Proxmark3 community

testpresta2

Contributor

Registered: 2019-08-20

Posts: 4

Mifare 2k Nested attack with proxmark

Hello,

I have read a lot of tutorials and documentation about Mifare Nested attack.

Here is what i understood: If i know a key (A or B) for a given sector, Nested attack is able to reveal the keys for another sector.
Am i right ?

Here is what i've done: I have change keys for some sectors. I have put a0a1a2a3a4a5/b0b1b2b3b4b5 for a/b keys on sector 6.
This key values are known by proxmark dictionary as you can see below:

proxmark3> hf mf chk * ?
|---|----------------|----------------|          
|sec|key A           |key B           |          
|---|----------------|----------------|          
|000|  ffffffffffff  |  ffffffffffff  |          
|001|        ?       |        ?       |          
|002|        ?       |        ?       |          
|003|        ?       |        ?       |          
|004|        ?       |        ?       |          
|005|  ffffffffffff  |  ffffffffffff  |          
|006|  a0a1a2a3a4a5  |  b0b1b2b3b4b5  |          
|007|  ffffffffffff  |  ffffffffffff  |          
|008|  ffffffffffff  |  ffffffffffff  |          
|009|  ffffffffffff  |  ffffffffffff  |          
|010|  ffffffffffff  |  ffffffffffff  |          
|011|        ?       |  ffffffffffff  |          
|012|  ffffffffffff  |  ffffffffffff  |          
|013|  ffffffffffff  |  ffffffffffff  |          
|014|  ffffffffffff  |  ffffffffffff  |          
|015|        ?       |  ffffffffffff  |          
|---|----------------|----------------| 

Now, i want to launch nested attack in order to reveal the keys for other sectors. Here is what i've tried:

proxmark3> hf mf nested 2 24 B b0b1b2b3b4b5 ss
#db# ChkKeys: Can't select card          
--nested. sectors:32, block no: 24, key type:B, eml:n, dmp=n checktimeout=5000 us          
Testing known keys. Sector count=32          
#db# ChkKeys: Can't select card          
#db# ChkKeys: Can't select card          
#db# ChkKeys: Can't select card (UID) lvl=1          
#db# ChkKeys: Can't select card (UID) lvl=1          
#db# ChkKeys: Can't select card (UID) lvl=1          
#db# ChkKeys: Can't select card (UID) lvl=1          
#db# ChkKeys: Can't select card (UID) lvl=1          
#db# ChkKeys: Can't select card (UID) lvl=1          
#db# ChkKeys: Can't select card (UID) lvl=1          
#db# ChkKeys: Can't select card (UID) lvl=1          
#db# ChkKeys: Can't select card (UID) lvl=1          
#db# ChkKeys: Can't select card (UID) lvl=1          
#db# ChkKeys: Can't select card (UID) lvl=1 
...
nested...          
-----------------------------------------------          
#db# Nested: Can't select card          
#db# Nested: Can't select card          
#db# halt error. response len: 1          

As you can see i have a lot of errors. The card works fine because i did not have any problem with "hf search" command or when writting/reading blocks.

Any idea ?

Thanks

piwi

Contributor

Registered: 2013-06-04

Posts: 704

Re: Mifare 2k Nested attack with proxmark

You need to have a minimum distance between card and antenna (1cm should be OK).

testpresta2

Contributor

Registered: 2019-08-20

Posts: 4

Re: Mifare 2k Nested attack with proxmark

Thanks for your answer: This is what i've done. How can you explain it works great when i try basic commands: hf search for example