Problem with write sector magic 7 byte card. #134
Comments
|
Have you tried the "Auto Reconnect" option? |
|
Also, there is an authentication before each write block operation. |
|
Yes, i try auto reconnect, dont' work. I debug mct and i see that magic card when mct retry authorization in the sector, the card returns no success. |
|
This is a problem that the MST is authorized to each block, for example, if it is authorized to 0 block, then it is no longer necessary to re-authorize blocks 1-3, because all these blocks are included in the 0 sector, because of this, the magic card receives the Fail. I try to modify the writeBlock (II [B [BZ) I function, make two calls inside its authenticate (I [BZ) function and it works. |
|
And i have problem with magic card, when i put magic card i see mesage "new tag found uid: 11223344556677" and try click on button OK and it is dont' work only when i check option "Advanced: Enable writing to manufacturer block," Button OK don't work, if i don't check option "manufacter" that button OK work. I try change uid use option Write Block and good change. Why is not pressed button OK with option manufacturer on magic card and can say me function name ButtonOK_click() how named in source MCT, i want debug this function and find error. |
|
Please do patch in function need replace do so: |
|
My magic card 7 byte, because checkbcc return in my card 3 answer and don't change. I change this function and work now) |
|
@maxben14 Not related, but where did you get your magic 7 bit card? I’m looking for some too. |
|
And one bug when i read magic 7 byte card Can say why mct don't see keyb in sector with bits 7C3788 and how fixed this bug. |
|
I do patch in public String[] readSector(int sectorIndex, byte[] key, boolean auth = authenticate(sectorIndex, key, useAsKeyB); Problem MCT that this tools do authenticate in sector which yet authenticated and magic card on repeat authenticate return false. |
|
@ikarus23 can do patch by my information for magic card 7 byte ? |
Actually, this is not true. You can set access conditions for each block separately. So block 1 might be writable with key A and block 2 might be writable only with key B.
Thanks for the bug report. I do not have a 7 byte block 0 writable card and was therefore not able to test it. I will look into it.
That is a strange behaviour...
Right? If so, I think this an issue of the block 0 writable tags. I never experienced this before. Maybe it is best to add an option for such tags. |
Yes. |
In magic card 7 byte can random bcc byte write and card working. That is, for 7 bytes of cards this check is not needed. |
|
Thanks, but you don't have to. I can do it my own. |
|
OK, so i will fix the check of 7 byte cards. |
|
And yet one bug, if i write 2 or more sectors i get error "Error: Tag lost while checking for keys with write privileges". And problem again in authenticate in function: |
|
Ok, so when I'm going to implement this option I must consider all authentications MCT does. |
|
Yes, right) |
|
Could you try if the BCC issue is fixed in this testing version? |
|
Yes, this version change uid, but after successful change uid show error "Error: Some error occurred while writing. This could be really bad." It is error incorect, In fact, the uid has changed successfully |
|
Hmm, this must be due to an error that occoured in |
|
Yes, i can debug apk file in ida pro. |
|
For debug need in AndroidManifest add android:debuggable="true", i now decompile testing version and add this in manifest and recompile in BatchApkTool. |
|
I already pushed the changes to the master. So you could debug it by using the code and Android Studio. |
|
Yes, problem in |
|
By the way I did not understand why it is called 2 times, like it is necessary 1 time in fact to cause for change uid 0 block. |
|
@osysltd it is ultralight basic, about information it is simple ultralight not ev1. |
|
@maxben14 Could you check if this version fixes the "some error occoured" error while writing sector 0? I don't think this will fix it, but I least have to try ;) |
|
@ikarus23 , "some error" show again when change uid but uid changed) |
|
An interesting observation, if I change the 0 block is not the uid, but the end of the 0 block, then the error does not appear. |
|
Interesting indeed. Looks like whenever the UID gets changed a full tag discovery has to be triggerd. However, this is something I can not force Android to do. So the only possible solution so far is to write block 0 last. But there are trouble too, because the keys and access conditions might have changed by then (block 3 will be written before block 0)... Well, I have to come up with some clever solution. But not today. I'm tired ;) Thanks again for all the help. |
|
If that write, will help test new versions. Good luck) |
|
@maxben14 No magic ul-ev1 exists, but there is a new magic tag out. |
|
@iceman1001, can they do command read_cnt ? In our transport ev1 uses counters. And where buy on ali or ebay can link ? |
|
http://www.nxp.com/documents/data_sheet/NTAG213_215_216.pdf page45. Doesnt exist on ali, one ad on ebay, depends on where you are in the world. If in EU, I have on my shop; if elsewhere I suggest http://www.rfxsecure.com |
|
@iceman1001 , in RU. On ebay can link please. |
|
Speaking of 7 bytes magic uid cards, do you guys know of DESfire EV1 changeable UID card? |
|
@ArchangeGabriel |
@iceman1001 , i coorect understand you that there is one seller on ebay which have ntag magic ? |
|
http://www.rfxsecure.com/product/ntag-magic/ >> Ntag. http://www.rfxsecure.com/product/7byte-uid-changeable-card-with-desfire-sakatqa/ >> Desfire. there is no seller having the Ntag Magic. My research team and I are creating these chips. Rest assure you can get it from my side only. |
|
@AlienDennis OK, so if you are behind those card, can you tell me more about “Only in-house software with reader able to change the UID.”? Can’t I just write UID using libnfc and an ACR122U or Proxmark? DESfire are a bit pricey, but if they work OK that might be interesting for me. |
|
The cards have our own in-house magic command that enables you guys to change the UID. Without the magic command there is no way you guys can change the UID. Well. I got to pay wages to my research team and myself. 45 USD is considered cheap for a card like this. I only created 200 pieces of it in the world. Sold 180+ of it within the first month. So ya. |
|
Only one seller. We are not listed on ebay. Ebay takes too much of it a cut from us. Not good for us. |
|
@AlienDennis , What are the guarantees in this store rfxsecure ? Is there protection for the buyer as an ebay, that if the card has not arrived or has arrived non-working. |
Till now, we have no issues with our clients. Yet, we have met with many scammers out there previously. I live by my words and reputation. My photo and profile are over the internet. |
|
@AlienDennis , skype share please on my email maxben141 @ yandex ru |
|
I cannot find you on skype. add me. raindrops89. thank you. |
|
After a bit of thinking, I don't think there is a solution to fix the write dump behaviour for block 0 changeable tags which disconnect themselves after block 0 was changed. If I write block 0 last, the key with write privileges might not be valid anymore or block 0 is no longer writable due to the access conditions. If I don't write block 0 last, it might disconnect. Android does not notice this disconnect. And I can't find any way to force Android into rediscovering tags. Therefore, I don't think there is anything I can do to fix this. User with this issue must write block 0 separately. Maybe I will try to implement a mechanism that detects this issue and displays a suitable error message. Just a side note: I have a block 0 changeable tag that does not disconnect after writing. So there are tags out there which work perfectly fine. ;) |
|
All issues fix except the "write block 0 last" which is a duplicate. See #122. Closed. |
|
@iceman1001 , you write that "Magic ntag 213/215/216 :) which quite close..." |
|
True, NTAG doesn't have increase_counter command like UL-Ev1. Getting a magic ntag adapted with counters / increase_cnt like UL-Ev1 it is doable, but that would be a custom made card, and those are very expensive. |
|
@iceman1001, i want have this card with comand increase counter. Can you me say how many cost this card. And do you can do this card ? |
|
@iceman1001, do you can do this card on my order ? |
|
It will take some months, and cost quite a lot of money. Still, don't highjack this thread. |
I try write sector in magic 7 byte card, but if i write with option write block this good, but if i want write all sector i get error "Error: Tag lost while checking for keys with write privileges" and if i write only one sector i get error "Error: Some error occurred while writing.This could be really bad."
I think magic card want after each write block do or connect or authentificate in sector with key.
Please, can fix problem.
The text was updated successfully, but these errors were encountered: