-
Notifications
You must be signed in to change notification settings - Fork 170
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue with MIFARE Ultralight EV1 Emulation: Missing Data in Pages 18 and 19 #238
Comments
I have a second issue but since it could be related I will add it here, and if it is not I will move it to a new one. Describe the bug Is there a way to use proxmark dumps directly ? To Reproduce
Expected behavior Hex Dumps for Reference: Proxmark
Chameleon Dump:
|
is the slot configured as a 4k or 1k? |
I am not sure to understand, since it's a Ultralight Ev1 I used the those commands: |
Try setting the slot type to a 4k card and then loading the dump, should work too |
After further testing, here’s an update:
Here's a comparison of the hexdumps for reference:
After preparing the file in this manner, I loaded it into the Chameleon without any errors or warnings using the following commands:
Though I had to set up the econfig values manually (which is quite tedious), the emulation finally worked, and the Chameleon successfully unlocked the door. Key takeaways and issues identified:
@GameTec-live, could you advise if the roadmap and documentation are up-to-date? I’m open to contributing by exploring the possibility of adding Proxmark dump import support for the Chameleon. This could also automate econfig population from the imported dump. I could also investigate the incomplete block dump issue, though I’m relatively new to NFC/RFID and haven't worked on embedded systems in a long time, so I can’t guarantee significant contributions yet. |
Well, first off, sorry, i totally missed that your talking about ultralight (ig i shouldnt respond to issues on my phone at 6am lmao). |
No worries thank you for your help and informations. |
in the gui imports are still missing mfu support, didnt have the time yet. |
I could read the tag uid, but not dump the content since it's password protected. |
the cu doesnt support sniffing, yep |
Добрый вечер. Можно добавить пароль вручную. Но где его взять? Как его достать из считывателя? Good evening. You can add a password manually. But where can I get it? How do I get it out of the reader? |
@198sashko1 In English please |
Good evening. You can add a password manually. But where can I get it? How do I get it out of the reader? |
Describe the bug
When attempting to emulate a MIFARE Ultralight EV1 48-byte tag, the ChameleonUltra is missing data on pages 18 and 19. One of these pages contains the tag's password, which seems necessary for authentication. Emulating this tag with the ChameleonUltra fails to unlock the door, suggesting missing or incorrect data.
To Reproduce
Steps to reproduce the behavior:
[usb] pm3 --> hf mfu dump -k 8D322569 --ns
[USB] chameleon --> hf mfu dump -k 8D322569
00000000
instead of the expected values (8D322569
in page 18 andEC2F0000
in page 19).Expected behavior
The ChameleonUltra should accurately replicate all data pages of the MIFARE Ultralight tag, including pages 18 and 19, to enable successful emulation and authentication.
Screenshots
Proxmark Output:
ChameleonUltra Output:
Host (please complete the following information):
Additional context
I am unsure if there’s an additional configuration step required or if this is a firmware issue. Any insights on how to address missing data for pages 18 and 19 would be appreciated. Thank you!
The text was updated successfully, but these errors were encountered: