![\"\"](\"https:\/\/dc540.org\/xxx\/wp-content\/uploads\/2020\/10\/Screen-Shot-2020-10-19-at-9.35.54-AM-1024x593.png\")
<\/figure>\n\n\n\nHere’s what I’ve learned so far:<\/p>\n\n\n\n
All of the MIFARE cards in my collection (63 of them at last count) have sixteen sector of data. Sector 0 is three blocks and if my understanding is correct, contains immutable manufacturer and other ata. This makes sense, as the very first thing in sector 0 is the UID of the card. What else is that hex data in sector 0? Dunno. Here’s a sector 0 example:<\/p>\n\n\n\n
FD65D88A<\/strong>CA880400C825002000000017 The bolded hex is the card’s UID.<\/p>\n\n\n\n Sectors 1 through 15 are all four blocks of hex, structured identically. The first block is the keys and access bits. For each sector, there are two keys defined. The access bits define which key or keys are required to read from, or write to, that sector. Example: <\/p>\n\n\n\n 2A2C13CC242AFF078069FFFFFFFFFFFF In this case, Key A is 2A2C13CC242A, Key B is FFFFFFFFFFFF, and the access bits field is FF078069, which I found is a very common schema. <\/p>\n\n\n\n The remaining three blocks are data, and here’s where it gets fuzzy. I believe that there is no structure whatsoever to that data. No standard, no default, no pattern. In fact, the bulk of cards had no data stored in most sectors. And I have yet to find a discernible pattern in the data that is stored. I have looked for hex-to-decimal date translations, and so far been unlucky.<\/p>\n\n\n\n Here’s the breakdown of “data stored in sectors”:<\/p>\n\n\n\n Of my 63 cards:<\/p>\n\n\n\n What I’d love to be able to do is to extract the “stay data” from all of these cards. Keep in mind that these are all actual cards from hotels that I and my family have stayed in over the past 4-5 years. So if the data is retrievable, I should be able to cross-reference it to a trip.<\/p>\n\n\n\n And now I just remembered that I have that batch of DEF CON room keys hanging in the basement that should scan and add to the collection.<\/p>\n\n\n\n So here’s my question for the hackers out there. How you determine, or CAN you determine the nature of hex data stored in blocks with no apparent standard of default structure?<\/p>\n\n\n\n The dumps are on https:\/\/github.com\/dc540\/hfdumps if you’re interested in exploring this data.<\/p>\n","protected":false},"excerpt":{"rendered":" Now that I can read, dump and clone cards, of course my natural inclinations lead me toward the next goalpost, which is determining what hidden data can be retrieved from … <\/p>\n
E7C0995613BD20D15F58EA614C1020B6
8A000400010000000000000000000000<\/p>\n\n\n\n
02D7C800000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000<\/p>\n\n\n\n