Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2019-03-14 13:04:54

sher96
Contributor
Registered: 2019-03-06
Posts: 12

distributor coffee key problem PM3

I'm trying to read all the keys of a coffee dispenser key (mifage kay), I have an easy proxmark3 and it doesn't find any key for the attack, even the dice that the attack is not vulnerable, these are the results achieved.

Prox/RFID mark3 RFID instrument
bootrom: master/v3.1.0-70-g1338d24-suspect 2019-03-04 13:25:10
os: master/v3.1.0-70-g1338d24-suspect 2019-03-04 13:25:13
fpga_lf.bit built for 2s30vq100 on 2015/03/06 at 07:38:04
fpga_hf.bit built for 2s30vq100 on 2019/02/15 at 20:40:32
SmartCard Slot: not available

uC: AT91SAM7S512 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 205228 bytes (39%). Free: 319060 bytes (61%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory

proxmark3> hf se

UID : ad 80 11 96
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected
Prng detection: HARDENED (hardnested)

Valid ISO14443A Tag Found - Quiting Search

proxmark3> hf mf chk *1 ? t
--chk keys. sectors:16, block no:  0, key type:B, eml:y, dmp=n checktimeout=471 us
No key specified, trying default keys
chk default key[ 0] ffffffffffff
chk default key[ 1] 000000000000
chk default key[ 2] a0a1a2a3a4a5
chk default key[ 3] b0b1b2b3b4b5
chk default key[ 4] aabbccddeeff
chk default key[ 5] 1a2b3c4d5e6f
chk default key[ 6] 123456789abc
chk default key[ 7] 010203040506
chk default key[ 8] 123456abcdef
chk default key[ 9] abcdef123456
chk default key[10] 4d3a99c351dd
chk default key[11] 1a982c7e459a
chk default key[12] d3f7d3f7d3f7
chk default key[13] 714c5c886e97
chk default key[14] 587ee5f9350f
chk default key[15] a0478cc39091
chk default key[16] 533cb6c723f6
chk default key[17] 8fd0a4f256e9

To cancel this operation press the button on the proxmark...
--#db# ChkKeys: Can't select card (UID) lvl=1
#db# ChkKeys: Can't select card
#db# ChkKeys: Can't select card
#db# ChkKeys: Can't select card (UID) lvl=1
#db# ChkKeys: Can't select card (UID) lvl=1
#db# ChkKeys: Can't select card
#db# ChkKeys: Can't select card (UID) lvl=1
#db# ChkKeys: Can't select card (UID) lvl=1
#db# ChkKeys: Can't select card (UID) lvl=1
#db# ChkKeys: Can't select card (UID) lvl=1
#db# ChkKeys: Can't select card
#db# ChkKeys: Can't select card
.
No valid keys found.
Found keys have been transferred to the emulator memory

proxmark3> hf mf mifare
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
..Card is not vulnerable to Darkside attack (its random number generator is not predictable).


WHAT AM I DOING WRONG ?

Offline

#2 2019-03-14 13:12:05

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: distributor coffee key problem PM3

You're not reading the results.  Your tag doesn't contain any known keys so it is not vulnerable to a nested attack, and it is hardened so it is not vulnerable to a darkside attack...  only one attack path left.  Happy hunting.

Last edited by marshmellow (2019-03-14 13:51:44)

Offline

#3 2019-03-14 13:14:57

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: distributor coffee key problem PM3

Don't spam forum with redundant posts.

Offline

#4 2019-03-16 15:12:22

sher96
Contributor
Registered: 2019-03-06
Posts: 12

Re: distributor coffee key problem PM3

sorry I couldn't get rid of the old post.
since the darkside doesn't work, what procedure should I use to find the codes? , I'm using mifare mobile tool to find sector 1 but can't find it, I stay without even 1 code found, I don't know how to move

Offline

#5 2019-03-16 22:43:25

Petrolhead
Contributor
Registered: 2019-01-24
Posts: 22

Re: distributor coffee key problem PM3

sher96:
What are you babling about, android, sector 1.
You need a key to read sectors. no key no read!
Please read the forum, marshmellow gave you a good tip (get more keys to try read or sniff) please dont ask about these tips before trying to search the forum.

Offline

#6 2019-03-18 19:04:19

sher96
Contributor
Registered: 2019-03-06
Posts: 12

Re: distributor coffee key problem PM3

1 key I found it through MCT Android tool, but even if I insert the key found it tells me that it is not vulnerable, what should I deal with all this?

proxmark3> hf mf nested 1 0 B DA95DEF51953
--nested. sectors:16, block no:  0, key type:B, eml:n, dmp=n checktimeout=471 us
Testing known keys. Sector count=16
#db# ChkKeys: Can't select card (UID) lvl=1
#db# ChkKeys: Can't select card (UID) lvl=1
#db# ChkKeys: Can't select card (UID) lvl=1
#db# ChkKeys: Can't select card (UID) lvl=1
nested...
-----------------------------------------------
#db# Authentication failed. Error card response.
#db# Nested: Auth1 error
#db# Nested: Can't select card
#db# Authentication failed. Card timeout.
#db# Nested: Auth2 error
Tag isn't vulnerable to Nested Attack (random numbers are not predictable).

here it tells me that it is not vulnerable even having a key (I have 6 of them, only that entry is in sector 0, but none of these works to proceed with the attack)

Offline

Board footer

Powered by FluxBB