(Solved) Key Extraction from trace

trilby · 2016-04-21 13:05:12

Hoping you can help me out with this. As I am well and truly stuck.

I have been using the proxmark3 HF MF Sniff command. I have been trying to extract the keys from the following trace

received trace len: 383 packages: 1

tag select uid:9b 30 52 81 atqa:0x0004 sak:0x08

RDR(0):60 03 6e 49

TAG(1):62 90 ba 99

RDR(2):57 98 b7 de d7 44 07 39

TAG(3):3d 53 7e 54

RDR(4):70 73 28 2a

TAG(5):cc b3 db b3 33 47 08 81 3c df 65 bd 6f 60 f7 07 3e 8d

RDR(6):df ac d5 43

TAG(7):60 04 9e d5 a8 4d 50 99 30 10 04 ad 36 05 6c 40 b3 7f

RDR(8):02 64 b9 fa

TAG(9):b6 3b d2 fb

RDR(10):b5 02 67 75 3f d6 63 45

TAG(11):b8 af c4 e0

RDR(12):fc a2 f3 d0

TAG(13):f9 01 ac 8e 5c 43 18 36 a1 3c f0 92 8c bb 80 d0 f4 18

RDR(14):48 b8 78 05

TAG(15):8f 3c 91 cf 24 c8 59 26 eb 5d af f8 e2 9f da ae 68 70

RDR(16):94 41 8d 76

TAG(17):d8 54 9f 3a 1e cd 92 9b d4 90 ea 97 4b 12 c1 42 f1 11

tag select uid:9b 30 52 81 atqa:0x0004 sak:0x08

RDR(18):50 00 57 cd

While testing what I believed to be the key I have been unsuccessful.

Can you help me extract the following

tag challenge,

reader challenge,

reader response

tag response.

Last edited by trilby (2016-04-22 11:47:01)

trilby · 2016-04-21 13:06:13

Below is another trace if it helps

received trace len: 383 packages: 1

tag select uid:9b 30 52 81 atqa:0x0004 sak:0x08

RDR(0):60 03 6e 49

TAG(1):fe 2c a4 9d

RDR(2):1c 2d 93 ae e5 9c cc 15

TAG(3):49 bf 6b d4

RDR(4):12 7b ab af

TAG(5):0a 12 2f bf 83 e3 99 ed df 73 b0 0f bc 75 da cc 76 f1

RDR(6):bc 73 84 92

TAG(7):52 fb 2d f1 14 62 bc 8f 10 10 57 fd 4a 00 e4 7a 9a 97

RDR(8):f6 8a 85 8a

TAG(9):e1 f6 48 f8

RDR(10):e6 01 a3 d8 f5 85 5f f2

TAG(11):0c ef da 99

RDR(12):4c 2d 7a 82

TAG(13):b0 d2 c7 ee 83 42 88 ff 96 f4 4f 40 83 a9 e1 c2 8e 01

RDR(14):d2 e8 2f 27

TAG(15):bb 8a dd 04 42 db 07 f6 0b 48 ce af 54 8a bf 09 7a df

RDR(16):91 38 44 25

TAG(17):08 76 dc dc c2 5e 39 da f0 b1 b9 fa b6 04 be 13 b4 01

tag select uid:9b 30 52 81 atqa:0x0004 sak:0x08

RDR(18):50 00 57 cd

iceman · 2016-04-21 13:16:24

In that case, you could use the mfkey* commands. You find them under the /tools/mfkey folder. You need to build them.

If you look at the sample below, you can figure out which data goes where.

taken from your trace:
mfkey64.exe 9b305281 6290ba99 5798b7de d7440739 3d537e54

MIFARE Classic key recovery - based 64 bits of keystream
Recover key from only one complete authentication!

Recovering key for:
  uid: 9b305281
   nt: 6290ba99
 {nr}: 5798b7de
 {ar}: d7440739
 {at}: 3d537e54

LFSR succesors of the tag challenge:
  nt': aa7f482c
 nt'': b1cb7616

Keystream used to generate {ar} and {at}:
  ks2: 7d3b4f15
  ks3: 8c980842

Found Key: [a0a1a2a3a4a5]

Time : 62 ticks

trilby · 2016-04-21 13:22:50

iceman wrote:

In that case, you could use the mfkey* commands. You find them under the /tools/mfkey folder. You need to build them.

If you look at the sample below, you can figure out which data goes where.

taken from your trace:
mfkey64.exe 9b305281 6290ba99 5798b7de d7440739 3d537e54

MIFARE Classic key recovery - based 64 bits of keystream
Recover key from only one complete authentication!

Recovering key for:
  uid: 9b305281
   nt: 6290ba99
 {nr}: 5798b7de
 {ar}: d7440739
 {at}: 3d537e54

LFSR succesors of the tag challenge:
  nt': aa7f482c
 nt'': b1cb7616

Keystream used to generate {ar} and {at}:
  ks2: 7d3b4f15
  ks3: 8c980842

Found Key: [a0a1a2a3a4a5]

Time : 62 ticks

I have just tryed the key but this only provides the sector 0 key A. I am trying to access other sectors within the card that have different keys.

I am unable to work out what sector the reader is authenticating against aswell.

iceman · 2016-04-21 13:28:11

Have you tried the nested command now that you have one key?
and read up on the mifare procotol regarding which block the authentication aiming at.

trilby · 2016-04-21 13:33:21

iceman wrote:

Have you tried the nested command now that you have one key?
and read up on the mifare procotol regarding which block the authentication aiming at.

Unfortunatly the card is not vunrable to a nested attack. It appears to be a card with the RNG fixed

iceman · 2016-04-21 13:36:16

Lucky for you that you have a key and the hardnested attack.

trilby · 2016-04-21 14:42:30

iceman wrote:

Lucky for you that you have a key and the hardnested attack.

Are there any guides for the hard nested attack as I shall need to update the version of proxmark I am running, as the "HF MF hardnested" is missing

iceman · 2016-04-21 15:08:32

Blessed is he who searches, for him it shall be given.

trilby · 2016-04-22 08:24:38

iceman wrote:

Blessed is he who searches, for him it shall be given.

Ok Iceman.

Can you maybe help me with this error when building your fork of proxmark.

I run the command make clean && make all
it runs for a while then fails with the following error

I/opt/local/include -I../liblua -Wall -g -DHAVE_GUI -DZ_SOLO -DZ_PREFIX -DNO_GZIP -DZLIB_PM3_TUNED -c -o obj/cmdhfmfhard.o cmdhfmfhard.c
/tmp/ccpU6ywp.s: Assembler messages:
/tmp/ccpU6ywp.s:3472: Error: no such instruction: `vfmadd312sd 80(%rsp),%xmm0,%xmm1'
make[1]: *** [obj/cmdhfmfhard.o] Error 1
make[1]: Leaving directory `/home/user/iceman/proxmark3/client'
make: *** [client/all] Error 2

Any thoughts as I have used my google-fu and all i am getting is links to cmake.

iceman · 2016-04-22 08:49:51

remove the "-march=native" in the client\makefile

You can try to replace it with: "-mmmx" or "-msse"
Read more on this commit: https://github.com/aczid/crypto1_bs/com … e5694d53f2

trilby · 2016-04-22 09:44:13

iceman wrote:

remove the "-march=native" in the client\makefile
You can try to replace it with: "-mmmx" or "-msse"
Read more on this commit:

Many thanks for all the help Iceman that it is now compiling and running.

When I run "hf mf hardnested 0 A A0A1A2A3A4A5 4 A"

I get alot of the following errors

"#db# AcquireNonces: Auth1 error"

I have tested the key A against sector 0 and reading the card is fine with readers I have here so I know that the key is correct.

Here is the startup information
bootrom: master/v2.2.0-57-g9dd0ac5-suspect 2015-09-23 15:21:34
os: icemanmaster/v1.1.0-1252-g92243fc-dirty-suspect 2016-04-21 16:55:00
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at 9: 8: 8

uC: AT91SAM7S512 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 213601 bytes (41%). Free: 310687 bytes (59%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory

iceman · 2016-04-22 10:08:34

That good that it compiles.
There is options for hardnested to collect nonces slower, or maybe your tag is not so good positioned above your antenna.

trilby · 2016-04-22 10:16:31

iceman wrote:

That good that it compiles.
There is options for hardnested to collect nonces slower, or maybe your tag is not so good positioned above your antenna.

I have tried using "s" at the end to slow down nonce collection but it still has the same result. I have also re-positioned the tag in multiple positions.

Here is the results from the 14a read command

hf 14a read
Card doesn't support standard iso14443-3 anticollision
ATQA : 20 00

I am at a major loss as to what could be causing my issues.

iceman · 2016-04-22 10:28:13

since your output from "hf 14a read" suggests bad reading of tag. You need to have about 1-2cm distance between tag and antenna. Find the spot where you get consistent reads, then try running hardnested..

trilby · 2016-04-22 11:24:30

iceman wrote:

since your output from "hf 14a read" suggests bad reading of tag. You need to have about 1-2cm distance between tag and antenna. Find the spot where you get consistent reads, then try running hardnested..

I have managed to get the data I needed many thanks for your help Iceman.

I have had to mount the coil about 5cm from the card.

iceman · 2016-04-22 11:42:48

Great, I may suggest that you rename the topic (in your first post) to it says [solved] in the beginning of your title.

And thats one strong antenna you have.

trilby · 2016-04-22 11:45:53

iceman wrote:

Great, I may suggest that you rename the topic (in your first post) to it says [solved] in the beginning of your title.
And thats one strong antenna you have.

I do not appear to have the ability to edit posts yet

Edit never mind the ability appeared on my 10th post

Last edited by trilby (2016-04-22 11:46:39)

Proxmark3 community

Announcement

#1 2016-04-21 13:05:12

(Solved) Key Extraction from trace

#2 2016-04-21 13:06:13

Re: (Solved) Key Extraction from trace

#3 2016-04-21 13:16:24

Re: (Solved) Key Extraction from trace

#4 2016-04-21 13:22:50

Re: (Solved) Key Extraction from trace

#5 2016-04-21 13:28:11

Re: (Solved) Key Extraction from trace

#6 2016-04-21 13:33:21

Re: (Solved) Key Extraction from trace

#7 2016-04-21 13:36:16

Re: (Solved) Key Extraction from trace

#8 2016-04-21 14:42:30

Re: (Solved) Key Extraction from trace

#9 2016-04-21 15:08:32

Re: (Solved) Key Extraction from trace

#10 2016-04-22 08:24:38

Re: (Solved) Key Extraction from trace

#11 2016-04-22 08:49:51

Re: (Solved) Key Extraction from trace

#12 2016-04-22 09:44:13

Re: (Solved) Key Extraction from trace

#13 2016-04-22 10:08:34

Re: (Solved) Key Extraction from trace

#14 2016-04-22 10:16:31

Re: (Solved) Key Extraction from trace

#15 2016-04-22 10:28:13

Re: (Solved) Key Extraction from trace

#16 2016-04-22 11:24:30

Re: (Solved) Key Extraction from trace

#17 2016-04-22 11:42:48

Re: (Solved) Key Extraction from trace

#18 2016-04-22 11:45:53

Re: (Solved) Key Extraction from trace

Board footer