mirror of
https://github.com/nfc-tools/mfcuk.git
synced 2026-01-22 18:42:54 +00:00
8.6 KiB
8.6 KiB
Introduction
Summarizes known/publicly implemented Mifare Classic cards - default keys, data storage format, known-plaintexts on card, etc.
How to contribute
If you legally own a publicly available Mifare Classic card, which is not listed here or which you think is more accurate/updated than presented one, we would like to hear from you.
Please DO NOT contribute:
- private card dumps (examples: office building, fitness centers, etc.)
- card dumps which do not legally belong to you (examples: a test dump made by a friend on your computer, dump you made from your friend's card, etc.)
Legal disclaimer
This information is presented in good faith and for informational purposes only. It is not intended to disclose private/sensitive information nor to affect in any other ways holders or issuers of such publicly available cards. The information is gathered from personally and legally owned cards. The information presented here is intended to raise awareness to the possible security threats and privacy implications when using Mifare Classic cards.
Details
| Country | City | Card Name | Estimated number (date) | URL/Photo | Card type | Default keys | Reused keys patterns | Data format | Known plain-text | Risk level | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Romania | Bucharest | RATB SAT Card Activ | ? | http://card.ratb.ro/ 
| ||||||||||||
| Romania | Timisoara | RATT Acces Card | ? | http://www.ratt.ro/taxare/ | ?K | ? | ? | ? | ? | ? | ||||||
| Bulgaria | Sofia | SKGT | ? | http://www.skgt-bg.com/index_en.htm | 4K | FFzzzzzzzzzz A0zzzzzzzzzz | Default keys heavily reused Sector_5_A=Sector_6_A | Sector 1 (administration code 0x00 0x04) contain card holder information (Run-Length-Encoded) Sector 2 contain card publisher information (code 0x00, 0x15) Sector 3 electronic purse, city traffic These sectors do not change during card usage Sector 4 Block 0,1 = unknown data Sector 4 Block 2 = last travel Example: 00 04 00 01 01 00 e1 05 58 12 c2 00 00 70 00 93 00 04 = line number 4 05 e1 (hex) = 1505 (dec) = car number 00 c2 12 58 (hex) = 1100 0010 00 01 0010 0101 1000 (bin), lower 14 bits = number of days since 01.01.1997, higher bits = number of minutes since the start of the day Sector 5 Block 0,1 = Value blocks | Hex password for last sector key B represents string "SofiaM" | HIGH | ||||||
| U.K. | London | Oyster card | ? | https://oyster.tfl.gov.uk/oyster/entry.do  | 1K | None | None | Unknown encoded/mangled/in-house crypto? encrypted? block/stream cipher? | 0xFF sequences in blocks: 2, 17, 56, 57, 58, 60, 61, 62 "–ABCDEFGHIJKLM" string at block 1 | . | ||||||
| Netherlands | Amsterdam | OV Chipkaart | ? | http://www.ov-chipkaart.nl/ | ? | ? | ? | ? | ? | . | ||||||
| Taiwan | Taipei | EasyCard | 18.2 millions (Apr 2010) | http://www.trtc.com.tw/ | 1K | ? | ? | Unknown encoded/mangled/in-house crypto? encrypted? block/stream cipher? | ? | . | ||||||
| Czech | Czech Technical University in Prague, Institute of Chemical Technology Prague | Student CVUT/VSCHT Card | ? | http://www.techlib.cz/en/customer-account/registration/id-cards-of-cvut-and-vscht/ | 1K | FFzzzzzzzzzz | Sectors 0 to 3 have equal key A Sectors 0 to 3 have equal key B | Cleartext Block1 = National ID (?) Block2 = Passport No (?) Block4 = Name (space padded) Block5 = Surname (space padded) Block8 = Valability (?) in format DD.MM.YYYY Block12/13 = Telephone numbers (?) | None | HIGH | ||||||
| Czech | Czech | Czech ISIC Card | ? | http://www.isic.cz/ | 1K | FFzzzzzzzzzz | None | Cleartext (?) Block4 = some kind of serial number | None | HIGH | ||||||
| Czech | Liberec | Liberec City Card | ? | http://www.mikroelektronika.cz/custom-made-electronics/novinky http://www.mucl.cz/mestska-autobusova-doprava/opuscard/karta-opuscard.html | 4K | A0zzzzzzzzzz | Block 0x5F to 0xFF have equal key A Block 0x5F to 0xFF have equal key B | Partially cleartext Block4 = Surname Name (seem null terminated C strings) Rest encoded/encrypted (?) | Block 1 and 2 = lots of every second byte is 0x18 | MEDIUM | ||||||
| Luxembourg | Luxembourg | Luxembourg (Public Transport) Card | ? | ? | 1K | FFzzzzzzzzzz | Block 0x00 to 0x33 have equal key A Block 0x00 to 0x33 have equal key B | Encoded, seems no encryption or dynamic keys | Block 0x34, 0x35, 0x36, 0x38, 0x39, 03a, 0x3c, 0x3d, 0x3e = filled with 0xFF | MEDIUM | ||||||
| Russia | Moscow | Бесконтактные транспортные карты | 5-30 millions (1998-2007) | http://www.metro.ru/fare/contactless/ | ?K | ? | ? | ? | ? | ? | ||||||
| Russia | Russia | Rossiyskie Zheleznye Dorogi/Russian Railways (RZhD) | ? | Forum notes News notes | ? | ? | ? | ? | ? | ? |
Links
http://www.dib.com.br/dib%20cd/C2007/Palestras/Palestra%20Francimar%20Santos%20Cards%202007.pdfhttp://www.skyscrapercity.com/showthread.php?p=39116178
http://www.ratt.ro/forum/index.php?showtopic=157&st=0