• Registered: 2011-10-28
  • Posts: 9

Topic: Format/overwrite of mifare classic doesn't work correctly

I cloned a mifare classic card onto an empty card.Now everytime I write to this card I get a error like this:

failed to write trailer block 3 
xnfc_initiator_transceive_bytes: Timeout

I tried to overwrite the card with the empty dump I got from http://www.libnfc.org/_media/libnfc/doc … xample.zip
but it went like this:

thomas@pluto ~ $ nfc-mfclassic w b Downloads/14f1f9d7.mfd clean
Connected to NFC reader: ACS ACR122U 00 00 / ACR122U103 - PN532 v1.6 (0x07)
Found MIFARE Classic card:
    ATQA (SENS_RES): 00  04  
       UID (NFCID1): ec  c3  66  d3  
      SAK (SEL_RES): 08  
Guessing size: seems to be a 1024-byte card
Writing 64 blocks |nfc_initiator_transceive_bytes: Timeout
failed to write trailer block 3 
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 7 
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 11 
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 15 
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 19 
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 23 
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 27 
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 31 
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 35 
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 39 
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 43 
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 47 
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 51 
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 55 
xnfc_initiator_transceive_bytes: Timeout
failed to write trailer block 59 
x.|
Done, 4 of 64 blocks written.
thomas@pluto ~ $ nfc-mfclassic w b tim-100 Downloads/14f1f9d7.mfd 
Connected to NFC reader: ACS ACR122U 00 00 / ACR122U103 - PN532 v1.6 (0x07)
Expected MIFARE Classic card with UID starting as: 14f1f9d7
Found MIFARE Classic card:
    ATQA (SENS_RES): 00  04  
       UID (NFCID1): ec  c3  66  d3  
      SAK (SEL_RES): 08  
Guessing size: seems to be a 1024-byte card
Writing 64 blocks |nfc_initiator_transceive_bytes: Mifare Authentication Error
!
Error: authentication failed for block 00
thomas@pluto ~ $ nfc-mfclassic w b tim-100
Connected to NFC reader: ACS ACR122U 00 00 / ACR122U103 - PN532 v1.6 (0x07)
Found MIFARE Classic card:
    ATQA (SENS_RES): 00  04  
       UID (NFCID1): ec  c3  66  d3  
      SAK (SEL_RES): 08  
Guessing size: seems to be a 1024-byte card
Writing 64 blocks |nfc_initiator_transceive_bytes: Mifare Authentication Error
nfc_initiator_transceive_bytes: Mifare Authentication Error
nfc_initiator_transceive_bytes: Mifare Authentication Error
nfc_initiator_transceive_bytes: Mifare Authentication Error
nfc_initiator_transceive_bytes: Mifare Authentication Error
nfc_initiator_transceive_bytes: Mifare Authentication Error
nfc_initiator_transceive_bytes: Mifare Authentication Error
nfc_initiator_transceive_bytes: Mifare Authentication Error
nfc_initiator_transceive_bytes: Mifare Authentication Error
!
Error: authentication failed for block 00
thomas@pluto ~ $ mifare-classic-format 
Found Mifare Classic 1k with UID ecc366d3. Format [yN] y
Formatting 16 sectors [.mifare-classic-format: No known authentication key for sector 0

I also added the keys that were used to write to the card to the default keys of mifare-classic-format.
I'm using a touchatag pad 072f:2200 with the acsccid 1.0.2 driver.

Last edited by BlackLotus (2011-11-24 18:11:05)

  • rconty
  • Administrator
  • Offline
  • Registered: 2009-04-22
  • Posts: 673

Re: Format/overwrite of mifare classic doesn't work correctly

Hello,

BlackLotus wrote:

Now everytime I write to this card I get a error like this:

failed to write trailer block 3 
xnfc_initiator_transceive_bytes: Timeout

Timeout error is a target error, that means the tag did not reply within the attempted time.

BlackLotus wrote:

I tried to overwrite the card with the empty dump

Putting an empty dump will not really "format" the Mifare tag, it will only copied blank sector but will not set the default keys.
You should try the libfreefare's example: mifare-classic-format.

Romuald Conty
  • Registered: 2011-10-28
  • Posts: 9

Re: Format/overwrite of mifare classic doesn't work correctly

You should try the libfreefare's example: mifare-classic-format.

Like I said at the end of my post

I also added the keys that were used to write to the card to the default keys of mifare-classic-format.

I tried this already and it failed with a

thomas@pluto ~ $ mifare-classic-format 
Found Mifare Classic 1k with UID bc7e61d3. Format [yN] y
Formatting 16 sectors [.mifare-classic-format: No known authentication key for sector 0

Even after adding the key for sector 0 to the source.Is there an easy way to increase the time the reader waits for the response?When writing to the empty cards there were no errors at all, how could this happen?
PS.
Maybe it would work if it tries to rewrite a block after a time out?!?

Last edited by BlackLotus (2011-11-27 21:33:23)

  • Registered: 2011-10-28
  • Posts: 9

Re: Format/overwrite of mifare classic doesn't work correctly

I just tested to format the card with the touchatag rfid reader and got this:

formatmifare1k v0.1b (using RFIDIOt v1.0a)
  Reader: PCSC ACS ACR122U 00 00

Card ID: A PCSC Reader (need to add reset function!)

*** Warning! This will overwrite all data blocks! Proceed (y/n)? y
 sector 01: Keytype: AA
Traceback (most recent call last):
  File "formatmifare1kvalue.py", line 49, in <module>
    if card.login(sector,type,''):
  File "/home/thomas/work/RFIDIOt-1.0a/RFIDIOt.py", line 1442, in login
    if not self.pcsc_send_apdu(apdu):
  File "/home/thomas/work/RFIDIOt-1.0a/RFIDIOt.py", line 1321, in pcsc_send_apdu
    result, sw1, sw2= self.pcsc_connection.transmit(apduout,protocol= self.pcsc_protocol)
  File "/usr/lib/python2.7/site-packages/smartcard/CardConnectionDecorator.py", line 82, in transmit
    return self.component.transmit(bytes, protocol)
  File "/usr/lib/python2.7/site-packages/smartcard/CardConnection.py", line 140, in transmit
    data, sw1, sw2 = self.doTransmit(bytes, protocol)
  File "/usr/lib/python2.7/site-packages/smartcard/pcsc/PCSCCardConnection.py", line 175, in doTransmit
    raise CardConnectionException('Failed to transmit with protocol ' + dictProtocolHeader[pcscprotocolheader] + '. ' + SCardGetErrorMessage(hresult))
smartcard.Exceptions.CardConnectionException: Failed to transmit with protocol T1. Card protocol mismatch.
Exception AttributeError: AttributeError("'NoneType' object has no attribute 'disconnect'",) in <bound method PCSCCardConnection.__del__ of <smartcard.pcsc.PCSCCardConnection.PCSCCardConnection instance at 0x7f8b82c5ed88>> ignored

(You don't need to know rfidiot to understand what I'm getting at)
After this I tested it with a different rfid reader and got this:

formatmifare1k v0.1b (using RFIDIOt v1.0a)
  Reader: PCSC SCL011 Contactless Reader [SCL01x Contactless Reader] (21161040244032) 00 00

Card ID: ECC366D3

*** Warning! This will overwrite all data blocks! Proceed (y/n)? y
 sector 01: Keytype: FF login failed

 sector 02: Keytype: FF login failed

 sector 03: Keytype: FF login failed

 sector 04: Keytype: FF login failed

 sector 05: Keytype: FF login failed

 sector 06: Keytype: FF login failed

 sector 07: Keytype: FF login failed

 sector 08: Keytype: FF login failed

 sector 09: Keytype: FF login failed

 sector 0a: Keytype: FF login failed

 sector 0b: Keytype: FF login failed

 sector 0c: Keytype: FF login failed

 sector 0d: Keytype: FF login failed

 sector 0e: Keytype: FF login failed

 sector 0f: Keytype: FF login failed

So I think it is a driver problem. (Can't be sure)

  • rconty
  • Administrator
  • Offline
  • Registered: 2009-04-22
  • Posts: 673

Re: Format/overwrite of mifare classic doesn't work correctly

BlackLotus wrote:

Even after adding the key for sector 0 to the source.

Really strange ! Are you sure your card is not dead ?

BlackLotus wrote:

Is there an easy way to increase the time the reader waits for the response?

Hmm, its possible but not easy, one new function have to be exposed in libnfc's API.

BlackLotus wrote:

When writing to the empty cards there were no errors at all, how could this happen?

Dead card, maybe.

BlackLotus wrote:

PS. Maybe it would work if it tries to rewrite a block after a time out?!?

You could try... but error seems to come from card or timeouts.

Romuald Conty
  • Registered: 2011-10-28
  • Posts: 9

Re: Format/overwrite of mifare classic doesn't work correctly

rconty first thanks for answering all my open posts. wink

rconty wrote:

Really strange ! Are you sure your card is not dead ?

I can still read the card and when I write to the card a few sectors are written.

rconty wrote:
BlackLotus wrote:

When writing to the empty cards there were no errors at all, how could this happen?

Dead card, maybe.

It was the same card (only used a few times) when it was empty it worked without a problem but the next writing process failed like described.
I have a few theories.
1)
Could it be that I got a slightly differnet touchatag device and the pcscd/libnfc driver only works on empty cards 100% correct?
2)
Card/Reader is slower -> ergo gets timeouts

And wouldn't it be easily possible to implement a retry when writing to one sector fails it could wait 1/10 sec and try again to write to this sector (maybe up to 3 times).This could eliminate writing errors.
Thx for your help