Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2013-08-01 15:47:47

dgiordan
Member
Registered: 2013-08-01
Posts: 2

decrypt Message after Authentication using data sniffed

Hello, sorry I am new of this community. I read some thread about how to retrieve plain text from cipher-text after authentication.
But when I computer k4 to decrypt I get a different message respect what I expect.

R--> T        26
T --> R       04 00
R--> T        93 20
T --> R       2a 69 8d 43 8d
R--> T        93 70 2a 69 8d 43 8d
T --> R       08 b6 dd
R--> T        60 04 d1 3d
T --> R       3b ae 03 2d
R--> T        c4 94 a1 d2 6e 96 86 42
T --> R       84 66 05 9e
R--> T        7d de a6 b3
T --> R       e7 ee e3 ab 0f 89 bb ed 44 b1 91 ce ef 8a 4d ce

I got:
  Keystream used to generate {ar} and {at}:
  ks2: 1159b281
  ks3: 02fbbe4b


Found Key: [ffffffffffff]

I am trying to decrypt: 7d de a6 b3  that should be: 30 04 cd d1.

I did:
enc =  7d de a6 b3; (message encrypted)
I compute Ks4 as: k4 = enc ^ prng_successor(nt, 128);
ks4: ffa08ef5

And then

7d de a6 b3 XOR ffa08ef5 = 82 7E 28 44

Where I am I wrong?

I hope I did not duplicate an other thread but I did find the answer.

Thank you very much.

Offline

#2 2013-08-08 20:59:15

dgiordan
Member
Registered: 2013-08-01
Posts: 2

Re: decrypt Message after Authentication using data sniffed

Studying deeper and reading a thread in this forum I get that I was computing ks4 in the wrong way.
Now I should computing it correctly (ks4 = crypto1_word(revstate,0,0);) getting  ks4 = 61652568. But If I use the XOR opearator the plain text is wrong. Where am I wrong? Thanks, bye.

Offline

#3 2013-09-09 06:23:03

daos
Contributor
Registered: 2013-09-09
Posts: 18

Re: decrypt Message after Authentication using data sniffed

To able to read the contents in your card you have to read the block or sector, not the sniff list.
BUT it's also the blocks are in cipher text, I think is in DES with CRC  additionally have the MAC
To read the contents you need a master key and depend of yout card the key of the sector.
I you have some clue plz let me know

Offline

Board footer

Powered by FluxBB