Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2017-09-15 08:16:20
- Learner4Life
- Contributor
- Registered: 2017-09-14
- Posts: 13
Missing A Key - Sector 15 - Mifare 1K
I have already gone through Forum but could not locate resolution to my query.
I am trying to clone Mifare 1K access card with 4 byte UID. However, when i take card dump, i get access to Sector 15 but A Key is missing. Rest all sectors 1-14 have default info and default A/B keys (FFFFFFFFFFF)
How do i decrypt this? so that cloning can be done.?
Surprisingly, if clone is made without sector 15, new card works for Device accesses and not for Door or parking access.
Thanks
Last edited by Learner4Life (2017-09-15 08:19:27)
Offline
#2 2017-09-15 14:47:28
- lonewolf
- Contributor
- Registered: 2016-09-03
- Posts: 37
Re: Missing A Key - Sector 15 - Mifare 1K
I'm not sure why you felt the need to censor the access condition flags, but whatever. A nested or hardnested attack would be what I'd try next.
Offline
#3 2017-09-15 16:22:32
- Dot.Com
- Contributor
- From: Hong Kong
- Registered: 2016-10-05
- Posts: 180
- Website
Re: Missing A Key - Sector 15 - Mifare 1K
1) does your parking access has long range instead of the typical short range contact ?
-yes if long range, the card is combined with UHF card so the sector doesn't matter.
-no if not, yes that sector is important
If you are using the MCT, you can load up some known keys inside the pm3 source can test it. like a0a1a2a3a4a5 (the more typical one for a start)
I am guessing nested will just work well for it since it already worked with MCT.
Offline
#4 2017-09-15 20:12:35
- Learner4Life
- Contributor
- Registered: 2017-09-14
- Posts: 13
Re: Missing A Key - Sector 15 - Mifare 1K
I'm not sure why you felt the need to censor the access condition flags, but whatever. A nested or hardnested attack would be what I'd try next.
Appreciate your input.
Offline
#5 2017-09-15 20:20:21
- Learner4Life
- Contributor
- Registered: 2017-09-14
- Posts: 13
Re: Missing A Key - Sector 15 - Mifare 1K
1) does your parking access has long range instead of the typical short range contact ?
-yes if long range, the card is combined with UHF card so the sector doesn't matter.
-no if not, yes that sector is importantIf you are using the MCT, you can load up some known keys inside the pm3 source can test it. like a0a1a2a3a4a5 (the more typical one for a start)
I am guessing nested will just work well for it since it already worked with MCT.
Appreciate your input.
Parking seems to be short range just like access door. I am just wondering, if key is not there - block will be inaccessible however block 15 is accessible with key A missing (_ _ _) while Key B is (222222222222) . What does this mean? Also, do you think it is required to sniff reader to be able to decrypt/clone card?
A sincere request to members here, Can anybody share all latest/updated standard keys which i can use with MCT. I have tried looking around even bought a application on appstore - but no luck. Seems i am not looking for it at right place.
Pls help me out.
Offline
#6 2017-09-15 22:50:16
- lonewolf
- Contributor
- Registered: 2016-09-03
- Posts: 37
Re: Missing A Key - Sector 15 - Mifare 1K
I am just wondering, if key is not there - block will be inaccessible however block 15 is accessible with key A missing (_ _ _) while Key B is (222222222222) . What does this mean?
It means the access bits (the part you censored) are set to allow access to the block with Key B, and MCT was able to guess Key B.
Also, do you think it is required to sniff reader to be able to decrypt/clone card?
No. While that would work, a hardnested attack on the card with a PM3 should work as well.
A sincere request to members here, Can anybody share all latest/updated standard keys which i can use with MCT. I have tried looking around even bought a application on appstore - but no luck. Seems i am not looking for it at right place.
You're assuming the key is going to be in a standard key list - if it's not then a list of common keys is useless. Have you tried iceman's list? https://github.com/iceman1001/proxmark3/blob/master/client/default_keys.dic If it's not there then I doubt any list will have it.
Offline
#7 2017-09-16 10:20:02
- Learner4Life
- Contributor
- Registered: 2017-09-14
- Posts: 13
Re: Missing A Key - Sector 15 - Mifare 1K
You are right. I removed key B from my key stack and MCT failed to access sector 15.
Learner4Life wrote:Also, do you think it is required to sniff reader to be able to decrypt/clone card?
No. While that would work, a hardnested attack on the card with a PM3 should work as well.
Learner4Life wrote:A sincere request to members here, Can anybody share all latest/updated standard keys which i can use with MCT. I have tried looking around even bought a application on appstore - but no luck. Seems i am not looking for it at right place.
You're assuming the key is going to be in a standard key list - if it's not then a list of common keys is useless. Have you tried iceman's list? https://github.com/iceman1001/proxmark3/blob/master/client/default_keys.dic If it's not there then I doubt any list will have it.
Thank you for pointing this out. i have copied all these keys and used it in MCT. But no luck. So currently, i have all keys to this said card except one that is Sector 15 - Key A. Unfortunately i dont have access to hardnesting right away.
However, i tried to clone without Sector 15 - Key A. Cloned card could not access doors but can access devices like xerox machines. This is surprising for me, wonder how it happens.
Appreciate all your help.
I happen to see MCT with bruteforce. However, i am not able to get bruteforce version anywhere. Anybody can point towards bruteforce MCT download place?
Last edited by Learner4Life (2017-09-16 10:48:39)
Offline
#8 2017-09-16 15:31:11
- app_o1
- Contributor
- Registered: 2013-06-22
- Posts: 247
Re: Missing A Key - Sector 15 - Mifare 1K
How has the first sector, first block, been dealt with? Is it 100% same as your card?
Sniff communication and see if sector 15 is supposed to give key A. If yes, you have B so it's a 60 sec run to get A.
Offline
#9 2017-09-16 19:40:02
- Learner4Life
- Contributor
- Registered: 2017-09-14
- Posts: 13
Re: Missing A Key - Sector 15 - Mifare 1K
How has the first sector, first block, been dealt with? Is it 100% same as your card?
Yes. It is.
Sniff communication and see if sector 15 is supposed to give key A. If yes, you have B so it's a 60 sec run to get A.
Now this is something i am not very well versed (process and tools) with as of now. May be you/masters here can help me. I checked online but could not get complete and exact info.
Thanks
Offline
#10 2017-09-25 09:45:39
- Learner4Life
- Contributor
- Registered: 2017-09-14
- Posts: 13
Re: Missing A Key - Sector 15 - Mifare 1K
Ok. This challenge is getting more interesting now.
I am using Windows 7 - 64 Bit and my PM3 details are as below.
Tune details are as below.
Now, i have Mi 1K card wherein i know all keys except Key A - Sector 15.
When i try to do nested attack, it gives following message. Not sure, How to rightly place the command though i have tried all possible combination.
When i try to do hardnested attack, it gives following message.
So i am stuck even with latest PM3 around. Wish somebody can help me here.
Thanks
Last edited by Learner4Life (2017-09-25 09:52:33)
Offline
#11 2017-09-25 09:57:48
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: Missing A Key - Sector 15 - Mifare 1K
....you will need to read the helptext for hardnested since you are calling it the wrong way
Offline
#12 2017-09-25 10:38:38
- Learner4Life
- Contributor
- Registered: 2017-09-14
- Posts: 13
Re: Missing A Key - Sector 15 - Mifare 1K
....you will need to read the helptext for hardnested since you are calling it the wrong way
Appreciate your revert.
I have tried taking help using HF MF Hardnested help and it gives just 3 formats.
Now as i know i just need Key A for Sector 15 and i know Key A for secotr 0 is FFFFFFFFFFFF. i am keeping command as
HF MF Hardnested 0 A FFFFFFFFFFFF 15 A
But when i run this command , after few mins , it gives me key as FFFFFFFFFFFF which i know is wrong.
Not sure where i am going wrong
Last edited by Learner4Life (2017-09-25 10:48:45)
Offline
#13 2017-09-25 10:47:00
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: Missing A Key - Sector 15 - Mifare 1K
... you should take notice to details when you read the helptext...
Offline
#14 2017-10-12 01:33:19
- samburner3
- Contributor
- From: Sydney AUS
- Registered: 2015-03-01
- Posts: 51
Re: Missing A Key - Sector 15 - Mifare 1K
I have what seems to be a similar problem/type of card. All keys known except for sector 15 key A.
I can however read sector 15 with key B.
I have tried hardnested with Block 0 key A as the known key and target key A sector 15.
I have also tried sniffing the communication however nothing is picked up after multiple attempts.
An interesting thing to note is the readers stay red LED on a successful read with only a 1 beeb, whereas these readers I have seen before that turn green and a diffrent tone. (Not sure if relevant).
The website points out
Mifare Enhanced Security (MES) options are available to counter card-cloning attempts.
In addition to Mifare Classic security, the Gallagher system
implements an optional layer of security, “Mifare Enhanced Security”
(MES). MES helps protect against card cloning, denying access and
raising alarms upon unauthorised card presentation.
Typically Gallagher access control
information resides on sector 15 but it can be located on any sector
from 1-15.
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| a0a1a2a3a4a5 | 1 | b0b1b2b3b4b5 | 1 |
|001| ffffffffffff | 1 | ffffffffffff | 1 |
|002| ffffffffffff | 1 | ffffffffffff | 1 |
|003| ffffffffffff | 1 | ffffffffffff | 1 |
|004| ffffffffffff | 1 | ffffffffffff | 1 |
|005| ffffffffffff | 1 | ffffffffffff | 1 |
|006| ffffffffffff | 1 | ffffffffffff | 1 |
|007| ffffffffffff | 1 | ffffffffffff | 1 |
|008| ffffffffffff | 1 | ffffffffffff | 1 |
|009| ffffffffffff | 1 | ffffffffffff | 1 |
|010| ffffffffffff | 1 | ffffffffffff | 1 |
|011| ffffffffffff | 1 | ffffffffffff | 1 |
|012| ffffffffffff | 1 | ffffffffffff | 1 |
|013| ffffffffffff | 1 | ffffffffffff | 1 |
|014| a0a1a2a3a4a5 | 1 | b0b1b2b3b4b5 | 1 |
|015| ffffffffffff | 0 | b7bf0c13066e | 1 |
|---|----------------|---|----------------|---|Version:
Prox/RFID mark3 RFID instrument
bootrom: master/v3.0.1-70-gc19f26b-suspect 2017-09-27 07:20:24
os: master/v3.0.1-70-gc19f26b-suspect 2017-09-27 07:20:26
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/07/13 at 08:44:13
uC: AT91SAM7S512 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 198877 bytes (38). Free: 325411 bytes (62).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash MemoryCard:
UID : f5 80 ba 2e
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
Answers to chinese magic backdoor commands: NO
Valid ISO14443A Tag Found - Quiting SearchHard Nested 1
--target block no: 15, target key type:A, known target key: 0x000000000000 (not set), file action: write, Slow: No, Tests: 0
time | #nonces | Activity | expected to brute force
| | | #states | time
------------------------------------------------------------------------------------------------------
0 | 0 | Start using 8 threads and no SIMD core | |
0 | 0 | Brute force benchmark: 135 million (2^27.0) keys/s | 140737488355328 | 12d
1 | 0 | Using 235 precalculated bitflip state tables | 140737488355328 | 12d
5 | 0 | Writing acquired nonces to binary file nonces.bin | 140737488355328 | 12d
6 | 112 | Apply bit flip properties | 10792007106560 | 22h
7 | 224 | Apply bit flip properties | 8805313150976 | 18h
8 | 336 | Apply bit flip properties | 8433352835072 | 17h
9 | 448 | Apply bit flip properties | 8381726720000 | 17h
10 | 560 | Apply bit flip properties | 8378623459328 | 17h
11 | 672 | Apply bit flip properties | 8378623459328 | 17h
11 | 784 | Apply bit flip properties | 8378623459328 | 17h
12 | 895 | Apply bit flip properties | 8378623459328 | 17h
13 | 1003 | Apply bit flip properties | 8378623459328 | 17h
13 | 1112 | Apply bit flip properties | 8378623459328 | 17h
14 | 1221 | Apply bit flip properties | 8378623459328 | 17h
15 | 1330 | Apply bit flip properties | 8378623459328 | 17h
16 | 1439 | Apply bit flip properties | 8378623459328 | 17h
18 | 1550 | Apply Sum property. Sum(a0) = 0 | 122364919808 | 15min
18 | 1660 | Apply bit flip properties | 117800845312 | 15min
19 | 1770 | Apply bit flip properties | 114275516416 | 14min
20 | 1880 | Apply bit flip properties | 114275516416 | 14min
21 | 1992 | Apply bit flip properties | 114275516416 | 14min
22 | 2099 | Apply bit flip properties | 113353940992 | 14min
23 | 2210 | Apply bit flip properties | 112791142400 | 14min
24 | 2320 | Apply bit flip properties | 112791142400 | 14min
24 | 2430 | Apply bit flip properties | 112111714304 | 14min
25 | 2539 | Apply bit flip properties | 111884386304 | 14min
26 | 2650 | Apply bit flip properties | 111884386304 | 14min
27 | 2758 | Apply bit flip properties | 111884386304 | 14min
28 | 2758 | (1. guess: Sum(a8) = 256) | 111884386304 | 14min
34 | 2758 | Apply Sum(a8) and all bytes bitflip properties | 23491956736 | 3min
567 | 2758 | Brute force phase: 24.35% | 17948137472 | 2min
595 | 2758 | Brute force phase completed. Key found: ffffffffffff | 0 | 0sHard Nest 2
--target block no: 15, target key type:A, known target key: 0x000000000000 (not set), file action: write, Slow: Yes, Tests: 0
time | #nonces | Activity | expected to brute force
| | | #states | time
------------------------------------------------------------------------------------------------------
0 | 0 | Start using 8 threads and no SIMD core | |
0 | 0 | Brute force benchmark: 89 million (2^26.4) keys/s | 140737488355328 | 18d
1 | 0 | Using 235 precalculated bitflip state tables | 140737488355328 | 18d
16 | 0 | Writing acquired nonces to binary file nonces.bin | 140737488355328 | 18d
16 | 112 | Apply bit flip properties | 10181519867904 | 32h
28 | 224 | Apply bit flip properties | 8534695608320 | 27h
39 | 334 | Apply bit flip properties | 8381762895872 | 26h
50 | 446 | Apply bit flip properties | 8378623459328 | 26h
61 | 558 | Apply bit flip properties | 8378623459328 | 26h
71 | 668 | Apply bit flip properties | 8378623459328 | 26h
82 | 780 | Apply bit flip properties | 8378623459328 | 26h
92 | 891 | Apply bit flip properties | 8378623459328 | 26h
94 | 1002 | Apply bit flip properties | 8378623459328 | 26h
96 | 1111 | Apply bit flip properties | 8378623459328 | 26h
106 | 1222 | Apply bit flip properties | 8378623459328 | 26h
116 | 1332 | Apply bit flip properties | 8378623459328 | 26h
129 | 1437 | Apply Sum property. Sum(a0) = 0 | 188756525056 | 35min
139 | 1545 | Apply bit flip properties | 188756525056 | 35min
141 | 1656 | Apply bit flip properties | 156011675648 | 29min
151 | 1766 | Apply bit flip properties | 156001271808 | 29min
161 | 1876 | Apply bit flip properties | 156001271808 | 29min
172 | 1988 | Apply bit flip properties | 137744809984 | 26min
182 | 2092 | Apply bit flip properties | 129065066496 | 24min
192 | 2199 | Apply bit flip properties | 123643412480 | 23min
202 | 2310 | Apply bit flip properties | 123643412480 | 23min
222 | 2416 | Apply bit flip properties | 119926300672 | 22min
242 | 2524 | Apply bit flip properties | 116065337344 | 22min
262 | 2633 | Apply bit flip properties | 114965610496 | 22min
283 | 2737 | Apply bit flip properties | 114965610496 | 22min
303 | 2843 | Apply bit flip properties | 114965610496 | 22min
323 | 2953 | Apply bit flip properties | 113471586304 | 21min
343 | 3063 | Apply bit flip properties | 113471586304 | 21min
363 | 3171 | Apply bit flip properties | 113471586304 | 21min
383 | 3273 | Apply bit flip properties | 113471586304 | 21min
403 | 3273 | (1. guess: Sum(a8) = 256) | 113471586304 | 21min
410 | 3273 | Apply Sum(a8) and all bytes bitflip properties | 19884787712 | 4min
818 | 3273 | Brute force phase: 24.19% | 15634106368 | 3min
842 | 3273 | Brute force phase completed. Key found: ffffffffffff | 0 | 0sHard Nest 3
proxmark3> hf mf hardnested 14 A FFFFFFFFFFFF 15 A w s
--target block no: 15, target key type:A, known target key: 0x000000000000 (not set), file action: write, Slow: Yes, Tests: 0
time | #nonces | Activity | expected to brute force
| | | #states | time
------------------------------------------------------------------------------------------------------
0 | 0 | Start using 8 threads and no SIMD core | |
0 | 0 | Brute force benchmark: 132 million (2^27.0) keys/s | 140737488355328 | 12d
1 | 0 | Using 235 precalculated bitflip state tables | 140737488355328 | 12d
5 | 0 | Writing acquired nonces to binary file nonces.bin | 140737488355328 | 12d
6 | 112 | Apply bit flip properties | 10821247696896 | 23h
7 | 224 | Apply bit flip properties | 8712106278912 | 18h
8 | 335 | Apply bit flip properties | 8421561073664 | 18h
9 | 447 | Apply bit flip properties | 8386506129408 | 18h
10 | 557 | Apply bit flip properties | 8378623459328 | 18h
11 | 668 | Apply bit flip properties | 8378623459328 | 18h
11 | 777 | Apply bit flip properties | 8378623459328 | 18h
12 | 888 | Apply bit flip properties | 8378623459328 | 18h
13 | 1000 | Apply bit flip properties | 8378623459328 | 18h
13 | 1108 | Apply bit flip properties | 8378623459328 | 18h
14 | 1220 | Apply bit flip properties | 8378623459328 | 18h
15 | 1331 | Apply bit flip properties | 8378623459328 | 18h
16 | 1442 | Apply bit flip properties | 8378623459328 | 18h
19 | 1552 | Apply Sum property. Sum(a0) = 0 | 170989617152 | 22min
19 | 1663 | Apply bit flip properties | 151463559168 | 19min
20 | 1773 | Apply bit flip properties | 130902237184 | 17min
21 | 1882 | Apply bit flip properties | 130902237184 | 17min
22 | 1990 | Apply bit flip properties | 125837172736 | 16min
22 | 2098 | Apply bit flip properties | 125837172736 | 16min
33 | 2205 | Apply bit flip properties | 125837172736 | 16min
43 | 2314 | Apply bit flip properties | 122196566016 | 15min
54 | 2418 | Apply bit flip properties | 122196566016 | 15min
64 | 2525 | Apply bit flip properties | 122196566016 | 15min
74 | 2631 | Apply bit flip properties | 122196566016 | 15min
84 | 2631 | (1. guess: Sum(a8) = 256) | 122196566016 | 15min
93 | 2631 | Apply Sum(a8) and all bytes bitflip properties | 42498150400 | 5min
887 | 2631 | Brute force phase: 24.20% | 34882801664 | 4min
893 | 2631 | Brute force phase: 48.61% | 27204415488 | 3min
933 | 2631 | Brute force phase: 74.29% | 19124908032 | 2min
934 | 2631 | Brute force phase completed. Key found: ffffffffffff | 0 | 0s hard nest 4
proxmark3> hf mf hardnested r
--target block no: 0, target key type:A, known target key: 0x000000000000 (not set), file action: read, Slow: No, Tests: 0
time | #nonces | Activity | expected to brute force
| | | #states | time
------------------------------------------------------------------------------------------------------
0 | 0 | Start using 8 threads and no SIMD core | |
0 | 0 | Brute force benchmark: 85 million (2^26.3) keys/s | 140737488355328 | 19d
1 | 0 | Using 235 precalculated bitflip state tables | 140737488355328 | 19d
5 | 0 | Reading nonces from file nonces.bin... | 140737488355328 | 19d
5 | 2688 | Read 2688 nonces from file. cuid=f580ba2e | 140737488355328 | 19d
14 | 2688 | (1. guess: Sum(a8) = 256) | 130780127232 | 26min
22 | 2688 | Apply Sum(a8) and all bytes bitflip properties | 51081715712 | 10min
813 | 2688 | Brute force phase: 24.20% | 43466366976 | 8min
820 | 2688 | Brute force phase: 48.61% | 35787980800 | 7min
859 | 2688 | Brute force phase: 74.29% | 27708473344 | 5min
860 | 2688 | Brute force phase completed. Key found: ffffffffffff | 0 | 0sHard nest 5 (sector 15 key B as known)
proxmark3> hf mf hardnested 15 B b7bf0c13066e 15 A w s
--target block no: 15, target key type:A, known target key: 0x000000000/Users/sam/Downloads/sector15 3.txt000 (not set), file action: write, Slow: Yes, Tests: 0
time | #nonces | Activity | expected to brute force
| | | #states | time
------------------------------------------------------------------------------------------------------
0 | 0 | Start using 8 threads and no SIMD core | |
0 | 0 | Brute force benchmark: 128 million (2^26.9) keys/s | 140737488355328 | 13d
1 | 0 | Using 235 precalculated bitflip state tables | 140737488355328 | 13d
#db# Authentication failed. Card timeout.
#db# AcquireNonces: Auth1 error
#db# Authentication failed. Card timeout.
#db# AcquireNonces: Auth1 error
#db# Authentication failed. Card timeout.
#db# AcquireNonces: Auth1 error
#db# Authentication failed. Card timeout.
#db# AcquireNonces: Auth1 error
#db# Authentication failed. Card timeout.
#db# AcquireNonces: Auth1 error Sector 15 read with key B
proxmark3> hf mf rdsc 15 B b7bf0c13066e
--sector no:15 key type:B key:b7 bf 0c 13 06 6e
#db# READ SECTOR FINISHED
isOk:01
data : a3 08 b0 c3 b2 b0 a3 d9 5c f7 4f 3c 4d 4f 5c 26
data : 77 77 77 2e 63 61 72 64 61 78 2e 63 6f 6d 20 20
data : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
trailer: 00 00 00 00 00 00 78 77 88 c1 00 00 00 00 00 00 Suggestions to get sector 15 key A?
Last edited by samburner3 (2017-10-12 03:00:19)
Offline
#15 2017-10-12 04:45:31
- samburner3
- Contributor
- From: Sydney AUS
- Registered: 2015-03-01
- Posts: 51
Re: Missing A Key - Sector 15 - Mifare 1K
Tried all above again on master --HEAD branch & firmware of proxmark3, same results 
I think the clue is in the sector 15 access conditions (78 77 88 c1), may be related to http://www.proxmark.org/forum/viewtopic.php?id=4898
Not sure what else to try.
Last edited by samburner3 (2017-10-12 04:47:59)
Offline
#16 2017-10-12 06:27:45
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: Missing A Key - Sector 15 - Mifare 1K
...and yet there is a difference in sector vs block...
Offline
#17 2017-10-12 06:38:19
- samburner3
- Contributor
- From: Sydney AUS
- Registered: 2015-03-01
- Posts: 51
Re: Missing A Key - Sector 15 - Mifare 1K
...and yet there is a difference in sector vs block...
Can you explain?
Offline
#18 2017-10-12 06:52:23
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: Missing A Key - Sector 15 - Mifare 1K
the difference between sector and block? no. That I leave up to you.
Offline
#19 2017-10-12 14:36:47
- T.
- Contributor
- Registered: 2017-09-20
- Posts: 20
Re: Missing A Key - Sector 15 - Mifare 1K
Hello,
I don't know if I am right here, but I think that :
Your Hardnest 5 cannot work cause you are using sector 15 B to get your 15 A key, I would try to use hf mf hardnested 14 B b0b1b2b3b4b5 15 A w s.
Correct me if I am totally wrong, just trying to help
Last edited by T. (2017-10-12 14:37:06)
Offline
#20 2017-10-12 14:56:22
- samburner3
- Contributor
- From: Sydney AUS
- Registered: 2015-03-01
- Posts: 51
Re: Missing A Key - Sector 15 - Mifare 1K
the difference between sector and block? no. That I leave up to you.
Hah of course I know that. I ment in what context do you make that comment?
Offline
#21 2017-10-12 14:59:22
- piwi
- Contributor
- Registered: 2013-06-04
- Posts: 704
Re: Missing A Key - Sector 15 - Mifare 1K
@T.: you are making the same mistake as samburner3.
Iceman gave you the correct hint.
Here is another hint: Try hf mf hardnested 15 B ffffffffffff 15 A
I bet that the result is ffffffffffff
Offline
#22 2017-10-12 19:09:10
- Dot.Com
- Contributor
- From: Hong Kong
- Registered: 2016-10-05
- Posts: 180
- Website
Re: Missing A Key - Sector 15 - Mifare 1K
I see the problem now. Good eyes iceman and piwi. 
Let's keep them hanging.
Offline
#23 2017-10-12 23:02:56
- samburner3
- Contributor
- From: Sydney AUS
- Registered: 2015-03-01
- Posts: 51
Re: Missing A Key - Sector 15 - Mifare 1K
Omg how silly of me hahaah!!
Got it 
Offline
#24 2017-12-08 15:28:20
- Heru
- Contributor
- Registered: 2017-10-08
- Posts: 78
Re: Missing A Key - Sector 15 - Mifare 1K
Hi Samburner,
Could you share the key or how did you run your hardnested command?
I have the same issue, cannot find the Sector 15 A key. and my PC crashes every time when I run hardnested command,
Mine never passes this stage , .. very frustrating
27 | 2758 | Apply bit flip properties | 111884386304 | 14min
28 | 2758 | (1. guess: Sum(a8) = 256) | 111884386304 | 14min
34 | 2758 | Apply Sum(a8) and all bytes bitflip properties | 23491956736 | 3min
Offline
#25 2017-12-09 08:23:22
- Dot.Com
- Contributor
- From: Hong Kong
- Registered: 2016-10-05
- Posts: 180
- Website
Re: Missing A Key - Sector 15 - Mifare 1K
2 Aussie talking to each other for a hardnest command. hmm.
Maybe Heru can look into the crapto as suggested by some users previously instead of using hardnest
Since I believe you probably know how to operate the hardnest.
Read up my friend. Someone still owe me something.
Offline
#26 2017-12-09 09:48:25
- Heru
- Contributor
- Registered: 2017-10-08
- Posts: 78
Re: Missing A Key - Sector 15 - Mifare 1K
hehe, thanks Dot.com. I'm trying to get away from you. but seem I cant
I got the hints from iceman's, piwi's and your response already. I admit I had to read 2 times to get it. haha
I guess because of the extensive dic file, we are lucky not to use "hardnested" attack that much, hence tend to forget the details.
My device currently half bricked and not performing well, hardnested attack runs but it crashes my laptop (with i7 CPU),
I need a JTAG device, I 'll have to shop around,
Offline
#27 2018-12-20 10:22:29
- Learner4Life
- Contributor
- Registered: 2017-09-14
- Posts: 13
Re: Missing A Key - Sector 15 - Mifare 1K
... you should take notice to details when you read the helptext...
Thank you for all your help Iceman. I was again though my old thread :-).
Offline
Pages: 1