Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

Pages: 1

#1 2015-10-25 17:15:20

jgarnham
Contributor
Registered: 2015-10-25
Posts: 11

Retrieving keys using MFOC : distance varies significantly

I've been trying to use MFOC along with my ACR122U reader to retrieve the keys from my MIFARE Classic 4K card. When using MFOCi it indicates that the card uses some of the default keys, two of them twice. And then starts to try to crack the others using one of these (initially the default fffffffffff… key). Unfortunately even with the number of probes set to a very high number like 20000 it never succeeds.

Noticeably the distance returned for each probe varies significantly, going from up in the 40000s down to the high 10000s — I assume this is problematic given screenshots from others whose distance is in a very small range.

Initially this was occurring in Ubuntu in VMWare on my MBP, which given others issues with virtualisation and MFOC thought may have been the issue so I switched to using a Ubuntu Live USB on my MBP and the issue persisted.

What is likely the cause of the issues here? MFOC? The reader? The card or the laptop itself?

Offline

#2 2015-10-25 19:51:09

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Retrieving keys using MFOC : distance varies significantly

If you want answers about MFOC and ACR122U readers, I would suggest you raise them in their forums instead of here.

Offline

#3 2015-10-25 23:07:17

jgarnham
Contributor
Registered: 2015-10-25
Posts: 11

Re: Retrieving keys using MFOC : distance varies significantly

iceman wrote:

If you want answers about MFOC and ACR122U readers, I would suggest you raise them in their forums instead of here.

I will do but any help from those who have done similar here would be of use also.

Offline

#4 2015-10-26 13:29:53

jgarnham
Contributor
Registered: 2015-10-25
Posts: 11

Re: Retrieving keys using MFOC : distance varies significantly

iceman wrote:

If you want answers about MFOC and ACR122U readers, I would suggest you raise them in their forums instead of here.

Is there any way to check if my Mifare Classic card is a new one with a fixed Random Number Generator? I'm thinking that may be the cause of my issues.

Offline

#5 2015-10-26 13:41:59

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Retrieving keys using MFOC : distance varies significantly

If you have a PM3, then you can run the "hf mf mifare" command to get some feedback about whether the tag is vuln or not.

Offline

#6 2015-10-26 15:19:10

jgarnham
Contributor
Registered: 2015-10-25
Posts: 11

Re: Retrieving keys using MFOC : distance varies significantly

iceman wrote:

If you have a PM3, then you can run the "hf mf mifare" command to get some feedback about whether the tag is vuln or not.

Thanks. If it is using a fixed RNG are they still possible to crack using another method?

Offline

#7 2015-10-26 17:11:29

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Retrieving keys using MFOC : distance varies significantly

if you read some threads on this forum, you find your answer.

Offline

#8 2015-10-26 22:32:52

jgarnham
Contributor
Registered: 2015-10-25
Posts: 11

Re: Retrieving keys using MFOC : distance varies significantly

iceman wrote:

if you read some threads on this forum, you find your answer.

Will do. One other query, do Mifare Classics' with fixed RNG only have 7 byte UIDs or can they have 8 byte UIDs too?

Offline

#9 2015-10-26 22:43:49

meter
Contributor
Registered: 2015-07-13
Posts: 78

Re: Retrieving keys using MFOC : distance varies significantly

I never seen a mifare with 8 bytes UID but only 4 or 7. I have a Mifare with PRNG fixed and 4 byte UID, so UID is not a difference.

Offline

#10 2015-10-26 22:49:05

jgarnham
Contributor
Registered: 2015-10-25
Posts: 11

Re: Retrieving keys using MFOC : distance varies significantly

meter wrote:

I never seen a mifare with 8 bytes UID but only 4 or 7. I have a Mifare with PRNG fixed and 4 byte UID, so UID is not a difference.

nfc-list reports the following:

UID (NFCID1): ab  0c  e1  38

Offline

#11 2015-10-26 22:50:05

jgarnham
Contributor
Registered: 2015-10-25
Posts: 11

Re: Retrieving keys using MFOC : distance varies significantly

Sorry, meant to say 4 in that original post.

Offline

#12 2015-10-26 22:51:05

jgarnham
Contributor
Registered: 2015-10-25
Posts: 11

Re: Retrieving keys using MFOC : distance varies significantly

meter wrote:

I never seen a mifare with 8 bytes UID but only 4 or 7. I have a Mifare with PRNG fixed and 4 byte UID, so UID is not a difference.

Was using PM3 the only way you could tell if the PRNG was fixed?

Offline

Pages: 1

Board footer

Powered by FluxBB