Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2023-08-01 12:39:36

cantjie
Contributor
Registered: 2023-08-01
Posts: 2

Hello, and my sincere thanks?

Hello, I am from mainland  China. I here want to express my sincere thanks to this forum. And thank you @Sentinel [I dont know how to notice him/her.]

I got in trouble when trying to clone my flat room card. I just googled one of the KeyAs of my IC card and find the only result: fid=4480. With the hint from Sentinel, I successfully got the KeyB of my card.

I just want to reply on the fid=4480 post, and I am glad to register to this forum. Thank you. Below is what i want to reply in post 4480:

Thank you very much Sentinel!

I meet the problem when trying to clone my flat door card.
1. I found my card's sector 1 encrypted with unknown keys. So firstly I tried to brute force the keys with PN532. And I successfully got the keyA. However, after about 0.7M attempts, I failed to find keyB.
2. Just as i was trying more attempts (actually, this may theorically cost thousands of years), I googled the keyA and found this post. I then knew that the KeyB is related to the UID.
3. Although I do not find my UID bytes in reply#21, I find that the lower 4 bits follow the rule: $x+y=5$, where x and y are the lower 4 bits of UID bytes and KeyB bytes.
4. So, this complexity come down to at most (2^(4*4) =)65536 attempts. For me, the KeyB  is in this pattern: XAX3X1XF9595, where the X stands for unknow 4 bits.

Finally, after minutes of attempts with my PN532, I got my card's KeyB!

I'd really appreciate your post. Thank you!

Offline

#2 2023-08-02 18:22:44

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Hello, and my sincere thanks?

Welcome and thank you for reading the introduction post http://www.proxmark.org/forum/viewtopic.php?id=1125.

Your access rights has been updated.

Offline

Board footer

Powered by FluxBB