I have successfully read an access card which is shown by flipper as Mifare classic 4K, read all sectors and found all keys, but I cannot figure out if it is just a 4K card or if it’s DESFire EV2/3 (which are all available from this company). It’s a ‘Gallagher’ brand card but I am having trouble finding info on how to identify how secure it is. Obviously if it’s one of their DESFire cards I can’t do anything but I’m not sure if the Flipper will recognise that or not and just read the non encrypted stuff.
Well, if Flipper reads it as Classic 4K, that’s likely it.
What do you mean by successful reading? Can you emulate?
If yes, than you just proved it insecure in the sense of being easy to copy. Otherwise, it needs further look.
Emulation does not work, the reader doesn’t reject it, it just does not even acknowledged that there is anything being presented to it. I have read other comments where the Flipper is unable to emulate successfully on certain readers.
Successful reading meaning I didn’t get any errors and it was able to find all keys for all sectors when reading the card although it did go almost all the way through the built in dictionary keys to get there.
Try magic cards if you have them. But magic 4K is a comparatively rare breed. Otherwise, no idea of PoC’ing.
Thanks, looks like they are available just quite expensive and not common as you say. Might have to invest in a PM3 to program it anyways. Thanks for your suggestion.
You may be able to do it without a PM3 - Gen1a should be writable with Flipper with help of some tricks, Gen2 is doable from (a subset of) NFC-capable mobile phones, Gen3 is backward-compatible with 1a, Gen4 has a WIP Flipper app.
Proxmark can also emulate on its own, and does it better than Flipper, but there are still reports of things going weird.