Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2014-12-19 10:00:02

joe
Contributor
Registered: 2013-08-15
Posts: 126

Darkside attack not working ??

I can't crack this mifare classic 1k , anyone can help ?? unknown key at sector 5. thanks.


proxmark3> hw version
#db# Prox/RFID mark3 RFID instrument                 
#db# bootrom: /-suspect 2014-09-19 10:31:37                 
#db# os: /-suspect 2014-09-13 11:21:04                 
#db# HF FPGA image built on 2014/ 6/19 at 21:26: 2                 
uC: AT91SAM7S256 Rev B         
Embedded Processor: ARM7TDMI         
Nonvolatile Program Memory Size: 256K bytes         
Second Nonvolatile Program Memory Size: None         
Internal SRAM Size: 64K bytes         
Architecture Identifier: AT91SAM7Sxx Series         
Nonvolatile Program Memory Type: Embedded Flash Memory         
proxmark3>
proxmark3> hw tune
proxmark3>
proxmark3> #db# Measuring antenna characteristics, please wait...                 
proxmark3> #db# Measuring complete, sending report back to host                 
proxmark3>           
proxmark3> # LF antenna:  0.00 V @   125.00 kHz         
proxmark3> # LF antenna:  0.00 V @   134.00 kHz         
proxmark3> # LF optimal:  0.00 V @ 12000.00 kHz         
proxmark3> # HF antenna: 11.18 V @    13.56 MHz         
proxmark3> # Your LF antenna is unusable.     

proxmark3> hf mf chk * ?   
No key specified, trying default keys         
chk default key[ 0] ffffffffffff         
chk default key[ 1] 000000000000         
chk default key[ 2] a0a1a2a3a4a5         
chk default key[ 3] b0b1b2b3b4b5         
chk default key[ 4] aabbccddeeff         
chk default key[ 5] 4d3a99c351dd         
chk default key[ 6] 1a982c7e459a         
chk default key[ 7] d3f7d3f7d3f7         
chk default key[ 8] 714c5c886e97         
chk default key[ 9] 587ee5f9350f         
chk default key[10] a0478cc39091         
chk default key[11] 533cb6c723f6         
chk default key[12] 8fd0a4f256e9         
--sector: 0, block:  3, key type:A, key count:13           
Found valid key:[ffffffffffff]         
--sector: 1, block:  7, key type:A, key count:13           
Found valid key:[ffffffffffff]         
--sector: 2, block: 11, key type:A, key count:13           
Found valid key:[ffffffffffff]         
--sector: 3, block: 15, key type:A, key count:13           
Found valid key:[ffffffffffff]         
--sector: 4, block: 19, key type:A, key count:13           
Found valid key:[ffffffffffff]         
--sector: 5, block: 23, key type:A, key count:13           
--sector: 6, block: 27, key type:A, key count:13           
Found valid key:[ffffffffffff]         
--sector: 7, block: 31, key type:A, key count:13           
Found valid key:[ffffffffffff]         
--sector: 8, block: 35, key type:A, key count:13           
Found valid key:[ffffffffffff]         
--sector: 9, block: 39, key type:A, key count:13           
Found valid key:[ffffffffffff]         
--sector:10, block: 43, key type:A, key count:13           
Found valid key:[ffffffffffff]         
--sector:11, block: 47, key type:A, key count:13           
Found valid key:[ffffffffffff]         
--sector:12, block: 51, key type:A, key count:13           
Found valid key:[ffffffffffff]         
--sector:13, block: 55, key type:A, key count:13           
Found valid key:[ffffffffffff]         
--sector:14, block: 59, key type:A, key count:13           
Found valid key:[ffffffffffff]         
--sector:15, block: 63, key type:A, key count:13           
Found valid key:[ffffffffffff]         
--sector: 0, block:  3, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector: 1, block:  7, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector: 2, block: 11, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector: 3, block: 15, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector: 4, block: 19, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector: 5, block: 23, key type:B, key count:13           
--sector: 6, block: 27, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector: 7, block: 31, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector: 8, block: 35, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector: 9, block: 39, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector:10, block: 43, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector:11, block: 47, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector:12, block: 51, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector:13, block: 55, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector:14, block: 59, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector:15, block: 63, key type:B, key count:13           
Found valid key:[ffffffffffff]         
proxmark3>

proxmark3> hf mf mifare
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average  :-)
Press the key on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
..................................................
Proxmark can't get statistic info. Execution aborted.
proxmark3>

proxmark3> script run mifare_autopwn
--- Executing: ./scripts/mifare_autopwn.lua, args''
Card found, commencing crack    30102808
ERROR:     Error occurred
-----Finished
proxmark3>

Offline

#2 2014-12-19 11:56:20

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: Darkside attack not working ??

You may have a newer model of Mifare Classic. The Random Number Generator in these cards has been fixed and is therefore no longer predictable (which was the prerequisite for the Darkside and the Nested attacks).

You can still try hf mf sim x at a legitimate reader.

Offline

#3 2015-01-28 10:31:11

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

This is another mf card, any chance to clone it ? anyone can help please..

proxmark3> hf mf chk * ?   
No key specified, trying default keys         
chk default key[ 0] ffffffffffff         
chk default key[ 1] 000000000000         
chk default key[ 2] a0a1a2a3a4a5         
chk default key[ 3] b0b1b2b3b4b5         
chk default key[ 4] aabbccddeeff         
chk default key[ 5] 4d3a99c351dd         
chk default key[ 6] 1a982c7e459a         
chk default key[ 7] d3f7d3f7d3f7         
chk default key[ 8] 714c5c886e97         
chk default key[ 9] 587ee5f9350f         
chk default key[10] a0478cc39091         
chk default key[11] 533cb6c723f6         
chk default key[12] 8fd0a4f256e9         
--sector: 0, block:  3, key type:A, key count:13           
Found valid key:[ffffffffffff]         
--sector: 1, block:  7, key type:A, key count:13           
--sector: 2, block: 11, key type:A, key count:13           
--sector: 3, block: 15, key type:A, key count:13           
--sector: 4, block: 19, key type:A, key count:13           
--sector: 5, block: 23, key type:A, key count:13           
--sector: 6, block: 27, key type:A, key count:13           
--sector: 7, block: 31, key type:A, key count:13           
--sector: 8, block: 35, key type:A, key count:13           
--sector: 9, block: 39, key type:A, key count:13           
--sector:10, block: 43, key type:A, key count:13           
--sector:11, block: 47, key type:A, key count:13           
--sector:12, block: 51, key type:A, key count:13           
--sector:13, block: 55, key type:A, key count:13           
--sector:14, block: 59, key type:A, key count:13           
--sector:15, block: 63, key type:A, key count:13           
--sector: 0, block:  3, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector: 1, block:  7, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector: 2, block: 11, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector: 3, block: 15, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector: 4, block: 19, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector: 5, block: 23, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector: 6, block: 27, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector: 7, block: 31, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector: 8, block: 35, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector: 9, block: 39, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector:10, block: 43, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector:11, block: 47, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector:12, block: 51, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector:13, block: 55, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector:14, block: 59, key type:B, key count:13           
Found valid key:[ffffffffffff]         
--sector:15, block: 63, key type:B, key count:13           
Found valid key:[ffffffffffff]         
proxmark3>
proxmark3> hf mf mifare
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average  :-)
Press the key on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
..........................................
Proxmark can't get statistic info. Execution aborted.
proxmark3>

Offline

#4 2015-01-28 10:44:05

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

proxmark3> hf mf rdsc 0 A FFFFFFFFFFFF
--sector no:0 key type:A key:ff ff ff ff ff ff           
#db# READ SECTOR FINISHED                 
isOk:01         
data   : 04 7c 5e 82 f4 38 80 08 44 00 12 01 11 00 15 14           
data   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
data   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
trailer: 00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff           
proxmark3>
proxmark3> hf mf rdbl 0 A FFFFFFFFFFFF
--block no:0, key type:A, key:ff ff ff ff ff ff           
#db# READ BLOCK FINISHED                 
isOk:01 data:04 7c 5e 82 f4 38 80 08 44 00 12 01 11 00 15 14           
proxmark3>
proxmark3> hf mf rdbl 1 A FFFFFFFFFFFF
--block no:1, key type:A, key:ff ff ff ff ff ff           
#db# READ BLOCK FINISHED                 
isOk:01 data:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
proxmark3>
proxmark3> hf mf rdbl 2 A FFFFFFFFFFFF
--block no:2, key type:A, key:ff ff ff ff ff ff           
#db# READ BLOCK FINISHED                 
isOk:01 data:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
proxmark3>
proxmark3> hf mf rdbl 3 A FFFFFFFFFFFF
--block no:3, key type:A, key:ff ff ff ff ff ff           
#db# READ BLOCK FINISHED                 
isOk:01 data:00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff           
proxmark3>

Offline

#5 2015-01-28 13:36:14

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

Since you got the keys, ffffffffffff, you will not have an issue with copying it.

hint:  use the lua script for checking keys instead. It uses a lot more for found default keys.

Offline

#6 2015-01-28 13:52:41

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: Darkside attack not working ??

Or try hf mf chk * ? defaultkeys.dic

Offline

#7 2015-01-28 15:27:16

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

There you go,  another option.. I've forgotten that Piwi added that option to the command.

Offline

#8 2015-01-28 15:52:50

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: Darkside attack not working ??

The option to read a keyfile had been there for ages. I just provided the file with all the keys from the script.

Offline

#9 2015-01-28 17:36:40

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

This is a fully encrypted card, any other commands to try ??

proxmark3> hf mf chk * ? ffffffffffff 
chk key[ 0] ffffffffffff         
--sector: 0, block:  3, key type:A, key count: 1           
Found valid key:[ffffffffffff]         
--sector: 1, block:  7, key type:A, key count: 1           
--sector: 2, block: 11, key type:A, key count: 1           
--sector: 3, block: 15, key type:A, key count: 1           
--sector: 4, block: 19, key type:A, key count: 1           
--sector: 5, block: 23, key type:A, key count: 1           
--sector: 6, block: 27, key type:A, key count: 1           
--sector: 7, block: 31, key type:A, key count: 1           
--sector: 8, block: 35, key type:A, key count: 1           
--sector: 9, block: 39, key type:A, key count: 1           
--sector:10, block: 43, key type:A, key count: 1           
--sector:11, block: 47, key type:A, key count: 1           
--sector:12, block: 51, key type:A, key count: 1           
--sector:13, block: 55, key type:A, key count: 1           
--sector:14, block: 59, key type:A, key count: 1           
--sector:15, block: 63, key type:A, key count: 1           
--sector: 0, block:  3, key type:B, key count: 1           
Found valid key:[ffffffffffff]         
--sector: 1, block:  7, key type:B, key count: 1           
Found valid key:[ffffffffffff]         
--sector: 2, block: 11, key type:B, key count: 1           
Found valid key:[ffffffffffff]         
--sector: 3, block: 15, key type:B, key count: 1           
Found valid key:[ffffffffffff]         
--sector: 4, block: 19, key type:B, key count: 1           
Found valid key:[ffffffffffff]         
--sector: 5, block: 23, key type:B, key count: 1           
Found valid key:[ffffffffffff]         
--sector: 6, block: 27, key type:B, key count: 1           
Found valid key:[ffffffffffff]         
--sector: 7, block: 31, key type:B, key count: 1           
Found valid key:[ffffffffffff]         
--sector: 8, block: 35, key type:B, key count: 1           
Found valid key:[ffffffffffff]         
--sector: 9, block: 39, key type:B, key count: 1           
Found valid key:[ffffffffffff]         
--sector:10, block: 43, key type:B, key count: 1           
Found valid key:[ffffffffffff]         
--sector:11, block: 47, key type:B, key count: 1           
Found valid key:[ffffffffffff]         
--sector:12, block: 51, key type:B, key count: 1           
Found valid key:[ffffffffffff]         
--sector:13, block: 55, key type:B, key count: 1           
Found valid key:[ffffffffffff]         
--sector:14, block: 59, key type:B, key count: 1           
Found valid key:[ffffffffffff]         
--sector:15, block: 63, key type:B, key count: 1           
Found valid key:[ffffffffffff]         
proxmark3>
proxmark3> script run mifare_autopwn
--- Executing: ./scripts/mifare_autopwn.lua, args''
Card found, commencing crack    04265F82F43880
ERROR:     Error occurred
-----Finished
proxmark3>

Offline

#10 2015-01-28 18:27:06

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

But you don't need to autopwn.   You already have most of the keys... You should be able to read the tag with them.

Offline

#11 2015-01-28 18:42:41

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

what are the steps to read it  ? thanks

Offline

#12 2015-01-28 21:18:37

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

the "hf mf rdbl" commands..

Offline

#13 2015-01-29 07:37:50

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

cannot read, the uid with 14 digits ?? normal uid is 8 only.

proxmark3> hf 14a cuids
Collecting 1 UIDs         
Start: 1422510184         
04265F82F43880         
End: 1422510185         
proxmark3>
proxmark3> hf 14a list
Recorded Activity         
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer         
All times are in carrier periods (1/13.56Mhz)         
     Start |       End | Src | Data         
-----------|-----------|-----|--------         
         0 |  85386415 | Rdr | 44  05  24  00  00  40  09  02  80  44  00  c0  d1  36  00  00  a0  09  02  00  93  20  80  05  45  00  00  c0  16  05  80  88  04  26  5f  f5  98  d1  63  00  00  20  29  09  00  93  70  88  04  26  5f  f5  fa  5e  a7  00  85  91  00  00  c0  0d  03  80  04  da  17  20  51  a4  00  00  a0  09  02  00  95  20  80  85  b2  00     !crc         
1364288893 |  83920554 | Tag | 00! 95! 70  82! f4  38  80  ce  99!    !crc         
proxmark3>

Offline

#14 2015-01-29 07:42:18

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

1422513639_20150129133946.jpg
1422513692_20150129133859.jpg

Offline

#15 2015-01-29 15:29:07

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

can darkside attack work with 7 byte uid ?? anyone know ?? thanks.

Offline

#16 2015-01-29 15:46:13

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: Darkside attack not working ??

Yes and No.

Yes - it can handle 7 Byte UIDs.
No - Mifare classic cards with 7 Byte UIDs are of a newer generation and newer Mifare cards come usually with a fixed Random Number Generator - Dark Side needs "predictable random" numbers to work.

BTW: your PM software version is quite old. The hf 14a cuids with following hf list 14a produces a meaningful trace on my PM3.

Offline

#17 2015-01-29 16:22:53

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

You mean this new mifare card cannot be cracked and cloned by PM3 ??

Offline

#18 2015-01-29 16:24:34

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

The new tags can't be "cracked" with DarkSide.

If you are lucky that your tag has known default keys,  then you can clone it.  (ie  hf mf chk)

Offline

#19 2015-01-29 16:42:56

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

Thanks , iceman , but there is no 7 byte uid blank card to be cloned at the moments. only 4 byte uid available. sad

Offline

#20 2015-01-29 16:51:34

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

However, you should (as Piwi mentioned earlier)  update your pm3 software to the latest one from GitHub.

Meanwhile check around taobao.com and see if there is any new blank 7bytes uid tags there.

Offline

#21 2015-01-29 17:12:21

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

proxmark3> hf 14a list
Recorded Activity         
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer         
All times are in carrier periods (1/13.56Mhz)         
     Start |       End | Src | Data (! denotes parity error)                                   | CRC           
-----------|-----------|-----|-----------------------------------------------------------------------         
         0 |       992 | Rdr | 52                                                              |           
      2228 |      4596 | Tag | 44  00                                                          |           
      7040 |      9504 | Rdr | 93  20                                                          |           
     10676 |     16500 | Tag | 88  04  26  5f  f5                                              |           
     18560 |     29088 | Rdr | 93  70  88  04  26  5f  f5  fa  5e                              |           
     30260 |     33780 | Tag | 04  da  17                                                      |           
     35072 |     37536 | Rdr | 95  20                                                          |           
     38708 |     44596 | Tag | 82  f4  38  80  ce                                              |           
     46592 |     57120 | Rdr | 95  70  82  f4  38  80  ce  99  fb                              |           
     58292 |     61812 | Tag | 08  b6  dd                                                      |           
proxmark3>
proxmark3> hw ver
#db# Prox/RFID mark3 RFID instrument                 
#db# bootrom: /-suspect 2015-01-01 15:28:15                 
#db# os: /-suspect 2015-01-01 15:28:20                 
#db# HF FPGA image built on 2014/ 6/19 at 21:26: 2                 
uC: AT91SAM7S256 Rev B         
Embedded Processor: ARM7TDMI         
Nonvolatile Program Memory Size: 256K bytes         
Second Nonvolatile Program Memory Size: None         
Internal SRAM Size: 64K bytes         
Architecture Identifier: AT91SAM7Sxx Series         
Nonvolatile Program Memory Type: Embedded Flash Memory         
proxmark3>
proxmark3> hw tune
Reading 255 samples
Done! Divisor 89 is 134khz, 95 is 125khz.
proxmark3>

updated, but the newer 006 cannot tune with reading ..

Offline

#22 2015-01-29 18:17:33

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

You don't seem to download the soucecode and compile it.  In that case you can wait until Asper makes a new compilation.

Offline

#23 2015-01-29 20:47:17

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Darkside attack not working ??

It will come shortly (hope less than a week); it will be marked as "unstable" or "test" or "beta" due to the fact that there are LOT of new added stuff.

Offline

#24 2015-01-30 00:51:50

zhans
Member
Registered: 2014-11-22
Posts: 2

Re: Darkside attack not working ??

The svn build already fixed tune problem.

Offline

#25 2015-02-09 16:24:35

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

Hi, iceman, I can't read most of the blocks, any idea ? thanks..

proxmark3> hf mf rdbl 0 A FFFFFFFFFFFF
--block no:0, key type:A, key:ff ff ff ff ff ff           
#db# READ BLOCK FINISHED                 
isOk:01 data:04 7c 5e 82 f4 38 80 08 44 00 12 01 11 00 15 14           
proxmark3>
proxmark3> hf mf rdbl 0 B FFFFFFFFFFFF
--block no:0, key type:B, key:ff ff ff ff ff ff           
#db# Cmd Error: 04                 
#db# Read block error                 
#db# READ BLOCK FINISHED                 
isOk:00         
proxmark3>
proxmark3> hf mf rdbl 1 A FFFFFFFFFFFF
--block no:1, key type:A, key:ff ff ff ff ff ff           
#db# READ BLOCK FINISHED                 
isOk:01 data:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
proxmark3>
proxmark3> hf mf rdbl 1 B FFFFFFFFFFFF
--block no:1, key type:B, key:ff ff ff ff ff ff           
#db# Cmd Error: 04                 
#db# Read block error                 
#db# READ BLOCK FINISHED                 
isOk:00         
proxmark3>
proxmark3> hf mf rdbl 2 A FFFFFFFFFFFF
--block no:2, key type:A, key:ff ff ff ff ff ff           
#db# READ BLOCK FINISHED                 
isOk:01 data:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
proxmark3>
proxmark3> hf mf rdbl 2 B FFFFFFFFFFFF
--block no:2, key type:B, key:ff ff ff ff ff ff           
#db# Cmd Error: 04                 
#db# Read block error                 
#db# READ BLOCK FINISHED                 
isOk:00         
proxmark3>
proxmark3> hf mf rdbl 3 A FFFFFFFFFFFF
--block no:3, key type:A, key:ff ff ff ff ff ff           
#db# READ BLOCK FINISHED                 
isOk:01 data:00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff           
proxmark3>
proxmark3> hf mf rdbl 3 B FFFFFFFFFFFF
--block no:3, key type:B, key:ff ff ff ff ff ff           
#db# Cmd Error: 04                 
#db# Read block error                 
#db# READ BLOCK FINISHED                 
isOk:00         
proxmark3>
proxmark3> hf mf rdbl 4 A FFFFFFFFFFFF
--block no:4, key type:A, key:ff ff ff ff ff ff           
#db# Authentication failed. Card timeout.                 
#db# Auth error                 
#db# READ BLOCK FINISHED                 
isOk:00         
proxmark3>
proxmark3> hf mf rdbl 4 B FFFFFFFFFFFF
--block no:4, key type:B, key:ff ff ff ff ff ff           
#db# Cmd Error: 04                 
#db# Read block error                 
#db# READ BLOCK FINISHED                 
isOk:00         
proxmark3>
proxmark3> hf mf rdbl 5 A FFFFFFFFFFFF
--block no:5, key type:A, key:ff ff ff ff ff ff           
#db# Authentication failed. Card timeout.                 
#db# Auth error                 
#db# READ BLOCK FINISHED                 
isOk:00         
proxmark3>
proxmark3> hf mf rdbl 5 B FFFFFFFFFFFF
--block no:5, key type:B, key:ff ff ff ff ff ff           
#db# Cmd Error: 04                 
#db# Read block error                 
#db# READ BLOCK FINISHED                 
isOk:00         
proxmark3>
proxmark3> hf mf rdbl 6 A FFFFFFFFFFFF
--block no:6, key type:A, key:ff ff ff ff ff ff           
#db# Authentication failed. Card timeout.                 
#db# Auth error                 
#db# READ BLOCK FINISHED                 
isOk:00         
proxmark3>
proxmark3> hf mf rdbl 6 B FFFFFFFFFFFF
--block no:6, key type:B, key:ff ff ff ff ff ff           
#db# Cmd Error: 04                 
#db# Read block error

Offline

#26 2015-02-09 16:40:14

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

iceman wrote:

the "hf mf rdbl" commands..


can't read... using " hf mf rdbl "

Offline

#27 2015-02-09 16:52:44

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

First,  when you successfully read a block with one key, you don't need to test the other key.

proxmark3> hf mf rdbl 0 A FFFFFFFFFFFF
--block no:0, key type:A, key:ff ff ff ff ff ff           
#db# READ BLOCK FINISHED                 
isOk:01 data:04 7c 5e 82 f4 38 80 08 44 00 12 01 11 00 15 14           
proxmark3>
proxmark3> hf mf rdbl 0 B FFFFFFFFFFFF
--block no:0, key type:B, key:ff ff ff ff ff ff           
#db# Cmd Error: 04                 
#db# Read block error                 
#db# READ BLOCK FINISHED                 
isOk:00      

You need to ask yourself some questions.
If you get read errors,  are you sure you have all right keys?   And is your sector access right?  (ie are you allowed to read the block)

Offline

#28 2015-02-11 11:18:09

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

Thanks iceman, I just wanted to create a dump file in order to copy this tag, how do I so ??  I noticed that the trailer are not the same as usual ..

proxmark3> hf mf rdsc 0 A FFFFFFFFFFFF
--sector no:0 key type:A key:ff ff ff ff ff ff           
#db# READ SECTOR FINISHED                 
isOk:01         
data   : 04 7c 5e 82 f4 38 80 08 44 00 12 01 11 00 15 14           
data   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
data   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
trailer: 00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff

Offline

#29 2015-02-11 17:35:48

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

if you have all keys,  then look into the "hf mf" commands to find a command that dumps the content of a tag to file.

If you don't have all keys..  try getting them..  with  some of the  "hf mf" commands.

Offline

#30 2015-02-14 09:21:27

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

After successfully writing to block 0, why now unable to read the block 0 ? and it can't rewrite anymore, is locked,  iceman, can you help ?

ATQA : 00 44
UID : 00 00 00 00 00 00 00
SAK : 08 [2]
MANUFACTURER : no tag-info available
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
SAK incorrectly claims that card doesn't support RATS
ATS : 09 78 00 91 02 da bc 19 10 f0 05
- TL : length is 9 bytes
- T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)
- TA1 : different divisors are supported, DR: [], DS: []
- TB1 : SFGI = 1 (SFGT = 8192/fc), FWI = 9 (FWT = 2097152/fc)
- TC1 : NAD is NOT supported, CID is supported
- HB : da bc 19 10
Answers to chinese magic backdoor commands: NO
--sector no:0 key type:A key:ff ff ff ff ff ff

#db# READ SECTOR FINISHED
isOk:01
data : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
data : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
data : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
trailer: 00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
--block no:0, key type:B, key:ff ff ff ff ff ff
#db# READ BLOCK FINISHED
isOk:01 data:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
--block no:0, key type:A, key:ff ff ff ff ff ff
--data: 04 26 5f 82 f4 38 80 08 44 00 12 01 00 00 15 14
#db# WRITE BLOCK FINISHED
isOk:01
--sector no:0 key type:A key:ff ff ff ff ff ff

#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ SECTOR FINISHED
isOk:00
--block no:0, key type:A, key:ff ff ff ff ff ff
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
isOk:00
ATQA : 00 44
UID : 04 26 5f 82 f4 38 80
SAK : 08 [2]
MANUFACTURER : NXP Semiconductors Germany
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
SAK incorrectly claims that card doesn't support RATS
ATS : 09 78 00 91 02 da bc 19 10 f0 05
- TL : length is 9 bytes
- T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)
- TA1 : different divisors are supported, DR: [], DS: []
- TB1 : SFGI = 1 (SFGT = 8192/fc), FWI = 9 (FWT = 2097152/fc)
- TC1 : NAD is NOT supported, CID is supported
- HB : da bc 19 10
Answers to chinese magic backdoor commands: NO
--block no:0, key type:A, key:ff ff ff ff ff ff
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
isOk:00

Offline

#31 2015-02-14 10:42:48

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

iceman wrote:

Since you got the keys, ffffffffffff, you will not have an issue with copying it.

hint:  use the lua script for checking keys instead. It uses a lot more for found default keys.

I use this keys to copy, but it is not working ? anyone help, thanks..

Offline

#32 2015-02-14 12:21:58

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

There seem to be some commands missing in your pasted output.

It looks like you have a Magic card generation2,   but thats my guess.
If that is the case, you would need to write a valid block0,  ( uid + bbc + sak + atqa ).  And make sure your block3 has correct access bytes.

Offline

#33 2015-02-14 15:44:53

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

now the cloned card already locked, I can't unlock it ? any ideas

Offline

#34 2015-02-14 15:49:14

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

just after I wrote the block 0, and it can't be read, locked, can't write anymore

Offline

#35 2015-02-14 16:18:13

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

iceman wrote:

First,  when you successfully read a block with one key, you don't need to test the other key.

proxmark3> hf mf rdbl 0 A FFFFFFFFFFFF
--block no:0, key type:A, key:ff ff ff ff ff ff           
#db# READ BLOCK FINISHED                 
isOk:01 data:04 7c 5e 82 f4 38 80 08 44 00 12 01 11 00 15 14           
proxmark3>
proxmark3> hf mf rdbl 0 B FFFFFFFFFFFF
--block no:0, key type:B, key:ff ff ff ff ff ff           
#db# Cmd Error: 04                 
#db# Read block error                 
#db# READ BLOCK FINISHED                 
isOk:00      

You need to ask yourself some questions.
If you get read errors,  are you sure you have all right keys?   And is your sector access right?  (ie are you allowed to read the block)


proxmark3> hf mf rdsc 0 A FFFFFFFFFFFF
--sector no:0 key type:A key:ff ff ff ff ff ff           
#db# READ SECTOR FINISHED                 
isOk:01         
data   : 04 7c 5e 82 f4 38 80 08 44 00 12 01 11 00 15 14           
data   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
data   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
trailer: 00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff           
proxmark3>
proxmark3> hf mf rdbl 0 A FFFFFFFFFFFF
--block no:0, key type:A, key:ff ff ff ff ff ff           
#db# READ BLOCK FINISHED                 
isOk:01 data:04 7c 5e 82 f4 38 80 08 44 00 12 01 11 00 15 14           
proxmark3>
proxmark3> hf mf rdbl 1 A FFFFFFFFFFFF
--block no:1, key type:A, key:ff ff ff ff ff ff           
#db# READ BLOCK FINISHED                 
isOk:01 data:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
proxmark3>
proxmark3> hf mf rdbl 2 A FFFFFFFFFFFF
--block no:2, key type:A, key:ff ff ff ff ff ff           
#db# READ BLOCK FINISHED                 
isOk:01 data:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
proxmark3>
proxmark3> hf mf rdbl 3 A FFFFFFFFFFFF
--block no:3, key type:A, key:ff ff ff ff ff ff           
#db# READ BLOCK FINISHED                 
isOk:01 data:00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff           
proxmark3>

The block 3 data already posted earlier ... now I left only a valid blank card , 2 blank cards are locked ...

Offline

#36 2015-02-14 16:46:58

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

I dont understand,  you say you can't read block0,   then you show from the output that you can read...

proxmark3> hf mf rdsc 0 A FFFFFFFFFFFF
--sector no:0 key type:A key:ff ff ff ff ff ff           
#db# READ SECTOR FINISHED                 
isOk:01         
data   : 04 7c 5e 82 f4 38 80 08 44 00 12 01 11 00 15 14           
data   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
data   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
trailer: 00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff           
proxmark3> 

Offline

#37 2015-02-14 16:48:27

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

1. You can read block 0 on original tag.
2  You can read block 0 on clone tag.

You need to be a bit more detailed.

Offline

#38 2015-02-14 17:26:19

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

cloned card data here, can't read

proxmark3> hf 14a reader
ATQA : 00 44         
UID : 04 7c 5e 82 f4 38 80           
SAK : 08 [2]         
MANUFACTURER : NXP Semiconductors Germany         
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1         
SAK incorrectly claims that card doesn't support RATS         
ATS : 09 78 00 91 02 da bc 19 10 f0 05           
       -  TL : length is 9 bytes         
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)         
       - TA1 : different divisors are supported, DR: [], DS: []         
       - TB1 : SFGI = 1 (SFGT = 8192/fc), FWI = 9 (FWT = 2097152/fc)         
       - TC1 : NAD is NOT supported, CID is supported         
       -  HB : da bc 19 10           
Answers to chinese magic backdoor commands: NO         
proxmark3>
proxmark3> hf mf rdsc 0 A FFFFFFFFFFFF
--sector no:0 key type:A key:ff ff ff ff ff ff           
#db# Authentication failed. Card timeout.                 
#db# Auth error                 
#db# READ SECTOR FINISHED                 
isOk:00         
proxmark3>
proxmark3> hf mf rdbl 0 A FFFFFFFFFFFF
--block no:0, key type:A, key:ff ff ff ff ff ff           
#db# Authentication failed. Card timeout.                 
#db# Auth error                 
#db# READ BLOCK FINISHED                 
isOk:00         
proxmark3>

Offline

#39 2015-02-14 18:34:46

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

anyone can help ? I need to reset my clone card .... in order to test again. thanks .

Offline

#40 2015-02-15 14:15:44

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

Try reading your sector trailer on the clone-tag.
Btw,  is it a magic one or just a blank tag you are using?

Offline

#41 2015-02-15 15:33:07

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

The card was locked, can't read anything.

Btw, have you ever successfully clone a mf 7 bytes ??

Offline

#42 2015-02-15 15:54:04

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

I can't test it since I don't have a mifare classic w 7b UID. 
how did you write to the clone-tag?  Did you write to the Sector0 Block0?   And you didn't answer my question on what type of clone tag you are using.

Offline

#43 2015-02-15 16:16:18

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

iceman wrote:

Since you got the keys, ffffffffffff, you will not have an issue with copying it.

hint:  use the lua script for checking keys instead. It uses a lot more for found default keys.

I see, I thought you have successful cloned the 7 bytes UID  before.
now I.m trying to find a way to recover the cloned cards. hope it will.

The blank card info below, already posted earlier.

ATQA : 00 44
UID : 00 00 00 00 00 00 00
SAK : 08 [2]
MANUFACTURER : no tag-info available
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
SAK incorrectly claims that card doesn't support RATS
ATS : 09 78 00 91 02 da bc 19 10 f0 05
- TL : length is 9 bytes
- T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)
- TA1 : different divisors are supported, DR: [], DS: []
- TB1 : SFGI = 1 (SFGT = 8192/fc), FWI = 9 (FWT = 2097152/fc)
- TC1 : NAD is NOT supported, CID is supported
- HB : da bc 19 10
Answers to chinese magic backdoor commands: NO
--sector no:0 key type:A key:ff ff ff ff ff ff

Offline

#44 2015-02-15 19:43:22

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

The only 7uid tags I've seen is the MifareDesfire.

But now I understand better.
Your card doesn't work since block0 seems to be clear.. (UID: 0x00 0x00 0x00...)

It seems to me that your tag is a chinese magic generation 2 tag.   And given that you can't use the normal  "hf mf wrbl 0"  ? (yes/no)
Then you need to use the  "hf 14a raw"  command  to write a new  block0.

Offline

#45 2015-02-15 22:14:57

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Darkside attack not working ??

A magic card with 7bytes uid? Can you tell where you bought it?

Offline

#46 2015-02-15 22:51:37

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

Yeah, I also want to know that.

Offline

#47 2015-02-15 23:09:18

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Darkside attack not working ??

Did he 0 the UID so as not to release his tags UID?

Offline

#48 2015-02-15 23:33:40

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

hm, could be that.  then he doesn't have a magic tag..
but what does he mean with "tag is locked" ,   he uses a default key (ffffffffffff) ..  He should maybe do a   "hf mf nested"  to get the present keys from his blank tag..

Offline

#49 2015-02-16 04:14:13

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

All the answers are posted earlier, from the output,  please take a closer look .

The UID successfully written to blank card, but can't be accessed, that's it.

I'm more concern how to recover the cloned cards. Can't find any other cmd to access it.

Offline

#50 2015-02-16 16:41:19

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

iceman wrote:

hm, could be that.  then he doesn't have a magic tag..
but what does he mean with "tag is locked" ,   he uses a default key (ffffffffffff) ..  He should maybe do a   "hf mf nested"  to get the present keys from his blank tag..


Since you don't have 7 bytes tag, you can try 4 bytes magic card with this cmd " hf mf wrbl 0 A FFFFFFFFFFFF 04265f82f43880084400120111001514 ".

Then you tell me what happen.

Offline

Board footer

Powered by FluxBB