Package: libnfc-bin
Version: 1.8.0-2
Severity: important
Dear Maintainer,
nfc-mfclassic does not write anything beside the first 16 bytes of each sector.
All other blocks are empty (0x00) and keys are not written either.
No errors are output neither on read nor write.
(the cards work just fine when writing with mifare classic tool on
android or with proxmark3, means all keys are written just fine, just
not on linux with nfc-mfclassic).
# creating the dump from the original card
% mfoc -f nfc/special.keys -O card.mfb
In this dump includes all data and all keys (keys are the real ones, not 0xFF)
# create a clone of the card
% nfc-mfclassic w ab u card.mfb
NFC reader: ACS / ACR122U PICC Interface opened
Found MIFARE Classic card:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
UID (NFCID1): de ad be ef
SAK (SEL_RES): 88
RATS support: no
Guessing size: seems to be a 1024-byte card
Writing 64 blocks
|............................................................|
Done, 60 of 64 blocks written.
# suspiciously, this works a second time without errors (so no keys where
written?)
% nfc-mfclassic w ab u card.mfb
NFC reader: ACS / ACR122U PICC Interface opened
Found MIFARE Classic card:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
UID (NFCID1): de ad be ef
SAK (SEL_RES): 88
RATS support: no
Guessing size: seems to be a 1024-byte card
Writing 64 blocks
|............................................................|
Done, 60 of 64 blocks written.
# when read a second time no keys are needed (so not written)
% mfoc -O card_cloned.mfb
...
We have all sectors encrypted with the default keys..
Auth with all sectors succeeded, dumping keys to a file!
Block 63, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80
69 ff ff ff ff ff ff
Block 62, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00
Block 61, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00
Block 60, type A, key ffffffffffff :de ad be ef de ad be ef de
ad be ef de ad be ef
Data in Block 60 is correct, but data in both block 61 and 62 is missing.
The data is complete in the original card.mfb written to the card.
# i've the common ACR122 reader used via USB
% LIBNFC_LOG_LEVEL=3 nfc-scan-device
debug libnfc.config Unable to open directory: /etc/nfc/devices.d
debug libnfc.general log_level is set to 3
debug libnfc.general allow_autoscan is set to true
debug libnfc.general allow_intrusive_scan is set to false
debug libnfc.general 0 device(s) defined by user
nfc-scan-device uses libnfc 1.8.0
debug libnfc.driver.acr122_usb device found: Bus 001 Device
007 Name ACS ACR122
debug libnfc.general 1 device(s) found using acr122_usb driver
debug libnfc.general 0 device(s) found using pn53x_usb driver
1 NFC device(s) found:
debug libnfc.driver.acr122_usb 3 element(s) have been decoded
from "acr122_usb:001:007"
debug libnfc.driver.acr122_usb TX: 62 00 00 00 00 00 00 01 00
00
debug libnfc.driver.acr122_usb RX: 80 02 00 00 00 00 00 00 81
00 3b 00
debug libnfc.driver.acr122_usb ACR122 PICC Operating Parameters
debug libnfc.driver.acr122_usb TX: 6f 05 00 00 00 00 00 00 00
00 ff 00 51 00 00
debug libnfc.driver.acr122_usb RX: 80 02 00 00 00 00 00 00 81
00 90 00
debug libnfc.chip.pn53x GetFirmwareVersion
debug libnfc.driver.acr122_usb TX: 6f 07 00 00 00 00 00 00 00
00 ff 00 00 00 02 d4 02
debug libnfc.driver.acr122_usb RX: 80 08 00 00 00 00 00 00 81
00 d5 03 32 01 06 07 90 00
debug libnfc.chip.pn53x SetParameters
debug libnfc.driver.acr122_usb TX: 6f 08 00 00 00 00 00 00 00
00 ff 00 00 00 03 d4 12 14
debug libnfc.driver.acr122_usb RX: 80 04 00 00 00 00 00 00 81
00 d5 13 90 00
debug libnfc.general "ACS / ACR122U PICC Interface"
(acr122_usb:001:007) has been claimed.
- ACS / ACR122U PICC Interface:
acr122_usb:001:007
debug libnfc.driver.acr122_usb ACR122 Abort
debug libnfc.driver.acr122_usb TX: 6f 07 00 00 00 00 00 00 00
00 ff 00 00 00 02 d4 02
debug libnfc.driver.acr122_usb RX: 80 08 00 00 00 00 00 00 81
00 d5 03 32 01 06 07 90 00
debug libnfc.chip.pn53x ReadRegister
debug libnfc.driver.acr122_usb TX: 6f 11 00 00 00 00 00 00 00
00 ff 00 00 00 0c d4 06 63 02 63 03 63 0d 63 38 63 3d
debug libnfc.driver.acr122_usb RX: 80 09 00 00 00 00 00 00 81
00 d5 07 80 80 00 00 00 90 00
debug libnfc.chip.pn53x InRelease
debug libnfc.driver.acr122_usb TX: 6f 08 00 00 00 00 00 00 00
00 ff 00 00 00 03 d4 52 00
debug libnfc.driver.acr122_usb RX: 80 05 00 00 00 00 00 00 81
00 d5 53 00 90 00
debug libnfc.general set_property_bool NP_ACTIVATE_FIELD False
debug libnfc.chip.pn53x RFConfiguration
debug libnfc.driver.acr122_usb TX: 6f 09 00 00 00 00 00 00 00
00 ff 00 00 00 04 d4 32 01 00
debug libnfc.driver.acr122_usb RX: 80 04 00 00 00 00 00 00 81
00 d5 33 90 00
I'd expect to be able to write the complete dump to the card.
I'm not sure how to debug this further (especially as this is a card where i
can't post the data publicly).
Any idea what might be wrong?
I'd happy to help in debugging with this, eg. if you have some test mifare
classic 1k sample card i can write
to for testing that would be no issue.
regards,
gebi
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.7.0-1-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libnfc-bin depends on:
ii libc6 2.30-4
ii libnfc6 1.8.0-2
libnfc-bin recommends no packages.
libnfc-bin suggests no packages.
-- no debconf information
