flipperzero-good-faps icon indicating copy to clipboard operation
flipperzero-good-faps copied to clipboard

Published 20 hours ago verified publisher icon flipperdevices

[NFC Magic] Add support for backdoor read commands for Gen 1A/1B tags

Open mishamyte opened this issue 1 year ago • 5 comments

Description of the feature you're suggesting.

Overview:

Right now NFC Magic app supports next functionality for magic tags:

  • Detection
  • Writing
  • Wiping

It would be nice to add also support of read backdoor command. For that case flow of reading could be simplified. Instead of trying to authenticate with user dictionary + standard dictionary, tag could be read fully with a backdoor command.

Usage steps:

  1. Check if tag is magic Gen 1A/1B (existing functionality)
  2. Select read (for implementation)
  3. If tag was read without problems (potential problems while reading should be an extra investigation points), user could have a possibility to save the dump (and next steps should be done using standard Flipper's NFC experience)
  4. [Optional]: As a follow up for step 3, found keys could be added into user's dictionary (automatically or with user confirmation, validation for key existence in dictionary should be done)

Tech details for read commands:

  • Gen 1A: 40(7), 43, 30xx + crc
  • Gen 1B: 40(7), 30xx + crc (need validate should crc be present here)

Potential problems: Now detection of Gen 1 tags is done, using 40(7) command and concrete type (Gen1A/Gen1B) is not detected. For read it could be done via iteration through the read sequence for Gen1A, if didn't worked - for Gen1B. Which could ruin UX from the PoV of waiting time.

Implementation in existing products: It is implemented at least in next solutions:

  • Proxmark3 - cview command
  • TMD-5S - it is used by default, if magic tag is detected

Anything else?

No response

mishamyte avatar Jun 13 '23 14:06 mishamyte

+1 on this, would really like to see this as a feature.

Using this without reading is frustrating :<

sealldeveloper avatar Oct 05 '23 08:10 sealldeveloper

I also want this feature. I have the possibility to use a card printer/writer. And this way would make it very easy for me to get the B keys as I just can write/print to an gen1a magic card.

Maybe this issue should be on the apps repo and not firmware as nfc magic is an standalone app there?

spetzreborn avatar Apr 13 '24 21:04 spetzreborn

Latest version NfcMagic support gen1/gen2 writing.

skotopes avatar Apr 14 '24 12:04 skotopes

@skotopes I'm sorry, but the issue was about the backdoor read, which is still now implemented.

I agree that it would be better to have it in good faps repo.

Would it be good if I will reopen it there as a feature proposal?

mishamyte avatar Apr 14 '24 17:04 mishamyte

@mishamyte I've reopened and moved it to appropriate repository.

skotopes avatar Apr 14 '24 17:04 skotopes