Author: Matías A. Ré Medina Frequency: HF (13.56 MHz) Hardware: Generic Proxmark3
Back to Standalone Modes Index | Source Code | Development Guide
A full MIFARE Classic attack chain: discovers MFC cards, checks keys from a built-in dictionary, dumps the card using ecfill, then emulates it. Supports MIFARE Classic 1K and 4K.
MIFARE Classic is the most widely deployed contactless smart card worldwide — used in transit, access control, and loyalty systems. MattyRun automates the complete attack pipeline on-device:
- Find the card
- Recover the keys (from dictionary)
- Dump all data
- Emulate the full card at a reader
No laptop required at any step.
- READ: Scans for MIFARE Classic cards (anticollision, ATQA/SAK check)
- ATTACK: Checks keys from the built-in dictionary against all sectors. Uses nested authentication attack if partial keys are found
- LOAD: Performs ecfill to dump the card data into the emulator memory
- EMULATE: Simulates the complete MIFARE Classic card including all sector keys and data
LED D lit during emulation indicates a partial dump (some sectors couldn't be read).
| LED | Meaning |
|---|---|
| C + D (solid) | Idle / searching for card |
| C + D (blinking) | Authenticating / checking keys |
| B (solid) | Attack mode (nested) |
| A + B + C (solid) | Loading data to emulator |
| A + B + C + D (solid) | Emulating (D = partial dump warning) |
| Action | Effect |
|---|---|
| Hold 280ms | Exit standalone mode |
| Short press | No effect (purely state-machine driven) |
stateDiagram-v2
[*] --> READ : Startup\nLED_C+D
READ --> ATTACK : MFC card found\nLED_C+D blink
READ --> READ : No card found
ATTACK --> LOAD : Keys recovered\nLED_B
ATTACK --> READ : No keys found\n(retry with new card)
LOAD --> EMULATE : ecfill complete\nLED_A+B+C
EMULATE --> [*] : Button hold\nLED_A+B+C+D
note right of EMULATE
LED_D lit = partial dump
(some sectors unreadable)
end note
make clean
make STANDALONE=HF_MATTYRUN -j
./pm3-flash-fullimage
- VIGIKPWN — MIFARE Classic with VIGIK-specific keys
- MFC Simulator — Simulate MFC from flash dumps
- Young MFC Sniff/Sim — UID-based MFC sniff and sim
- MIFARE Classic Notes — Key recovery and attack techniques
- Magic Cards Notes — Writing to magic/CUID cards