4 Steps to clone access card by phone
Many people are curious on how to clone access card for convinience or just for fun. Most access system with RFID verify visitors with UID in the access card. It's the first 4 bytes hex data of Block 0 in Sector 0.
Follow the steps bellow to clone an access card.
- Prepare the UID changeable card.
- The first generation of UID changeable card, which called Chinese magic card, can be writed with external device, (i.e., PN53X, ACR122U and PM3, iCopy-XS).
- The second generaltion of UID Change is called CUID card which can be easily writen on Android phone.
View all kinds of Magic cards here
- Install MTools or Mifare Classic Tool on the phone.
MCT is a powerfull app to read and write data to mifare 1k card.
With MTools, you can even read and write data that under some rules, e.g., the valid money data.
- Read default data of Sector 0 of original card.
Usually, the default keys for card's sector 0 is
FF FF FF FF FF
- By MIFARE Classic Tool:
- READ TAG
START MAPPING AND READ TAG
- By MTools:
- Add Card
- Add Sector 0, keyA and keyB
- Click Read Sector Button
- Write data of Sector 0 to target UID changeable card.
If you cannot get full sectors data with default key
FFFFFFFFFFFF, then you have to crack the keys with the external reader, such as PN532, Proxmark3 X or iCopy-XS device.
To those cards are no default keys found, the
mfcuk tools is used to hardnested attacking and restore one keys. Then it will use the
mfoc tools to restore the rest keys of sectors.
If the card does not support hardnested, then you have to use Chameleon Mini, Chameleon Tiny(Discontinued) or Chameleon Ultra to sniff the keys, then restore data in all sectors.