MIFARE Classic Tool (MCT)
An Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags.
- Read MIFARE Classic tags
- Save, edit and share the tag data you read
- Write to MIFARE Classic tags (block-wise)
- Clone MIFARE Classic tags
(Write dump of a tag to another tag; write 'dump-wise')
- Key management based on dictionary-attack
(Write the keys you know in a file (dictionary).
MCT will try to authenticate with these
keys against all sectors and read as much as possible.
See chapter Getting Started.)
- Format a tag back to the factory/delivery state
- Write the manufacturer block of special MIFARE Classic tags
- Use external NFC readers like ACR 122U
(See the Help & Info section
for more information.)
- Create, edit, save and share key files (dictionaries)
- Decode & Encode MIFARE Classic Value Blocks
- Decode & Encode MIFARE Classic Access Conditions
- Compare dumps (Diff Tool)
- Display generic tag information
- Display the tag data as highlighted hex
- Display the tag data as 7-Bit US-ASCII
- Display the MIFARE Classic Access Conditions as a table
- Display MIFARE Classic Value Blocks as integer
- In-App (offline) help and information
- It's free software (open source). ;)
This tool provides several features to interact with (and only with)
MIFARE Classic RFID-Tags. It is designed for users who have at least
basic familiarity with the MIFARE Classic technology.
You also need an understanding of the hexadecimal number system,
because all data input and output is in hexadecimal.
Some important things are:
- The features this tool provides are very basic. There are no such
fancy things like saving a URL to an RFID-Tag with a nice looking
graphical user interface. If you want so save things on a tag,
you have to input the raw hexadecimal data.
- This App can not crack/hack
any MIFARE Classic keys. If you want to read/write an RFID-Tag, you
first need keys for this specific tag. For additional information
please read/see chapter Getting Started.
- There will be no "brute-force" attack
capability in this application. It is way too slow due
to the protocol.
- The first block of the first sector of an original
MIFARE Classic tag is read-only i.e. not writable. But there
are special MIFARE Classic tags that support writing to the
manufacturer block with a simple write command. This App is able to
write to such tags and can therefore create fully correct clones.
However, some special tags require a special command sequence to
put them into the state where writing to the manufacturer block is
possible. These tags will not work.
Remember this when you are shopping for special tags!
Also, make sure the the BCC value is correct before writing. The BCC
is the first byte after the UID. It is calculated by XOR-ing all
bytes of the UID.
- This app will not work on some devices because their hardware
(NFC-controller) does not support MIFARE Classic
You can find a list of incompatible devices
For further information about MIFARE Classic check
do some Google searches
or read the
MIFARE Classic (1k) 'Datasheet'
(PDF) from NXP.
First of all, you need the keys for the tag you want to read.
Due to some weaknesses in MIFARE Classic, you can retrieve
all the keys (A and B) of a tag with tools like the
normal RFID-Readers and some special software
The application comes with standard key files called
std.keys and extended-std.keys, which contains the
well known keys and some standard keys from a short Google search.
You can try to read a tag with this key file using
"Read Tag" from main menu.
Once you know some keys, you can put them into a simple text
file (one key per line). You can do this on your PC and transfer
the file to the MifareClassicTool/key-files/
directory (on external storage), or you can create a new key file via
"Edit or Add Key File" from main menu.
If you are finished setting up your key file, you can read a tag
using "Read Tag" from main menu.
Advantages of the Key Files Concept:
- You don't have to worry about which key is for which sector.
The application tries to authenticate with all keys from the key
- You don't have to know all the keys.
If neither key A nor key B for a specific sector is found in the
key file (dictionary), the application will skip reading said
This dictionary-attack based mapping process
(keys <-> sectors) makes it easy for you to read as much as
possible with the keys you know!
This application was originally developed by
Gerhard Klostermeier in cooperation with SySS GmbH
(www.syss.de) and Aalen
University (www.htw-aalen.de) in 2012/2013.
It is free software and licensed under the
GNU General Public License v3.0 (GPLv3)
Icons used in this application:
MIFARE® is a registered trademark of NXP Semiconductors.