Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2013-12-22 01:43:48

clayer
Contributor
Registered: 2013-12-22
Posts: 45

Mifare Plus SL1 and reader

I have Mifare Plus SL1 and plan to order Proxmark in order to know keys using sniffing method (having device which authenticates and reads requied sector card too).

Can Proxmark help???

Offline

#2 2013-12-22 08:37:19

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Mifare Plus SL1 and reader

It depends on card configuration, il crypto1 is used i think it is possible (i don't have one to test), if AES is used (i presume this last one is the default configuration) you are out of luck. Look at here for more info:https://docs.google.com/spreadsheet/lv? key=0AhSppbiz67RGdDZlSWlBQnF5RDN5Nm1HckRBU1VtQ3c#gid=29

Offline

#3 2013-12-22 10:53:19

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: Mifare Plus SL1 and reader

Mifare Plus in SL1 offers an optional authentication with AES keys. It therefore depends on the system's configuration what you can achieve and it depends on your objectives if you can use what you have achieved:

  • For new generation Mifare cards (including Mifare Plus) the card only attacks (dark side and nested) don't work anymore.

  • If you have access to both a valid card and reader you should be able to extract the Crypto-1 keys used during a communication by sniffing

  • You should then be able to perform at least the same operations as the reader (reading/writing specific blocks) at least on this one valid card.

  • If the system doesn't use key diversification you can perform the same operations on other cards as well.

  • If the reader does the optional AES-authentication before allowing data transfers from/to the card, you will not be able to produce a working clone, even if you know the Crypto-1 keys.

Offline

#4 2013-12-22 12:15:27

clayer
Contributor
Registered: 2013-12-22
Posts: 45

Re: Mifare Plus SL1 and reader

- Target Mifare Plus Card have 48-bit keys, according to manual 48bit is always Crypto1, AES use 128bit.
- Sector 0 card uses A key A0A1A2A3A4A5 and authenticates using standard Mifare Classic command.
- Same system operates with Mifare Classic cards, (but Mifare Plus have some sectors diffrernt keys from Classic sad ) therefore i think it doesn`t have AES-authentication.

Offline

#5 2013-12-23 00:32:28

clayer
Contributor
Registered: 2013-12-22
Posts: 45

Re: Mifare Plus SL1 and reader

Does sniffer avaliable only for Proxmark or Libnfc can do this too?

Can this made with proxmark in standalone mode???

Offline

#6 2013-12-24 01:14:58

clayer
Contributor
Registered: 2013-12-22
Posts: 45

Re: Mifare Plus SL1 and reader

piwi wrote:

f the reader does the optional AES-authentication before allowing data transfers from/to the card, you will not be able to produce a working clone, even if you know the Crypto-1 keys.

Can happen this that reader uses AES for sector 1, but for sector 2 uses Crypto-1?

I know 100% that for some sectors system use Crypto-1 and i know keys from these sectors, tried to manipulate with data and was successed.

If reader does Aes authenication can i know Crypto-1 keys (i don`t need produce clone).

Thanks.

Offline

Board footer

Powered by FluxBB