006FFFFFFFFFFFF -s FF860000050100046000 -s FFB000
0410
Using reader with a card: CREATOR CRT-603 (CZ1) CCR RF 0
Sending: FF 82 00 00 06 FF FF FF FF FF FF
Received (SW1=0x90, SW2=0x00)
Sending: FF 86 00 00 05 01 00 04 60 00
Received (SW1=0x90, SW2=0x00)
Sending: FF B0 00 04 10
Received (SW1=0x90, SW2=0x00):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
OpenSCTool:> OSC.exe -s FF82000006FFFFFFFFFFFF -s FF860000050100046000 -s FFB000
0410
Using reader with a card: CREATOR CRT-603 (CZ1) CCR RF 0
Failed to connect to card: Card is invalid or cannot be handled
OpenSCTool:> OSC.exe -s FF82000006FFFFFFFFFFFF -s FF860000050100046000 -s FFB000
0410
Using reader with a card: CREATOR CRT-603 (CZ1) CCR RF 0
Sending: FF 82 00 00 06 FF FF FF FF FF FF
Received (SW1=0x90, SW2=0x00)
Sending: FF 86 00 00 05 01 00 04 60 00
Received (SW1=0x90, SW2=0x00)
Sending: FF B0 00 04 10
Received (SW1=0x90, SW2=0x00):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
OpenSCTool:> OSC.exe -s FF82000006FFFFFFFFFFFF -s FF860000050100046000 -s FFB000
0410
Using reader with a card: CREATOR CRT-603 (CZ1) CCR RF 0
Failed to connect to card: Card is invalid or cannot be handled
OpenSCTool:> OSC.exe -s FF82000006FFFFFFFFFFFF -s FF860000050100046000 -s FFB000
0410
Using reader with a card: CREATOR CRT-603 (CZ1) CCR RF 0
Sending: FF 82 00 00 06 FF FF FF FF FF FF
Received (SW1=0x90, SW2=0x00)
Sending: FF 86 00 00 05 01 00 04 60 00
Received (SW1=0x69, SW2=0x83)
Sending: FF B0 00 04 10
Received (SW1=0x69, SW2=0x82)
OpenSCTool:>
As you see above, I tried these there commands more than one time. but I didn't receive the same response.
Sometimes I receive an error "Failed to connect to card: Card is invalid or cannot be handled"
Sometimes all three command return 0x9000,0x9000 and 0x9000 as the status words.
And sometimes I receive 0x9000, 0x6983 and 0x6982 as the APDU response status words.
Note that I don't change anything about the reader or card during repeating above command. Everything is fixed.
What's wrong?
Update:
Note that this reader has a tool that it works fine for the same APDU commands. Look:
These are contents of log section:
SCardTransmit...OK Send Buffer : FF B0 00 04 10 Receive Buffer : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00
SCardTransmit...OK Send Buffer : FF 82 00 00 06 FF FF FF FF FF FF Receive Buffer : 90 00
SCardTransmit...OK Send Buffer : FF 86 00 00 05 01 00 04 60 00 Receive Buffer : 90 00
SCardTransmit...OK Send Buffer : FF B0 00 04 10 Receive Buffer : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00
SCardTransmit...OK Send Buffer : FF 82 00 00 06 FF FF FF FF FF FF Receive Buffer : 90 00
SCardTransmit...OK Send Buffer : FF 86 00 00 05 01 00 04 60 00 Receive Buffer : 90 00
SCardTransmit...OK Send Buffer : FF B0 00 04 10 Receive Buffer : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00
SCardTransmit...OK Send Buffer : FF 82 00 00 06 FF FF FF FF FF FF Receive Buffer : 90 00
SCardTransmit...OK Send Buffer : FF 86 00 00 05 01 00 04 60 00 Receive Buffer : 90 00
SCardTransmit...OK Send Buffer : FF B0 00 04 10 Receive Buffer : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00
SCardTransmit...OK Send Buffer : FF 82 00 00 06 FF FF FF FF FF FF Receive Buffer : 90 00
SCardTransmit...OK Send Buffer : FF 86 00 00 05 01 00 04 60 00 Receive Buffer : 90 00
SCardTransmit...OK Send Buffer : FF B0 00 04 10 Receive Buffer : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00
SCardTransmit...OK Send Buffer : FF 82 00 00 06 FF FF FF FF FF FF Receive Buffer : 90 00
SCardTransmit...OK Send Buffer : FF 86 00 00 05 01 00 04 60 00 Receive Buffer : 90 00
SCardTransmit...OK Send Buffer : FF B0 00 04 10 Receive Buffer : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00
SCardTransmit...OK Send Buffer : FF 82 00 00 06 FF FF FF FF FF FF Receive Buffer : 90 00
SCardTransmit...OK Send Buffer : FF 86 00 00 05 01 00 04 60 00 Receive Buffer : 90 00
SCardTransmit...OK Send Buffer : FF B0 00 04 10 Receive Buffer : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00
SCardTransmit...OK Send Buffer : FF 82 00 00 06 FF FF FF FF FF FF Receive Buffer : 90 00
SCardTransmit...OK Send Buffer : FF 86 00 00 05 01 00 04 60 00 Receive Buffer : 90 00
SCardTransmit...OK Send Buffer : FF B0 00 04 10 Receive Buffer : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00
SCardTransmit...OK Send Buffer : FF 82 00 00 06 FF FF FF FF FF FF Receive Buffer : 90 00
SCardTransmit...OK Send Buffer : FF 86 00 00 05 01 00 04 60 00 Receive Buffer : 90 00
SCardTransmit...OK Send Buffer : FF B0 00 04 10 Receive Buffer : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00
SCardTransmit...OK Send Buffer : FF 82 00 00 06 FF FF FF FF FF FF Receive Buffer : 90 00
SCardTransmit...OK Send Buffer : FF 86 00 00 05 01 00 04 60 00 Receive Buffer : 90 00
SCardTransmit...OK Send Buffer : FF B0 00 04 10 Receive Buffer : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00
SCardTransmit...OK Send Buffer : FF 82 00 00 06 FF FF FF FF FF FF Receive Buffer : 90 00
SCardTransmit...OK Send Buffer : FF 86 00 00 05 01 00 04 60 00 Receive Buffer : 90 00
SCardTransmit...OK Send Buffer : FF B0 00 04 10 Receive Buffer : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00
As you see, all the response for different tries are equal.
So
can I conclude "There is no problem with the reader, and there is a problem with the OpenSCTool"?
How can I solve this issue?
Update 2:
I wrote a Python program using PySCard library to send above three commands in a row for 5 times. And all the five series have successful equal result (i.e 0x9000 for all 5*3 =15 commands). So it seems that there is problem with OpenSCTool.but I don't know what is the problem and why it respond like this.
Related
I have a MIFARE Classic 1k, I used a reader to read everything on the card and would like to encode any data I write to it in NDEF so it can be read by a phone. I can only manually write the bytes atm and don't really know where to go from here. (I removed the data i wrote and replaced it with zeroes because it was sensitive)
Tried using different software but it seems like im the only one who wants such a weird thing done, here is the dump of the card. I do know the 16 sectors are separated by the KeyA ACs and KeyB (...FFFFF078069FFF...) Each sector being four blocks long ending in the keys, and all sector zero is used for is manufacturer info and UID.
Block 0: 77 57 DF D7 28 08 04 00 62 63 64 65 66 67 68 69
Block 1: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 2: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 3: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 5: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 6: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 7: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
Block 8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 9: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 11: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
And so on until block 63...
I want to write to a mifare classic 4k, using the following APDU command (UPDATE BINARY):
APDU = {FF D6 00 20 10 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0Fh}
It seems fine as a get a 90 00 result...
but when i read the card back I always got the following (even with different data...):
sector: 8 (block 32), auth OK
032: D5 41 00 EA 00 FF 13 3E 86 6A 00 00 00 00 69 FF
033: D5 41 00 EA 00 FF 13 3E 86 6A 00 00 00 00 69 FF
034: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
035: 00 00 00 00 00 00 FF 07 80 69 FF FF FF FF FF FF
where does this string D5 41 00 EA 00 FF 13 3E 86 6A 00 00 00 00 69 FF come from?
Note that i didn't change any setting on the card and was properly authenticated. It was a blank card and i didn't touch the trailer.
I m using a ACR122 reader (this command comes direct from the documentation of the reader...)
Ok i found my problem, i was setting the wrong size for the cbSendLength parameter in SCardTransmit.
Now i set the correct one (the whole size of the APDU command: 21) and it works fine.
Sorry.
I followed this tutorial to the letter, but I'll to explain in detail what steps I took exactly. I have an ECP5-evaluation 85k board.
I soldered bridges on R34/R35 (RX/TX) and R21 (connects LED D1 to RXD)
I used my windows installation to run the latest version of FT_PROG. In FT_PROG I went to FT_EEPROM -> Hardware Specific -> Port B -> Hardware and set it to RS232 and hit program. It completed succesfully according to the software.
Then I forwarded the USB port to my virtual box linux machine. It recognizes the board and I can succesfully run verilog files on it.
I ran ./raw_serial.sh to upload raw_serial.v to my board which is supposed to repeatedly print A to the serial monitor.
I then opened minicom on /dev/ttyUSB1 and it recognizes the device, baudrate is set correctly.
I then tried to use cu as follows: sudo chmod 666 /dev/ttyUSB1 && sudo cu -l /dev/ttyUSB2 -s 115200. It opens a terminal and says it is connected.
Led D1 is lighting up and both terminal programs indicate that the connection is succesful (I tried one of them at a time of course). Nothing is printed to the screen. When I use minicom and reupload raw_serial.v some <?> signs are printed to the screen but that's it. I tried turning echo on and off but nothing seems to work.
The following worked for me and it will probably work for others too. I'm assuming you're using openocd.
Do not use FT_PROG in windows, it doesn't seem to actually flash the FTDI chip. However, it lets you read back the hex dump that was supposed to be flashed to the chip. The hex dump for the unchanged EEPROM as it comes out of the box is as follows:
00000000 01 08 03 04 10 60 00 07 C0 FA 08 00 11 11 9A 10 .....`..Àú....š.
00000010 AA 3C E6 12 00 00 00 00 56 00 00 00 00 00 00 00 ª<æ.....V.......
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000050 00 00 00 00 00 00 02 03 00 00 00 00 00 00 00 00 ................
00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000090 00 00 00 00 00 00 00 00 00 00 10 03 4C 00 61 00 ............L.a.
000000A0 74 00 74 00 69 00 63 00 65 00 3C 03 4C 00 61 00 t.t.i.c.e.<.L.a.
000000B0 74 00 74 00 69 00 63 00 65 00 20 00 45 00 43 00 t.t.i.c.e. .E.C.
000000C0 50 00 35 00 20 00 45 00 76 00 61 00 6C 00 75 00 P.5. .E.v.a.l.u.
000000D0 61 00 74 00 69 00 6F 00 6E 00 20 00 42 00 6F 00 a.t.i.o.n. .B.o.
000000E0 61 00 72 00 64 00 12 03 46 00 54 00 32 00 55 00 a.r.d...F.T.2.U.
000000F0 59 00 54 00 4A 00 56 00 00 00 00 00 00 00 FC 27 Y.T.J.V.......ü'
I just post this here for future reference, we're not going to use the stock eeprom.
We need to flash the eeprom to RS232-HS mode. To do so, we must first change the hex dump of the eeprom accordingly. To put channel B in RS232-HS mode we need to change the last column of the last row from ' to |. Create a hex file called eeprom_RS232.bin with the following contents:
00000000 01 08 03 04 10 60 00 07 C0 FA 08 00 11 11 9A 10 .....`..Àú....š.
00000010 AA 3C E6 12 00 00 00 00 56 00 00 00 00 00 00 00 ª<æ.....V.......
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000050 00 00 00 00 00 00 02 03 00 00 00 00 00 00 00 00 ................
00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000090 00 00 00 00 00 00 00 00 00 00 10 03 4C 00 61 00 ............L.a.
000000A0 74 00 74 00 69 00 63 00 65 00 3C 03 4C 00 61 00 t.t.i.c.e.<.L.a.
000000B0 74 00 74 00 69 00 63 00 65 00 20 00 45 00 43 00 t.t.i.c.e. .E.C.
000000C0 50 00 35 00 20 00 45 00 76 00 61 00 6C 00 75 00 P.5. .E.v.a.l.u.
000000D0 61 00 74 00 69 00 6F 00 6E 00 20 00 42 00 6F 00 a.t.i.o.n. .B.o.
000000E0 61 00 72 00 64 00 12 03 46 00 54 00 32 00 55 00 a.r.d...F.T.2.U.
000000F0 59 00 54 00 4A 00 56 00 00 00 00 00 00 00 FC 27 Y.T.J.V.......ü|
Now, we need to flash this eeprom to our ECP5 using Anton's method. To do this, first create a file ftdi_RS232.conf with the following contents:
vendor_id=0x403
product_id=0x6010
filename="eeprom_RS232.bin"
flash_raw=true
With the following command we can flash to our ECP5: ftdi_eeprom --flash-eeprom ftdi_RS232.conf. Should we ever want to revert back to the stock eeprom, we can easily repeat this method with the hex dump given in step 1.
Now it's time to flash the verilog file. However, the device description of the ECP5 has changed from Lattice ECP5 Evaluation Board to Dual RS232-HS. We need to tell openocd to look for that specific device. Start by creating a file ecp5.cfg with the following contents:
# this supports ECP5 Evaluation Board
interface ftdi
ftdi_device_desc "Dual RS232-HS"
ftdi_vid_pid 0x0403 0x6010
# channel 1 does not have any functionality
ftdi_channel 0
# just TCK TDI TDO TMS, no reset
ftdi_layout_init 0xfff8 0xfffb
reset_config none
# default speed
adapter_khz 5000
# ECP5 device - LFE5UM5G-85F
jtag newtap ecp5 tap -irlen 8 -expected-id 0x81113043
Then, create your svf file as you usually do and flash it with the following command:
sudo --preserve-env=PATH env openocd -f ./ecp5.cfg -c "transport select jtag; init; svf raw_serial.svf; exit"
Finally, we can open a terminal to read the serial output of the ECP5. Personally, I like to use minicom: sudo chmod 666 /dev/ttyUSB0 && minicom -D /dev/ttyUSB0.
One more problem with the raw_serial.v example was that it doesn't use a baudrate of 115200 as the readme suggests but 19200. The clock that is connected to the FTDI chip runs at 12 MHz. If you want a baudrate of 115200 you need to send a bit every 12,000,000 / 115,200 ~= 104 ticks. This means you need to change line 14 to if (counter == 104) begin.
With an unused RFID card (MIFARE Classic 1K) that I had found in my old wallet, I've decided to clone it onto a blank card.
After executing nfc-mfclassic w X u <Original Card file name> <Blank Card file name>, I did a mfoc -O on the newly cloned blank card and the result was that everything was identically cloned as the original card. However I noticed that when comparing the dump of the newly cloned card to the dump of the clean blank card, I observed that the value of sector 0 was not cloned during the process of cloning using the nfc-mfclassic w X u command. I understand that the manufacturer block on blank cards, the manufacturer block can be clone but why in this example it's not doing that?
Below is the hex dump of the clean blank card before it was cloned.
00000000 de a0 ca 73 c7 08 04 00 01 23 8e aa 37 1d 58 1d |...s.....#..7.X.|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000030 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff |.........i......|
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000070 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff |.........i......|
00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000b0 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff |.........i......|
000000c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000f0 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff |.........i......|
00000100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000130 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff |.........i......|
00000140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000170 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff |.........i......|
00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001b0 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff |.........i......|
000001c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001f0 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff |.........i......|
00000200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000220 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000230 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff |.........i......|
00000240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000250 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000260 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000270 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff |.........i......|
00000280 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000290 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000002a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000002b0 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff |.........i......|
000002c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000002d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000002e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000002f0 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff |.........i......|
00000300 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000310 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000320 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000330 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff |.........i......|
00000340 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000350 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000360 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000370 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff |.........i......|
00000380 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000390 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000003a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000003b0 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff |.........i......|
000003c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000003d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000003e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000003f0 ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff |.........i......|
00000400
The first block of sector 0 of MIFARE Classic cards is the manufacturer block. This block is read-only on regular card hardware and, thus, cannot be cloned since you cannot write it to another card.
However, there exists special hardware (dedicated card emulators, like Proxmark, and special MIFARE Classic tags from other manufacturers, so-called Chinese clone cards) which allow writing to the manufacturer block. You could use such dedicated hardware to store a clone of a genuine card incuding the first block.
currently I try to reimplement a C application in go. Part of the C application is to send a string to a multicast group. This produces the following packet captured via tcpdump:
00000000 d4 c3 b2 a1 02 00 04 00 00 00 00 00 00 00 00 00 |................|
00000010 ff ff 00 00 01 00 00 00 14 81 06 56 47 2c 01 00 |...........VG,..|
00000020 46 00 00 00 46 00 00 00 33 33 00 02 10 01 04 ce |F...F...33......|
00000030 ef ca fe 1a 86 dd 60 00 00 00 00 10 11 01 fe 80 |......`.........|
00000040 00 00 00 00 00 00 06 ce ef ff fe ca fe 1a ff 02 |................|
00000050 00 00 00 00 00 00 00 00 00 00 00 02 10 01 be 8f |................|
00000060 03 e9 00 10 99 68 6e 6f 64 65 69 6e 66 6f |.....hnodeinfo|
I tried to replicate the behavior with the following code:
const MultiCastGroup string = "ff02:0:0:0:0:0:2:1001"
const Port int = 1001
const Proto string = "udp6"
const MaxDataGramSize int = 8192
var announcedAddr = &net.UDPAddr{IP: net.ParseIP(MultiCastGroup), Port: Port}
buf := []byte("nodeinfo")
unicastConn, _ := net.ListenUDP(Proto, &net.UDPAddr{IP: net.IPv6zero, Port: 0})
unicastConn.WriteToUDP(buf, announcedAddr)
But the I don't think that it is working, because all I can capture from this via tcpdump is:
00000000 d4 c3 b2 a1 02 00 04 00 00 00 00 00 00 00 00 00 |................|
00000010 ff ff 00 00 01 00 00 00 |........|
00000018
It doesn't seem that the packet is even send. I tried this on a Debian Wheezy machine. Did anyone if you encounter a similar problem with golang and UDP?
Thanks in advance
Did you try to listen for it on another host?
Go (at least in 1.4) had a hard coded disable of loopback on multicast. Which means that, you can't see your own packets.
You can override this by calling setsockopt on the socket FD itself, or:
The golang.org/x/net/ipv6 library can do this for you.
Or you can take the code from Here (have to poke around to find it)