Passa al contingut principal

Getting started with mfrc522cli

 I had seen people copying and writing Skylanders with NFC readers, like the proxmark or the ACR122U, but nowhere had I seen how to clone one of these figurines with an MFRC522.
I already had Arduino microcontrollers so choosing an MFRC522 was the cheapest way to go.

I didn't find any sketch or example of how to make a generic reading or copy, I mean for each RFID card I had to create a sketch where I included in the code the keys and the writing or reading functions adapted to the one I wanted to do in each occasion.

These readers are very cheap, although it is true that you can get them for 1€ or less, you have to be very careful because not all readers/writers are of the same quality.
I can confirm that only one of the 2 MFRC522 readers I have can read Skylanders, the other one supposedly fails due to a lack of power.
You can make modifications to increase the power but it is always better to buy a tested unit.
Anyway, even in the 1€ model we will be able to write our backups on RFID cards, as long as the card supports the ability to write the 0 block, also called magic cards.
The mfrc522cli is a piece of software for the ESP8266 or similar that allows us to do the typical actions of a generic RFID reader such as:
- Read entire cards.
- Write blocks or the entire card, including block 0 on those cards that support it.
- Clone cards.
- Repair cards and their access bits/permits (magic cards only).

At the moment it only supports 1k mifare classic and allows the use of A keys (the use of B keys is not yet available).
Here is a brief description of the mfrc522cli syntax.

Set the A key to read/write a sector (by default the A keys have the value of FFFFFFFFFFFF):

lka 3 a0a1a2a3a4a5
Read card content to internal buffer
read card
Show UID:
read uid
Show the read/write buffer 
show data
Show the writing/reading keys
show keys
Write only data blocks, it will not write block 0 or the trailer blocks. 
write card
Write only trailer blocks, not the 0 block or the data blocks:
write trailer
Write only block 0:
write zero
Write the whole, data, trailer and block 0:
write clone

Example 1:

Suppose we have a card already written with the access key to sector 1 A0A1A2A3A3A4A5 and we want to:
- write in block 4 (which belongs to sector 1) the value: "abc00000000000000000000000000000".
- Overwrite the trailer block of sector 1 by "FFFFFFFFFFFFFF078069FFFFFFFFFFFF" so that we change the keys and access bits.
We should do: 

lb 4 abc00000000000000000000000000000// This stores in the internal buffer the value of the block 4
lb 7 lb 7 FFFFFFFFFFFFFF078069FFFFFFFFFFFF // This loads in the internal buffer the value of block 7 which is equivalent to the trailer block of sector 1
lka 1 A0A1A2A3A4A5 // This sets the value of the read/write key for sector 1
write card  // This writes blocks 4 and 7
write trailer  // This writes block 7
Let's approach the card to do the writing.

Example 2:

We want to completely clone an RFID card including block 0:
lka 0 A0A1A2A3A4A5 // This loads the reading keys
lka 1A0A1A2A3A4A5
...
lka 15A0A1A2A3A4A5

read card // This reads the original card
clear keys // set the A keys to FFFFFFFFFFFFFFFFFFFF
write clone // clone the card

Etiquetes de comentaris:

Comentaris

Publica un comentari a l'entrada