An Android NFC-App for reading, writing, analyzing, etc. Mifare Classic RFID-Tags.
- MifareClassicTool on Google Play
- MifareClassicTool (Donate Version) on Google Play
- MifareClassicTool on F-Droid
- Download MifareClassicTool (APK file)
- Screenshots (outdated, check Google Play)
- Additional stuff (Documentation, etc.)
- Thread at the Proxmark forum
- Read Mifare Classic tags
- Save, edit and share the tag data you read
- Write to Mifare Classic tags (block-wise)
- Clone Mifare Classic tags
(Write dump of a tag to another tag; write 'dump-wise')
- Key management based on dictionary-attack
(Write the keys you know in a file (dictionary).
MCT will try to authenticate with these
keys against all sectors and read as much as possible.
See chapter Getting Started.)
- Format a tag back to the factory/delivery state
- Write the manufacturer block of special Mifare Classic tags
- Create, edit, save and share key files (dictionaries)
- Decode & Encode Mifare Classic Value Blocks
- Decode & Encode Mifare Classic Access Conditions
- Compare dumps (Diff Tool)
- Display generic tag information
- Display the tag data as highlighted hex
- Display the tag data as 7-Bit US-ASCII
- Display the Mifare Classic Access Conditions as a table
- Display Mifare Classic Value Blocks as integer
- In-App (offline) help and information
- It's free software (open source). ;)
This tool provides several features to interact with (and only with) Mifare Classic RFID-Tags. It is designed for users who have at least basic familiarity with the Mifare Classic technology. You also need an understanding of the hexadecimal number system, because all data input and output is in hexadecimal.
Some important things are:
- The features this tool provides are very basic. There are no such fancy things like saving a URL to an RFID-Tag with a nice looking graphical user interface. If you want so save things on a tag, you have to input the raw hexadecimal data.
- This App can not crack/hack any Mifare Classic keys. If you want to read/write an RFID-Tag, you first need keys for this specific tag. For additional information please read/see chapter Getting Started.
- There will be no "brute-force" attack capability in this application. It is way too slow due to the protocol.
- The first block of the first sector of an original
Mifare Classic tag is read-only i.e. not writable. But there
are special Mifare Classic tags that support writing to the
manufacturer block with a simple write command. This App is able to
write to such tags and can therefore create fully correct clones.
However, some special tags require a special command sequence to
put them into the state where writing to the manufacturer block is
possible. These tags will not work.
Remember this when you are shopping for special tags!
Also, make sure the the BCC value is correct before writing. The BCC is the first byte after the UID. It is calculated by XOR-ing all bytes of the UID.
- This app will not work on the following devices because their hardware (NFC-controller) does not support Mifare Classic (read more). You can find a list of incompatible devices here.
First of all, you need the keys for the tag you want to read. Due to some weaknesses in Mifare Classic, you can retrieve all the keys (A and B) of a tag with tools like the Proxmark3 or normal RFID-Readers and some special software (mfcuk, mfoc).
The application comes with standard key files called std.keys and extended-std.keys, which contains the well known keys and some standard keys from a short Google search. You can try to read a tag with this key file using "Read Tag" from main menu.
Once you know some keys, you cam to put them into a simple text file (one key per line). You can do this on your PC and transfer the file to the MifareClassicTool/key-files/ directory (on external storage), or you can create a new key file via "Edit or Add Key File" from main menu. If you are finished setting up your key file, you can read a tag using "Read Tag" from main menu.
Advantages of the Key Files Concept:
- You don't have to worry about which key is for which sector.
The application tries to authenticate with all keys from the key
- You don't have to know all the keys.
If neither key A nor key B for a specific sector is found in the key file (dictionary), the application will skip reading said sector.
This dictionary-attack based mapping process (keys <-> sectors) makes it easy for you to read as much as possible with the keys you know!
This application was originally developed by Gerhard Klostermeier in cooperation with SySS GmbH (www.syss.de) and Aalen University (www.htw-aalen.de) in 2012/2013. It is free software and licensed under the GNU General Public License v3.0 (GPLv3)
Icons used in this application:
- Oxygen Icons: www.oxygen-icons.org
(GNU Lesser General Public License)
- RFID Tag: www.nfc-tag.de
(Creative Commons 3.0)
MIFARE is a registered trademark of NXP Semiconductors.