libnfc
libnfc copied to clipboard
Published
20 hours ago •
nfc-tools
nfc-tools
Failure to write to data block 4
I am using libnfc master (with patch from https://github.com/nfc-tools/libnfc/pull/561), on an ACS / ACR122U reader, and trying to write to a card with rewritable UID. The write fails with:
$ nfc-mfclassic W a dump.fx.9ed9be0d nom_badge_vierge.dmp
NFC reader: ACS / ACR122U PICC Interface opened
Found MIFARE Classic card:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
UID (NFCID1): d6 75 8d 29
SAK (SEL_RES): 08
Guessing size: seems to be a 1024-byte card
Sent bits: 50 00 57 cd
Sent bits: 40 (7 bits)
Warning: Unlock command [1/2]: failed / not acknowledged.
Writing 64 blocks |Failure to write to data block 4
x
The cards I am trying to write to are these with rewritable UID, I believe they are gen B / second generation: https://www.amazon.fr/Lot-badges-Rfid-Mif-13-56Mhz/dp/B07GD5BQ1T
Verbose output:
$ LIBNFC_LOG_LEVEL=3 nfc-mfclassic W a dump.fx.9ed9be0d nom_badge_vierge.dmp
debug libnfc.config Parse error on line #1: allow_intrusive_scan=yes
debug libnfc.config Unable to open directory: /usr/local/Cellar/libnfc/HEAD-f8b2852/etc/nfc/devices.d
debug libnfc.general log_level is set to 3
debug libnfc.general allow_autoscan is set to true
debug libnfc.general allow_intrusive_scan is set to false
debug libnfc.general 0 device(s) defined by user
debug libnfc.driver.acr122_usb device found: Bus 020 Device 006 Name ACS ACR122
debug libnfc.general 1 device(s) found using acr122_usb driver
debug libnfc.driver.acr122_usb 3 element(s) have been decoded from "acr122_usb:020:006"
debug libnfc.driver.acr122_usb TX: 62 00 00 00 00 00 00 01 00 00
debug libnfc.driver.acr122_usb RX: 80 02 00 00 00 00 00 00 81 00 3b 00
debug libnfc.driver.acr122_usb ACR122 PICC Operating Parameters
debug libnfc.driver.acr122_usb TX: 6f 05 00 00 00 00 00 00 00 00 ff 00 51 00 00
debug libnfc.driver.acr122_usb RX: 80 02 00 00 00 00 00 00 81 00 90 00
debug libnfc.chip.pn53x GetFirmwareVersion
debug libnfc.driver.acr122_usb TX: 6f 07 00 00 00 00 00 00 00 00 ff 00 00 00 02 d4 02
debug libnfc.driver.acr122_usb RX: 80 08 00 00 00 00 00 00 81 00 d5 03 32 01 06 07 90 00
debug libnfc.chip.pn53x SetParameters
debug libnfc.driver.acr122_usb TX: 6f 08 00 00 00 00 00 00 00 00 ff 00 00 00 03 d4 12 14
debug libnfc.driver.acr122_usb RX: 80 04 00 00 00 00 00 00 81 00 d5 13 90 00
debug libnfc.general "ACS / ACR122U PICC Interface" (acr122_usb:020:006) has been claimed.
debug libnfc.chip.pn53x ReadRegister
debug libnfc.driver.acr122_usb TX: 6f 11 00 00 00 00 00 00 00 00 ff 00 00 00 0c d4 06 63 02 63 03 63 0d 63 38 63 3d
debug libnfc.driver.acr122_usb RX: 80 09 00 00 00 00 00 00 81 00 d5 07 80 80 00 00 00 90 00
debug libnfc.chip.pn53x RFConfiguration
debug libnfc.driver.acr122_usb TX: 6f 09 00 00 00 00 00 00 00 00 ff 00 00 00 04 d4 32 01 00
debug libnfc.driver.acr122_usb RX: 80 04 00 00 00 00 00 00 81 00 d5 33 90 00
debug libnfc.chip.pn53x RFConfiguration
debug libnfc.driver.acr122_usb TX: 6f 09 00 00 00 00 00 00 00 00 ff 00 00 00 04 d4 32 01 01
debug libnfc.driver.acr122_usb RX: 80 04 00 00 00 00 00 00 81 00 d5 33 90 00
debug libnfc.chip.pn53x RFConfiguration
debug libnfc.driver.acr122_usb TX: 6f 0b 00 00 00 00 00 00 00 00 ff 00 00 00 06 d4 32 05 ff ff ff
debug libnfc.driver.acr122_usb RX: 80 04 00 00 00 00 00 00 81 00 d5 33 90 00
debug libnfc.chip.pn53x ReadRegister
debug libnfc.driver.acr122_usb TX: 6f 13 00 00 00 00 00 00 00 00 ff 00 00 00 0e d4 06 63 02 63 03 63 05 63 38 63 3c 63 3d
debug libnfc.driver.acr122_usb RX: 80 0a 00 00 00 00 00 00 81 00 d5 07 80 80 40 00 10 00 90 00
debug libnfc.chip.pn53x RFConfiguration
debug libnfc.driver.acr122_usb TX: 6f 0b 00 00 00 00 00 00 00 00 ff 00 00 00 06 d4 32 05 00 01 02
debug libnfc.driver.acr122_usb RX: 80 04 00 00 00 00 00 00 81 00 d5 33 90 00
debug libnfc.chip.pn53x SetParameters
debug libnfc.driver.acr122_usb TX: 6f 08 00 00 00 00 00 00 00 00 ff 00 00 00 03 d4 12 04
debug libnfc.driver.acr122_usb RX: 80 04 00 00 00 00 00 00 81 00 d5 13 90 00
NFC reader: ACS / ACR122U PICC Interface opened
debug libnfc.chip.pn53x InListPassiveTarget
debug libnfc.chip.pn53x Timeout value: 300
debug libnfc.driver.acr122_usb TX: 6f 09 00 00 00 00 00 00 00 00 ff 00 00 00 04 d4 4a 01 00
debug libnfc.driver.acr122_usb RX: 80 0e 00 00 00 00 00 00 81 00 d5 4b 01 01 00 04 08 04 d6 75 8d 29 90 00
Found MIFARE Classic card:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
UID (NFCID1): d6 75 8d 29
SAK (SEL_RES): 08
debug libnfc.chip.pn53x InCommunicateThru
debug libnfc.chip.pn53x No timeout
debug libnfc.driver.acr122_usb TX: 6f 09 00 00 00 00 00 00 00 00 ff 00 00 00 04 d4 42 e0 50
debug libnfc.driver.acr122_usb RX: 80 05 00 00 00 00 00 00 81 00 d5 43 02 90 00
debug libnfc.chip.pn53x Chip error: "CRC Error" (02), returned error: "RF Transmission Error" (-20))
debug libnfc.chip.pn53x InListPassiveTarget
debug libnfc.chip.pn53x Timeout value: 300
debug libnfc.driver.acr122_usb TX: 6f 09 00 00 00 00 00 00 00 00 ff 00 00 00 04 d4 4a 01 00
debug libnfc.driver.acr122_usb RX: 80 0e 00 00 00 00 00 00 81 00 d5 4b 01 01 00 04 08 04 d6 75 8d 29 90 00
Guessing size: seems to be a 1024-byte card
Sent bits: 50 00 57 cd
debug libnfc.chip.pn53x ReadRegister
debug libnfc.driver.acr122_usb TX: 6f 0b 00 00 00 00 00 00 00 00 ff 00 00 00 06 d4 06 63 02 63 03
debug libnfc.driver.acr122_usb RX: 80 06 00 00 00 00 00 00 81 00 d5 07 80 80 90 00
debug libnfc.chip.pn53x PN53X_REG_CIU_TxMode (Defines the transmission data rate and framing during transmission)
debug libnfc.chip.pn53x PN53X_REG_CIU_RxMode (Defines the transmission data rate and framing during receiving)
debug libnfc.chip.pn53x WriteRegister
debug libnfc.driver.acr122_usb TX: 6f 0d 00 00 00 00 00 00 00 00 ff 00 00 00 08 d4 08 63 02 00 63 03 00
debug libnfc.driver.acr122_usb RX: 80 04 00 00 00 00 00 00 81 00 d5 09 90 00
debug libnfc.chip.pn53x InCommunicateThru
debug libnfc.chip.pn53x No timeout
debug libnfc.driver.acr122_usb TX: 6f 0b 00 00 00 00 00 00 00 00 ff 00 00 00 06 d4 42 50 00 57 cd
debug libnfc.driver.acr122_usb RX: 80 05 00 00 00 00 00 00 81 00 d5 43 01 90 00
debug libnfc.chip.pn53x Chip error: "Timeout" (01), returned error: "RF Transmission Error" (-20))
Sent bits: 40 (7 bits)
debug libnfc.chip.pn53x ReadRegister
debug libnfc.driver.acr122_usb TX: 6f 09 00 00 00 00 00 00 00 00 ff 00 00 00 04 d4 06 63 3d
debug libnfc.driver.acr122_usb RX: 80 05 00 00 00 00 00 00 81 00 d5 07 00 90 00
debug libnfc.chip.pn53x PN53X_REG_CIU_BitFraming (Adjustments for bit oriented frames)
debug libnfc.chip.pn53x WriteRegister
debug libnfc.driver.acr122_usb TX: 6f 0a 00 00 00 00 00 00 00 00 ff 00 00 00 05 d4 08 63 3d 07
debug libnfc.driver.acr122_usb RX: 80 04 00 00 00 00 00 00 81 00 d5 09 90 00
debug libnfc.chip.pn53x InCommunicateThru
debug libnfc.driver.acr122_usb TX: 6f 08 00 00 00 00 00 00 00 00 ff 00 00 00 03 d4 42 40
debug libnfc.driver.acr122_usb RX: 80 05 00 00 00 00 00 00 81 00 d5 43 01 90 00
debug libnfc.chip.pn53x Chip error: "Timeout" (01), returned error: "RF Transmission Error" (-20))
Warning: Unlock command [1/2]: failed / not acknowledged.
Writing 64 blocks |debug libnfc.chip.pn53x ReadRegister
debug libnfc.driver.acr122_usb TX: 6f 0d 00 00 00 00 00 00 00 00 ff 00 00 00 08 d4 06 63 02 63 03 63 3d
debug libnfc.driver.acr122_usb RX: 80 07 00 00 00 00 00 00 81 00 d5 07 00 00 07 90 00
debug libnfc.chip.pn53x PN53X_REG_CIU_TxMode (Defines the transmission data rate and framing during transmission)
debug libnfc.chip.pn53x PN53X_REG_CIU_RxMode (Defines the transmission data rate and framing during receiving)
debug libnfc.chip.pn53x PN53X_REG_CIU_BitFraming (Adjustments for bit oriented frames)
debug libnfc.chip.pn53x WriteRegister
debug libnfc.driver.acr122_usb TX: 6f 10 00 00 00 00 00 00 00 00 ff 00 00 00 0b d4 08 63 02 80 63 03 80 63 3d 00
debug libnfc.driver.acr122_usb RX: 80 04 00 00 00 00 00 00 81 00 d5 09 90 00
debug libnfc.chip.pn53x InDataExchange
debug libnfc.driver.acr122_usb TX: 6f 1a 00 00 00 00 00 00 00 00 ff 00 00 00 15 d4 40 01 a0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
debug libnfc.driver.acr122_usb RX: 80 05 00 00 00 00 00 00 81 00 d5 41 01 90 00
debug libnfc.chip.pn53x Chip error: "Timeout" (01), returned error: "RF Transmission Error" (-20))
Failure to write to data block 4
debug libnfc.driver.acr122_usb ACR122 Abort
debug libnfc.driver.acr122_usb TX: 6f 07 00 00 00 00 00 00 00 00 ff 00 00 00 02 d4 02
debug libnfc.driver.acr122_usb RX: 80 08 00 00 00 00 00 00 81 00 d5 03 32 01 06 07 90 00
debug libnfc.chip.pn53x InRelease
debug libnfc.driver.acr122_usb TX: 6f 08 00 00 00 00 00 00 00 00 ff 00 00 00 03 d4 52 00
debug libnfc.driver.acr122_usb RX: 80 05 00 00 00 00 00 00 81 00 d5 53 00 90 00
debug libnfc.chip.pn53x RFConfiguration
debug libnfc.driver.acr122_usb TX: 6f 09 00 00 00 00 00 00 00 00 ff 00 00 00 04 d4 32 01 00
debug libnfc.driver.acr122_usb RX: 80 04 00 00 00 00 00 00 81 00 d5 33 90 00
Starting with the unused card, the complete sequence of events is:
$ nfc-list
nfc-list uses libnfc 1.7.1
NFC device: ACS / ACR122U PICC Interface opened
1 ISO14443A passive target(s) found:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
UID (NFCID1): d6 1d 1d 29
SAK (SEL_RES): 08
$ mfoc -P 500 -O dump.clean
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
* UID size: single
* bit frame anticollision supported
UID (NFCID1): d6 1d 1d 29
SAK (SEL_RES): 08
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:
Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found
[Key: ffffffffffff] -> [xxxxxxxxxxxxxxxx]
[Key: a0a1a2a3a4a5] -> [xxxxxxxxxxxxxxxx]
[Key: d3f7d3f7d3f7] -> [xxxxxxxxxxxxxxxx]
[Key: 000000000000] -> [xxxxxxxxxxxxxxxx]
[Key: b0b1b2b3b4b5] -> [xxxxxxxxxxxxxxxx]
[Key: 4d3a99c351dd] -> [xxxxxxxxxxxxxxxx]
[Key: 1a982c7e459a] -> [xxxxxxxxxxxxxxxx]
[Key: aabbccddeeff] -> [xxxxxxxxxxxxxxxx]
[Key: 714c5c886e97] -> [xxxxxxxxxxxxxxxx]
[Key: 587ee5f9350f] -> [xxxxxxxxxxxxxxxx]
[Key: a0478cc39091] -> [xxxxxxxxxxxxxxxx]
[Key: 533cb6c723f6] -> [xxxxxxxxxxxxxxxx]
[Key: 8fd0a4f256e9] -> [xxxxxxxxxxxxxxxx]
Sector 00 - FOUND_KEY [A] Sector 00 - FOUND_KEY [B]
Sector 01 - FOUND_KEY [A] Sector 01 - FOUND_KEY [B]
Sector 02 - FOUND_KEY [A] Sector 02 - FOUND_KEY [B]
Sector 03 - FOUND_KEY [A] Sector 03 - FOUND_KEY [B]
Sector 04 - FOUND_KEY [A] Sector 04 - FOUND_KEY [B]
Sector 05 - FOUND_KEY [A] Sector 05 - FOUND_KEY [B]
Sector 06 - FOUND_KEY [A] Sector 06 - FOUND_KEY [B]
Sector 07 - FOUND_KEY [A] Sector 07 - FOUND_KEY [B]
Sector 08 - FOUND_KEY [A] Sector 08 - FOUND_KEY [B]
Sector 09 - FOUND_KEY [A] Sector 09 - FOUND_KEY [B]
Sector 10 - FOUND_KEY [A] Sector 10 - FOUND_KEY [B]
Sector 11 - FOUND_KEY [A] Sector 11 - FOUND_KEY [B]
Sector 12 - FOUND_KEY [A] Sector 12 - FOUND_KEY [B]
Sector 13 - FOUND_KEY [A] Sector 13 - FOUND_KEY [B]
Sector 14 - FOUND_KEY [A] Sector 14 - FOUND_KEY [B]
Sector 15 - FOUND_KEY [A] Sector 15 - FOUND_KEY [B]
We have all sectors encrypted with the default keys..
Auth with all sectors succeeded, dumping keys to a file!
Block 63, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 62, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 61, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 60, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 59, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 58, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 57, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 56, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 55, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 54, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 53, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 52, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 51, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 50, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 49, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 48, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 47, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 46, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 45, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 44, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 43, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 42, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 41, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 40, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 39, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 38, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 37, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 36, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 35, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 34, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 33, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 32, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 31, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 30, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 29, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 28, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 27, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 26, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 25, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 24, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 23, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 22, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 21, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 20, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 19, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 18, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 17, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 16, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 15, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 14, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 13, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 12, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 11, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 10, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 09, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 08, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 07, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 06, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 05, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 04, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 03, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 02, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 01, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 00, type A, key ffffffffffff :d6 1d 1d 29 ff 08 04 00 62 63 64 65 66 67 68 69
$ nfc-mfclassic W a dump.fx.9ed9be0d dump.clean
NFC reader: ACS / ACR122U PICC Interface opened
Found MIFARE Classic card:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
UID (NFCID1): d6 1d 1d 29
SAK (SEL_RES): 08
Guessing size: seems to be a 1024-byte card
Sent bits: 50 00 57 cd
Sent bits: 40 (7 bits)
Warning: Unlock command [1/2]: failed / not acknowledged.
Writing 64 blocks |Failure to write to data block 4
x
Note that writing without UID (w) does not fail:
$ nfc-mfclassic w a dump.fx.9ed9be0d dump.clean
error libnfc.driver.acr122_usb Unable to claim USB interface (Permission denied)
nfc-mfclassic: ERROR: Error opening NFC reader
rmeur ~/Desktop/RFID $ sudo killall -9 com.apple.ifdreader
rmeur ~/Desktop/RFID $ nfc-mfclassic w a dump.fx.9ed9be0d dump.clean
NFC reader: ACS / ACR122U PICC Interface opened
Found MIFARE Classic card:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
UID (NFCID1): d6 1d 1d 29
SAK (SEL_RES): 08
Guessing size: seems to be a 1024-byte card
Writing 64 blocks |............................................................|
Done, 60 of 64 blocks written.
Same problem here, can't write gen 2 CUID magic card (the ones with the block 0 directly writable, and no magic command) with same error message.
However I can write "normally" (lowercase w) to the tag, and of course, the block 0 remains untouched.
And the card works with and Android phone and MIFARE Classic Tool app.
I have the exact same tags that the ones linked by @fxcoudert, and the same problem.
I bypassed it by forcing magic2 to true in nfc-mfclassic.c then recompiling. So it seems that the magic tag detection fails to recognize it correctly.
Here is my patch:
diff --git a/utils/nfc-mfclassic.c b/utils/nfc-mfclassic.c
index ba07b6f..8b29b65 100644
--- a/utils/nfc-mfclassic.c
+++ b/utils/nfc-mfclassic.c
@@ -70,7 +70,7 @@ static bool bUseKeyFile;
static bool bForceKeyFile;
static bool bTolerateFailures;
static bool bFormatCard;
-static bool magic2 = false;
+static bool magic2 = true;
static bool magic3 = false;
static bool unlocked = false;
static bool bForceSizeMismatch;
(While it works around the problem, it is not a solution. It will break compatibility with gen1 magic tags, which will not be unlocked, and normal mifare tags, wich will fail to write block 0)
Hacking a little more the source to get some info around the magic detection, it seems that get_rats() returns -20, forbidding any subsequent process. Here is the output with a printf of get_rats() return code (search for "RATS" in the log:
info libnfc.config Unable to open file: /home/sylvain/apps/prefix/etc/nfc/libnfc.conf
debug libnfc.config Unable to open directory: /home/sylvain/apps/prefix/etc/nfc/devices.d
debug libnfc.general log_level is set to 3
debug libnfc.general allow_autoscan is set to true
debug libnfc.general allow_intrusive_scan is set to false
debug libnfc.general 0 device(s) defined by user
debug libnfc.driver.acr122_usb device found: Bus 001 Device 006 Name ACS ACR122
debug libnfc.general 1 device(s) found using acr122_usb driver
debug libnfc.driver.acr122_usb 3 element(s) have been decoded from "acr122_usb:001:006"
debug libnfc.driver.acr122_usb TX: 62 00 00 00 00 00 00 01 00 00
debug libnfc.driver.acr122_usb RX: 80 02 00 00 00 00 00 00 81 00 3b 00
debug libnfc.driver.acr122_usb ACR122 PICC Operating Parameters
debug libnfc.driver.acr122_usb TX: 6f 05 00 00 00 00 00 00 00 00 ff 00 51 00 00
debug libnfc.driver.acr122_usb RX: 80 02 00 00 00 00 00 00 81 00 90 00
debug libnfc.chip.pn53x GetFirmwareVersion
debug libnfc.driver.acr122_usb TX: 6f 07 00 00 00 00 00 00 00 00 ff 00 00 00 02 d4 02
debug libnfc.driver.acr122_usb RX: 80 08 00 00 00 00 00 00 81 00 d5 03 32 01 06 07 90 00
debug libnfc.chip.pn53x SetParameters
debug libnfc.driver.acr122_usb TX: 6f 08 00 00 00 00 00 00 00 00 ff 00 00 00 03 d4 12 14
debug libnfc.driver.acr122_usb RX: 80 04 00 00 00 00 00 00 81 00 d5 13 90 00
debug libnfc.general "ACS / ACR122U PICC Interface" (acr122_usb:001:006) has been claimed.
debug libnfc.chip.pn53x ReadRegister
debug libnfc.driver.acr122_usb TX: 6f 11 00 00 00 00 00 00 00 00 ff 00 00 00 0c d4 06 63 02 63 03 63 0d 63 38 63 3d
debug libnfc.driver.acr122_usb RX: 80 09 00 00 00 00 00 00 81 00 d5 07 80 80 00 08 00 90 00
debug libnfc.chip.pn53x PN53X_REG_CIU_Status2 (Contain status flags of the receiver, transmitter and Data Mode Detector)
debug libnfc.chip.pn53x WriteRegister
debug libnfc.driver.acr122_usb TX: 6f 0a 00 00 00 00 00 00 00 00 ff 00 00 00 05 d4 08 63 38 00
debug libnfc.driver.acr122_usb RX: 80 04 00 00 00 00 00 00 81 00 d5 09 90 00
debug libnfc.chip.pn53x RFConfiguration
debug libnfc.driver.acr122_usb TX: 6f 09 00 00 00 00 00 00 00 00 ff 00 00 00 04 d4 32 01 00
debug libnfc.driver.acr122_usb RX: 80 04 00 00 00 00 00 00 81 00 d5 33 90 00
debug libnfc.chip.pn53x RFConfiguration
debug libnfc.driver.acr122_usb TX: 6f 09 00 00 00 00 00 00 00 00 ff 00 00 00 04 d4 32 01 01
debug libnfc.driver.acr122_usb RX: 80 04 00 00 00 00 00 00 81 00 d5 33 90 00
debug libnfc.chip.pn53x RFConfiguration
debug libnfc.driver.acr122_usb TX: 6f 0b 00 00 00 00 00 00 00 00 ff 00 00 00 06 d4 32 05 ff ff ff
debug libnfc.driver.acr122_usb RX: 80 04 00 00 00 00 00 00 81 00 d5 33 90 00
debug libnfc.chip.pn53x ReadRegister
debug libnfc.driver.acr122_usb TX: 6f 13 00 00 00 00 00 00 00 00 ff 00 00 00 0e d4 06 63 02 63 03 63 05 63 38 63 3c 63 3d
debug libnfc.driver.acr122_usb RX: 80 0a 00 00 00 00 00 00 81 00 d5 07 80 80 40 00 10 00 90 00
debug libnfc.chip.pn53x RFConfiguration
debug libnfc.driver.acr122_usb TX: 6f 0b 00 00 00 00 00 00 00 00 ff 00 00 00 06 d4 32 05 00 01 02
debug libnfc.driver.acr122_usb RX: 80 04 00 00 00 00 00 00 81 00 d5 33 90 00
debug libnfc.chip.pn53x SetParameters
debug libnfc.driver.acr122_usb TX: 6f 08 00 00 00 00 00 00 00 00 ff 00 00 00 03 d4 12 04
debug libnfc.driver.acr122_usb RX: 80 04 00 00 00 00 00 00 81 00 d5 13 90 00
debug libnfc.chip.pn53x InListPassiveTarget
debug libnfc.chip.pn53x Timeout value: 300
debug libnfc.driver.acr122_usb TX: 6f 09 00 00 00 00 00 00 00 00 ff 00 00 00 04 d4 4a 01 00
debug libnfc.driver.acr122_usb RX: 80 0e 00 00 00 00 00 00 81 00 d5 4b 01 01 00 04 08 04 2a 78 23 18 90 00
debug libnfc.chip.pn53x InCommunicateThru
debug libnfc.chip.pn53x No timeout
debug libnfc.driver.acr122_usb TX: 6f 09 00 00 00 00 00 00 00 00 ff 00 00 00 04 d4 42 e0 50
debug libnfc.driver.acr122_usb RX: 80 05 00 00 00 00 00 00 81 00 d5 43 02 90 00
debug libnfc.chip.pn53x Chip error: "CRC Error" (02), returned error: "RF Transmission Error" (-20))
debug libnfc.chip.pn53x InListPassiveTarget
debug libnfc.chip.pn53x Timeout value: 300
debug libnfc.driver.acr122_usb TX: 6f 09 00 00 00 00 00 00 00 00 ff 00 00 00 04 d4 4a 01 00
debug libnfc.driver.acr122_usb RX: 80 0e 00 00 00 00 00 00 81 00 d5 4b 01 01 00 04 08 04 2a 78 23 18 90 00
NFC reader: ACS / ACR122U PICC Interface opened
Expected MIFARE Classic card with UID starting as: 6504c12a
Got card with UID starting as: 2a782318
Found MIFARE Classic card:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
UID (NFCID1): 2a 78 23 18
SAK (SEL_RES): 08
RATS: failed, res -20
Guessing size: seems to be a 1024-byte card
Reading out 64 blocks |debug libnfc.chip.pn53x InDataExchange
debug libnfc.driver.acr122_usb TX: 6f 14 00 00 00 00 00 00 00 00 ff 00 00 00 0f d4 40 01 60 3f ff ff ff ff ff ff 2a 78 23 18
debug libnfc.driver.acr122_usb RX: 80 05 00 00 00 00 00 00 81 00 d5 41 00 90 00
debug libnfc.chip.pn53x InDataExchange
[Truncated, there is lots of TX/RX, it reads the whole tag]
I gone far beyond my understanding of the subject. From now, I'll let people who have a clue of what all this mean do their magic. Hope it helps. Thank you for maintaining libnfc!
I've faced with the same issue and it seems it tries to write gen3 fob, which new family of the fobs. With the master build, some of related commits to gen3 is not at 1.8.0. So master build resolve this issue.
See https://github.com/nfc-tools/libnfc/pull/608
@fxcoudert try to build from master and try to write again
@vkravets i confirm that the issue is resolved when built from master branch. @neomilium is it possible to release a new version of libnfc ? it will avoid building from master .
interesting.I've faced the same problem.Then I write with -f once,then write normally.
tl@alpine-on-gk41 ~/P/l/utils (master) [1]> sudo ./nfc-mfclassic W a u ~/Downloads/apartment.card
NFC reader: microBuilder.eu opened
Found MIFARE Classic card:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
UID (NFCID1): 22 c7 eb 0d
SAK (SEL_RES): 08
RATS support: no
Guessing size: seems to be a 1024-byte card
Sent bits: 50 00 57 cd
Sent bits: 40 (7 bits)
Warning: Unlock command [1/2]: failed / not acknowledged.
Trying to rewrite block 0 on a direct write tag.
Writing 64 blocks |....!
Error: authentication failed for block 04
tl@alpine-on-gk41 ~/P/l/utils (master) [1]> sudo ./nfc-mfclassic f W a ~/Downloads/apartment.card ~/Downloads/apartment.card
NFC reader: microBuilder.eu opened
Found MIFARE Classic card:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
UID (NFCID1): 22 c7 eb 0d
SAK (SEL_RES): 08
RATS support: no
Guessing size: seems to be a 1024-byte card
Writing 63 blocks |...............................................................|
Done, 63 of 64 blocks written.
tl@alpine-on-gk41 ~/P/l/utils (master)> sudo ./nfc-mfclassic W a u ~/Downloads/apartment.card
NFC reader: microBuilder.eu opened
Found MIFARE Classic card:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
UID (NFCID1): 22 c7 eb 0d
SAK (SEL_RES): 08
RATS support: no
Guessing size: seems to be a 1024-byte card
Sent bits: 50 00 57 cd
Sent bits: 40 (7 bits)
Warning: Unlock command [1/2]: failed / not acknowledged.
Trying to rewrite block 0 on a direct write tag.
Writing 64 blocks |................................................................|
Done, 64 of 64 blocks written.
tl@alpine-on-gk41 ~/P/l/utils (master)>
