Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[NFC Magic] Add support for backdoor read commands for Gen 1A/1B tags #202

Closed
mishamyte opened this issue Jun 13, 2023 · 5 comments · Fixed by #228
Closed

[NFC Magic] Add support for backdoor read commands for Gen 1A/1B tags #202

mishamyte opened this issue Jun 13, 2023 · 5 comments · Fixed by #228
Assignees
@Astrrra

Comments

@mishamyte
Copy link

mishamyte commented Jun 13, 2023
edited
Loading

Description of the feature you're suggesting.

Overview:

Right now NFC Magic app supports next functionality for magic tags:

  • Detection
  • Writing
  • Wiping

It would be nice to add also support of read backdoor command. For that case flow of reading could be simplified. Instead of trying to authenticate with user dictionary + standard dictionary, tag could be read fully with a backdoor command.

Usage steps:

  1. Check if tag is magic Gen 1A/1B (existing functionality)
  2. Select read (for implementation)
  3. If tag was read without problems (potential problems while reading should be an extra investigation points), user could have a possibility to save the dump (and next steps should be done using standard Flipper's NFC experience)
  4. [Optional]: As a follow up for step 3, found keys could be added into user's dictionary (automatically or with user confirmation, validation for key existence in dictionary should be done)

Tech details for read commands:

  • Gen 1A: 40(7), 43, 30xx + crc
  • Gen 1B: 40(7), 30xx + crc (need validate should crc be present here)

Potential problems:
Now detection of Gen 1 tags is done, using 40(7) command and concrete type (Gen1A/Gen1B) is not detected. For read it could be done via iteration through the read sequence for Gen1A, if didn't worked - for Gen1B. Which could ruin UX from the PoV of waiting time.

Implementation in existing products:
It is implemented at least in next solutions:

  • Proxmark3 - cview command
  • TMD-5S - it is used by default, if magic tag is detected

Anything else?

No response
@sealldeveloper
Copy link

sealldeveloper commented Oct 5, 2023
edited
Loading

+1 on this, would really like to see this as a feature.

Using this without reading is frustrating :<

@spetzreborn
Copy link

I also want this feature. I have the possibility to use a card printer/writer. And this way would make it very easy for me to get the B keys as I just can write/print to an gen1a magic card.

Maybe this issue should be on the apps repo and not firmware as nfc magic is an standalone app there?

@skotopes
Copy link
Member

Latest version NfcMagic support gen1/gen2 writing.

@mishamyte
Copy link
Author

@skotopes I'm sorry, but the issue was about the backdoor read, which is still now implemented.

I agree that it would be better to have it in good faps repo.

Would it be good if I will reopen it there as a feature proposal?

@skotopes skotopes reopened this Apr 14, 2024
@skotopes skotopes transferred this issue from flipperdevices/flipperzero-firmware Apr 14, 2024
@skotopes
Copy link
Member

@mishamyte I've reopened and moved it to appropriate repository.

@Astrrra Astrrra mentioned this issue Jun 19, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Astrrra Astrrra

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[NFC Magic] Gen1 backdoor read support flipperdevices/flipperzero-good-faps
5 participants
@skotopes @spetzreborn @mishamyte @Astrrra @sealldeveloper