This tested consisted in tempering with a dump by modifying either the checksum, or the balances stored on the card, and checking if the machine could read the card. Attack 1: Double spending Now that we know where the current balance is located on the card, we can perform a very simple attack: the double spending. Each of these sectors has 3 blocks of data storage and 1 block for storing the secret access keys and access controls. This process was then repeated many times for different types of transactions over the course of a few days. Please contact your licensing partner once to verify the license keys. These items can be purchased from various online shops around the world. A 32bit driver will not work under 64 bit system, and vice versa, 64bit driver will not work under 32bit system.
The file shows all 16 sectors. Conclusion I really love the EasyCard, I think it is a great system in principle. Are you new to LinuxQuestions. Follow the instruction from Veritas Storage Administrator's Guide but still fail. Their memory structure is pretty simple: the card is divided into N sectors which are composed of 4 blocks. In addition, following some unknown rule-set, duplicates are sometimes stored of the same transaction.
To really have a chance at deciphering the data on the card we need to find a way to clearly visualize the card contents. EasyDump The script is available for download. The EasyCard corporation urgently needs to fix this. Destroyed Card Data Extraction With EasyDump This write-up would not be complete without a script! B sector 3 keys 0000100: be01 0000 0000 0000 0000 0000 0000 00ff. Software Well, is the center piece of the whole operation. This is the directory where the project will be built.
Users should inspect red variables making sure the values are correct. The lists as latest nfc-eventd-0. Be careful when writing a direct block because if you overwrite the last block of a sector the one containg the keys , your tag will be irreversible damaged. So you can also create a full memory dump of your tag and when you have no credits left, reflash the old image and your credits will be reset. Your advice Windows or Kali Linux uses better? In fact I bought a new EasyCard in April of 2014 and I can confirm it is still a Mifare Classic 1k card.
After examining other tags for the same vending machine I noticed that these all have different keys. For a full list of EasyCard applications I invite you to check out their official website. Dumping the tag content Mifare Classic tags are more or less like wireless memory cards. While the encryption system on the cards had been cracked, any use of the hacked cards to make transactions will be detected, which allows us to stop any acts of thefts immediately and prevent hackers from taking advantages of the cards. When all keys are found, the program will store them in the keys directory. This card was subsequently destroyed to ensure that I had no modified cards in my possession. The database information can then be used to securely process the transaction with a high level of integrity.
Some other cool tools are needed of course for some serious hex hacking: like ghex, kdiff3, vbindiff… But, whatever. The big big issue here is that the EasyCard does not implement any real-time integrity checks against a back-end database. . This attack is implemented into the mfoc tool, which relies on libnfc. But stay within the law, pls. We can go on a shopping spree! The only differences are on blocks 0xC and 0x12.
The program will start to crack the keys of the card. . . Another method is to reflash the captured output of mfoc via nfc-mfclassic: nfc-mfclassic w B output. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. If you manage to derive the key from the captures below please contact me so I can verify it with other tags.
Let's try it on our coffee card: mfoc -O dump. Some useful commands: sudo mfoc - o mycard. . This work has been done for research purpose only, and shall not be used for profit. . You may ask yourself why I am writing this post. One of the first things I tried to figure out was how I could see the remaining balance on my EasyCard.