Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2015-05-10 09:17:58

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

hf 14a sim x -- new functionality

I was playing with the pm3 last night, and got inspired.  When I looked at the "hf mf sim" commands with @holimans addition of a "x" option I thought that was real nice.

After noticing that the "hf 14a sim" can collect the same data, I added the "x" parameter for it.
However that wasn't good enough.  Its a start but not how I want to use "x" option.

So I looked in the source of "mfkey32",  to see what happens. 
It turns out not to be so much and after some failures I added the basics of mfkey32 in to the PM3 Client.

Its not done,  still work in progress,  but its getting there.


This is how it looks in action,.

pm3 --> hf 14a sim h

 Emulating ISO/IEC 14443 type A tag with 4 or 7 byte UID

Usage: hf 14a sim t <type> u <uid> x
  Options :
    h     : this help
    t     : 1 = MIFARE Classic
            2 = MIFARE Ultralight
            3 = MIFARE Desfire
            4 = ISO/IEC 14443-4
            5 = MIFARE Tnp3xxx
            6 = MIFARE Mini
    u     : 4 or 7 byte UID
    x     : (Optional) performs the 'reader attack', nr/ar attack against a legitimate reader

   sample : hf 14a sim t 1 u 1122344
          : hf 14a sim t 1 u 1122344 x
pm3 ~/client$ proxmark3.exe com3
pm3 --> hf mf dbg 1
#db# Debug level: 1
pm3 --> hf 14a sim u  04e936628f3380 t 6 x
Emulating ISO/IEC 14443 type A tag with 7 byte UID (04e936628f3380)
Press pm3-button to abort simulation
#db# Received unknown command (len=2):
#db# f1 0e

Found Key: [ebf4e3a3ec13]



Found Key: [ebf4e3a3ec13]


#db# Received unknown command (len=4):
#db# 71 cc 04 01
#db# Received unknown command (len=2):
#db# 7f 00
#db# Received unknown command (len=4):
#db# 71 cc 04 01

Found Key: [ebf4e3a3ec13]


#db# Received unknown command (len=4):
#db# 71 cc 04 01
#db# Received unknown command (len=2):
#db# f1 0e
#db# Received unknown command (len=1):
#db# 04

Found Key: [ebf4e3a3ec13]

Offline

#2 2015-06-23 00:12:42

steve
Contributor
Registered: 2014-09-15
Posts: 17

Re: hf 14a sim x -- new functionality

Very nice, thanks. I've now built a (very hackish) proxdroid client based on your branch, to enable key extraction with just the proxmark and an android device (ie no laptop needed). I hope I'll be able to try it out tomorrow.

Offline

#3 2015-06-23 07:00:15

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: hf 14a sim x -- new functionality

the "x" parameter functionality is very experimental. Don't expect too much from it.

Offline

#4 2015-06-23 07:15:58

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: hf 14a sim x -- new functionality

The mifare authentication commands (and therefore the keys) aren't part of ISO14443 but are Mifare proprietary. I therefore don't think that the key extraction option should be in hf 14a sim. And why duplicate a functionality which is already in hf mf sim?

Offline

#5 2015-06-23 08:02:29

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: hf 14a sim x -- new functionality

If you have a problem with that,  then the ntag sim really gonna irritate you smile 

Since the "hf mf sim" was being buggy for a long while now...  there was some changes...   I took the 14a and added functionality to it instead since it was working.

Offline

Board footer

Powered by FluxBB