Hacker News new | ask | show | jobs
by ewpratten 550 days ago
Ya, I have no clue tbh.

This is one of those cases where I know I really should investigate further, but I'm taking this one step at a time. Perhaps digging in to the "why" will become a follow-up post
2 comments
pm 550 days ago
I didn't intend for what I wrote to be a criticism; that's on me. I just found it funny the most interesting step was akin to "... and now you've drawn the animal", if you understand the reference.
link
stavros 550 days ago
But what happens if you dump the card with the Proxmark? Surely you should be able to see some differences.

Actually, I have all the components, so I'll try this now and report back.

link
ewpratten 550 days ago
My quick eye-skim didn't see much, but I'll do a byte-for-byte diff. I imagine its a difference in the NDEF headers? (but even that doesn't make sense, since I wrote the headers again from the pm3)
link
stavros 550 days ago
Well it turns out I'm much worse at this than I thought, as I can't even figure out what kind of cards I have. I'm learning, though!
link
ewpratten 550 days ago
HN formatting is going to do bad things here..

Here's the first 6 blocks of the card after I ran through the instructions of the post, then a ndefformat-only card (that never touched an iphone).

[=] 0 | 0 | 00 56 78 BB 95 08 04 00 02 B2 1E 24 23 27 1E 1D | .Vx........$#'.. [=] | 1 | 14 01 03 E1 03 E1 03 E1 03 E1 03 E1 03 E1 03 E1 | ...�.�.�.�.�.�.� [=] | 2 | 03 E1 03 E1 03 E1 03 E1 03 E1 03 E1 03 E1 03 E1 | .�.�.�.�.�.�.�.� [=] | 3 | A0 A1 A2 A3 A4 A5 78 77 88 C1 89 EC A9 7F 8C 2A | ......xw.......* [=] 1 | 4 | 00 00 03 12 D1 01 0E 55 04 65 77 70 72 61 74 74 | ....�..U.ewpratt [=] | 5 | 65 6E 2E 63 6F 6D FE 00 00 00 00 00 00 00 00 00 | en.com�.........

[=] 0 | 0 | 00 56 78 BB 95 08 04 00 02 B2 1E 24 23 27 1E 1D | .Vx........$#'.. [=] | 1 | 14 01 03 E1 03 E1 03 E1 03 E1 03 E1 03 E1 03 E1 | ...�.�.�.�.�.�.� [=] | 2 | 03 E1 03 E1 03 E1 03 E1 03 E1 03 E1 03 E1 03 E1 | .�.�.�.�.�.�.�.� [=] | 3 | A0 A1 A2 A3 A4 A5 78 77 88 C1 89 EC A9 7F 8C 2A | ......xw.......* [=] 1 | 4 | 03 00 FE 00 00 00 00 00 00 00 00 00 00 00 00 00 | ..�............. [=] | 5 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

link
stavros 550 days ago
Here's mine:

https://www.pastery.net/tckuyc+dausye/

link
ewpratten 550 days ago
Ya, looks like the iPhone is tinkering with the NDEF message itself.

If my Android phone wasn't dead, I'd love to compare an iPhone's write against the Android NFC Tools app's write.

If anyone else has an iPhone, an Android phone, and a Proxmark, I'd be interested in seeing a three-way diff between them all.

EDIT: I'm going to try to cross-post to the DT forum to see if anyone has ideas.

link
ewpratten 550 days ago
Proxmark's "auto" command should get you most of the way to knowing. Then check if any of the "hf mf c*" commands work on it (in which case, you have a gen1a magic card)
link
stavros 550 days ago
Nice, I didn't know about auto, thanks! It turns out I have some Gen 1a "magic" cards (as in, actually in a card form factor), and some tags that seem to be Gen 3, but not magic?
link
ewpratten 550 days ago
There's approx 4 generations of "Magic".

Gen 1, 1a, 3 and 4 all use special commands to unlock and edit block 0.

Gen 2 treats block 0 as always being r/w. This allows Android phones to directly write to it (but also makes it possible to lock the card).

In terms of pm3 commands, "auto" tries everything. You might also want to use "lf search" or "hf search" to only try one of your antennas and not the other.

The actual Magic part isn't really important here, since my phone doesn't even care about block 0. It just makes it easier to read and wipe the card when you have the extra command set at your disposal.

link
ewpratten 550 days ago
Hm, its definitely blocks 0-2. All remaining blocks after that are identical.

Going to look further at the actual data in the first 3 blocks momentarily.

link