Know your magic cards
Posted by Lab401 Steve on
Navigating the world of "Magic" RFID Cards can be difficult. Different suppliers have different badges with different abilities, and each version may have multiple generations.
At Lab401, we work closely with our suppliers to ensure we have the latest and most stable versions of "Magic UID Tags".
But before we can jump into the technical details - first a history lesson.
In the beginning there was the MIFARE CLASSIC® 1K card.
Compared to the 125KHz tags at the time, which simply burped out a string of data, the MIFARE CLASSIC® 1K was an advanced card.
Each individual card had an individual Unique ID. These UIDs blocks were managed between manufacturers to ensure that no two cards ever had the same UID.
The MIFARE CLASSIC® 1K also featured a plurality of data sectors, access control lists and keys.
As the MIFARE CLASSIC®1K became more popular, many companies and access control solutions started using the UID as a security feature - relying on the UID to authenticate cards, users, purchases and more.
The MIFARE CLASSIC®1K's cipher system, combined with a poor Pseudo-Random-Number-Generator (PRNG) were cracked - now meaning cards could be cracked and dumped.
At a similar time, Chinese companies, most notably FUDAN, started creating 'Compatible' chipsets - and some of these chipsets evolved special, even.. magical.. abilities - including forging the sacred UID.
The original generations of MIFARE CLASSIC® Compatible / Magic chips required a special sequence to 'Unlock' the badge. Once unlocked - the entire card, including the UID and ACL sections could be read and written.
The unlock code, 0x43 / 0x40 became so well known - that many card reader systems would query this code to all badges. If a tag responded - it was deemed a clone card, and refused.
In response, "Magic" cards evolved other abilities - some allowed "Direct Writing" to anywhere on the card, without unlock codes - and others allowed the UID to be changed only one time.
With each iteration, the chipsets also became more and more stable, and could also emulate more and more badge types.
Today - the most modern "Magic" cards can withstand a fair bit of user abuse (writing incorrect values, corrupting the manufacturer sectors etc) - but should in general be treated with care - as to not 'brick' them.
History lesson aside, Lab401 has compiled a quick Magic Tag Cheatsheet to quickly and easily understand what tags are what.
There are also several other types of Magic Cards available, that support other chipsets or provide other functionality, but new versions replace the old, instead of maintaining several versions on the market.
Excelent research, magic uid cards are plagueing many closed loop systems in Brazil. Some of the types have implementation errors that make them easy to spot using low level commands but others are identical OTW and bring a lot of financial loss