How to fix soft-bricked Magic Tag?

What is the soft-bricked Magic Tag?

The soft-bricked means the magic card is set with the wrong configuration and cannot be identified or detected by the readers or the NFC on the phone. And it still can be fixed. 

What may result in soft-brick?

1. Wrong BCC
2. Wrong SAK
3. Wrong ATQA
4. Wrong ATS
5. Invalid Access Control Bytes

Which soft-brickeded Magic tag can be fixed?

1. Gen1A Mifare Classic 1K S50 – 4 Bytes UID
2. Gen2 Can not be fixed if invalid BCC, SAK or ATQA. 
3. Gen3 Mifare Classic 1K S50 – 4 Bytes UID Mifare Classic 1K S50 – 7 Bytes UID Mifare Classic 1K S70 – 4 Bytes UID Mifare Classic 1K S70 – 7 Bytes UID
4. Gen4 Ultimated Magic Card
5. DESFire UID Changeable DESFire Card – 7 Bytes UID UID Changeable DESFire Card – 4 Bytes UID

How to fix soft-brick Gen1A Tag

Using Proxmark3 / iCopy-XS

Run command hf mf csetuid --uid 11223344

Using All-in-one PN532

Use UID Changer in MTools Lite, checked bricked and execute.

How to fix soft-brick Gen3 Tag

The UID/SAK/ATQA information of the Gen3 tag is not from the block 0. So if there exist invalid data in block0, it just need to write the block0 with a valid one. 

Valid Example Data

4 Byte UID block 0 11223344440804000102030405060708090A0B0C0D0E0F 7 Byte UID block 0 112233445566770844000102030405060708090A0B0C0D

Using Proxmark3 / iCopy-XS

Run command hf 14a raw -s -c -t 2000 90F0CCCC10 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Using All-in-one PN532

Use UID Changer in MTools Lite and execute to set new uid.

How to fix soft-brick Gen4 Tag

Mostly the Gen4 tag will be no response to the reader or the phone NFC after set SAK to 0x20 or 0x28 without ATS settings. To make the card back to live, it has to be reset to the Mifare Classic Type.

Using Proxmark3 / iCopy-XS

Set to Mifare Classic S50 4B, Run command hf 14a raw -s -c -t 1000 CF00000000F000000000000002000978009102DABC19101011121314151604000800