Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2015-05-10 09:17:58
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
hf 14a sim x -- new functionality
I was playing with the pm3 last night, and got inspired. When I looked at the "hf mf sim" commands with @holimans addition of a "x" option I thought that was real nice.
After noticing that the "hf 14a sim" can collect the same data, I added the "x" parameter for it.
However that wasn't good enough. Its a start but not how I want to use "x" option.
So I looked in the source of "mfkey32", to see what happens.
It turns out not to be so much and after some failures I added the basics of mfkey32 in to the PM3 Client.
Its not done, still work in progress, but its getting there.
This is how it looks in action,.
pm3 --> hf 14a sim h
Emulating ISO/IEC 14443 type A tag with 4 or 7 byte UID
Usage: hf 14a sim t <type> u <uid> x
Options :
h : this help
t : 1 = MIFARE Classic
2 = MIFARE Ultralight
3 = MIFARE Desfire
4 = ISO/IEC 14443-4
5 = MIFARE Tnp3xxx
6 = MIFARE Mini
u : 4 or 7 byte UID
x : (Optional) performs the 'reader attack', nr/ar attack against a legitimate reader
sample : hf 14a sim t 1 u 1122344
: hf 14a sim t 1 u 1122344 xpm3 ~/client$ proxmark3.exe com3
pm3 --> hf mf dbg 1
#db# Debug level: 1
pm3 --> hf 14a sim u 04e936628f3380 t 6 x
Emulating ISO/IEC 14443 type A tag with 7 byte UID (04e936628f3380)
Press pm3-button to abort simulation
#db# Received unknown command (len=2):
#db# f1 0e
Found Key: [ebf4e3a3ec13]
Found Key: [ebf4e3a3ec13]
#db# Received unknown command (len=4):
#db# 71 cc 04 01
#db# Received unknown command (len=2):
#db# 7f 00
#db# Received unknown command (len=4):
#db# 71 cc 04 01
Found Key: [ebf4e3a3ec13]
#db# Received unknown command (len=4):
#db# 71 cc 04 01
#db# Received unknown command (len=2):
#db# f1 0e
#db# Received unknown command (len=1):
#db# 04
Found Key: [ebf4e3a3ec13]Offline
#2 2015-06-23 00:12:42
- steve
- Contributor
- Registered: 2014-09-15
- Posts: 17
Re: hf 14a sim x -- new functionality
Very nice, thanks. I've now built a (very hackish) proxdroid client based on your branch, to enable key extraction with just the proxmark and an android device (ie no laptop needed). I hope I'll be able to try it out tomorrow.
Offline
#3 2015-06-23 07:00:15
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: hf 14a sim x -- new functionality
the "x" parameter functionality is very experimental. Don't expect too much from it.
Offline
#4 2015-06-23 07:15:58
- piwi
- Contributor
- Registered: 2013-06-04
- Posts: 704
Re: hf 14a sim x -- new functionality
The mifare authentication commands (and therefore the keys) aren't part of ISO14443 but are Mifare proprietary. I therefore don't think that the key extraction option should be in hf 14a sim. And why duplicate a functionality which is already in hf mf sim?
Offline
#5 2015-06-23 08:02:29
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: hf 14a sim x -- new functionality
If you have a problem with that, then the ntag sim really gonna irritate you 
Since the "hf mf sim" was being buggy for a long while now... there was some changes... I took the 14a and added functionality to it instead since it was working.
Offline
Pages: 1