Skip to content
Magic NTAG 21x: Getting Started
July 25, 2017 Lab401 Steve

Magic NTAG 21x: Getting Started

LAB401 ACADEMY: USING THE MAGIC NTAG21x

INTRODUCTION:

Lab401's Magic NTAG 21x is an incredibly powerful card. It can not only fully emulate the NTAG 213, 215 and 216, but also provide partial emulation of many other cards, including the NTAG 12C 2K Plus and Ultralight EV1 families!

Thanks to iceman's fully featured script, using the Magic NTAG 21x is incredibly easy.

PREPARING YOUR PROXMARK: STEP BY STEP: 

  1. Download iceman's NTAG21x script.

  2. Copy the downloaded 'mfu_magic.lua' file into your proxmark directory, under the folder client/scripts

BASIC FUNCTIONS

USING THE SCRIPT: STEP BY STEP

Once the script is installed, you can test it was correctly loaded with the following command:

script run mfu_magic -h

This should output the help for the command.

Changing Tag Types:

Tag types are changed with the '-t' flag. The following options are available:

  1. UL_EV1 48k
  2. UL_EV1 128k
  3. NTAG 210
  4. NTAG 212 
  5. NTAG 213 (Native emulation)
  6. NTAG 215 (Native emulation)
  7. NTAG 216 (Native emulation)
  8. NTAG I2C 1K
  9. NTAG I2C 2K
  10. NTAG I2C 1K Plus
  11. NTAG I2C 2K Plus

For example, to change the tag to an NTAG 213, you would issue the following command:

script run mfu_magic -t 5

You can confirm that the tag type has indeed changed by dumping the card:

hf mfu i

Setting the UID:

Changing the UID of your tag is a simple command:

script run mfu_magic -u 04112233445566

Setting the Signature:

Changing the signature of the card is also easy:

script run mfu_magic -s 1122334455667788990011223344556677889900112233445566778899001122

Setting the password/pack:

Modifying the pack and password are easy:

script run mfu_magic -p 11223344 -a 8080

Setting the version:

Likewise, adjusting the version manually is possible

script run mfu_magic -v 004040201000f03

Everything else:

Remember, this card emulates NTAGs - so all standard Mifare commands (read, write, dump, restore - etc) - will work with these badges.

ADVANCED FUNCTIONS:

Unlocking, unblocking, resetting...

Each time that you convert your tag from one type to another - the data on the tag will still remain. On the more advanced card types, reseting the configuration manually can be difficult - so script provides built in functions to make your life easier.

Likewise, if you've managed to set a password that you forgot, or managed to destroy the configuration blocks - don't panic - the card is fully restorable with the following command:

script run mfu_magic -w

This script will:

  • Reset the password
  • Reset the pack
  • Reset the version
  • Reset the signature

  • Reset the UID
  • Reset the card type to an NTAG213
  • Reset the configuration block 1 & 2

FURTHER RESOURCES:

For more involved examples, we recommend iceman's Magic NTAG Recap video, which highlights some of the key points for advanced users.

If you want to use the advanced features, such as easy dump / restore, you'll need to install the iceman fork.

Previous article Chameleon Mini: Mifare Cracking via the Reader Attack
Next article Proxmark 3: Using Custom Firmware

Leave a comment

Comments must be approved before appearing

* Required fields