Some ideas about staticnested

wdywmz · 2022-02-14 18:07:08

Why not try this idea?
Can I get the password directly?

in mifarehost.c

// the statelists now contain possible keys. The key we are searching for must be in the
// intersection of both lists
qsort(statelists[0].head.keyhead, statelists[0].len, sizeof(uint64_t), compare_uint64);
qsort(statelists[1].head.keyhead, statelists[1].len, sizeof(uint64_t), compare_uint64);
// Create the intersection
statelists[0].len = intersection(statelists[0].head.keyhead, statelists[1].head.keyhead);

Is the above code suitable for staticnested?

iceman · 2022-02-15 20:16:38

Please try it and tell us how it went!

wdywmz · 2022-02-16 02:57:01

I've tested it, but the intersection is 0

In theory, create two lists. Each list should have real password data. The intersection of the two lists should be the only password data, but why is the intersection 0?

But in China, it has been studied to let the staticnested command calculate the password directly in three seconds.

iceman · 2022-02-16 20:01:01

Do you have a link to the "in China, it has been studied to let the staticnested command calculate the password directly in three seconds" work?

wdywmz · 2022-02-17 16:51:13

Look this!

http://ls.txts.fun/Desktop.rar

Please let me know after you download it! I'm going to delete it!

wdywmz · 2022-02-17 16:55:47

[+] UID: B3 45 5B A0
[+] ATQA: 00 04
[+] SAK: 08 [2]
[+] Possible types:
[+] MIFARE Classic 1K
[=] proprietary non iso14443-4 card found, RATS not supported
[#] 1 static nonce 01200145
[+] Static nonce: yes
[#] Auth error

The card is 【1 static nonce 01200145】

Last edited by wdywmz (2022-02-17 16:57:19)

iceman · 2022-02-17 20:42:42

I got it. Thanks.
The pictures shows that they are reading Key B from having Key A. Not sure if thats how they do it, but if it is then it's a known way and already implemented both in pm3 and libnfc.
It only works if the access rights (ACL) allows for it.

iceman · 2022-02-17 20:54:45

Speaking of which, the video show that they are using libnfc stuff. Around 1.20-1.30 you see that they use staticnested to get a key. They got 55526 candidate keys, which they are now trying to find which is the correct.
It actually looks like they are using mylazycracker .... but translated to Chinese.

The only thing in that video that I am curious of is how they are getting the KEY A that fast..... There might be something there.

wdywmz · 2022-02-18 04:53:56

in mifarehost.c

// the statelists now contain possible keys. The key we are searching for must be in the
// intersection of both lists
qsort(statelists[0].head.keyhead, statelists[0].len, sizeof(uint64_t), compare_uint64);
qsort(statelists[1].head.keyhead, statelists[1].len, sizeof(uint64_t), compare_uint64);
// Create the intersection
statelists[0].len = intersection(statelists[0].head.keyhead, statelists[1].head.keyhead);

Is the above code suitable for staticnested?

Create two lists of data. Will there be an intersection between them?
Can we quickly calculate the password from this intersection?

wdywmz · 2022-02-18 05:02:28

532nfc decryption staticnested algorithm is transplanted from PM3 source code.
The algorithm is inspired by PM3 source code

Last edited by wdywmz (2022-02-18 13:50:15)

wdywmz · 2022-02-23 15:19:21

@iceman，Do you have email? I'll send you some information to see.
There are no private messages in this forum

Proxmark3 community

Announcement

#1 2022-02-14 18:07:08

Some ideas about staticnested

#2 2022-02-15 20:16:38

Re: Some ideas about staticnested

#3 2022-02-16 02:57:01

Re: Some ideas about staticnested

#4 2022-02-16 20:01:01

Re: Some ideas about staticnested

#5 2022-02-17 16:51:13

Re: Some ideas about staticnested

#6 2022-02-17 16:55:47

Re: Some ideas about staticnested

#7 2022-02-17 20:42:42

Re: Some ideas about staticnested

#8 2022-02-17 20:54:45

Re: Some ideas about staticnested

#9 2022-02-18 04:53:56

Re: Some ideas about staticnested

#10 2022-02-18 05:02:28

Re: Some ideas about staticnested

#11 2022-02-23 15:19:21

Re: Some ideas about staticnested

Board footer