Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2016-04-26 19:11:57

Christian22
Contributor
Registered: 2016-04-11
Posts: 13

[solved] MiZip Key hardnested/calc

Hello,

I've got a MiZip Key (with the UID EA B7 BD DC)  and took the new hardnested version from iceman.
I found 5 Keys:

|---|----------------|---|----------------|---|          
|sec|key A           |res|key B           |res|          
|---|----------------|---|----------------|---|          
|000|  a0a1a2a3a4a5  | 1 |  b4c132439eef  | 1 |          
|001|  e3a5e7f96352  | 1 |  4cf06ee465fd  | 1 |          
|002|  ffffffffffff  | 0 |  ce3b73498f9d  | 1 |          
|003|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|004|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|---|----------------|---|----------------|---| 

The others keys I can not brute force - I don't know why. I got every time the known keys.
What's my fault?
The commands I took:

hf mf hardnested 0 B b4c132439eef 1 B w s
hf mf hardnested 0 B b4c132439eef 2 B w s
hf mf hardnested 0 A a0a1a2a3a4a5 1 A w s
etc. ...

Or is it possible, that someone could calculate the unknown keys?

Last edited by Christian22 (2016-04-27 20:42:50)

Offline

#2 2016-04-26 19:48:31

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved] MiZip Key hardnested/calc

What the sector access bytes showing?

Do you need to use "slow collection of nonces" ?

Offline

#3 2016-04-26 20:02:01

Christian22
Contributor
Registered: 2016-04-11
Posts: 13

Re: [solved] MiZip Key hardnested/calc

I've tested w/o the "slow collection of nonces" too. It's the same.

The access bytes for knowing sectors:
sector 0: 78 77 88 C1
sector 1: 78 77 88 30
sector 2: 78 77 88 0E

Offline

#4 2016-04-26 20:20:43

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved] MiZip Key hardnested/calc

Since the hardnested is called with blocks,  and your list is in sectors,   I hope you didn't do same misstake as I did when I tested it.. So for sector 3, it would need a block number of 12,13,14,15 to target it.

Offline

#5 2016-04-27 12:01:36

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved] MiZip Key hardnested/calc

UID
EA B7 BD DC

KEY A
a0a1a2a3a4a5
E3A5E7F96352
41C274EB7898
08C5FC73C6BE
DBCD0AF3AE27

KEY B
b4c132439eef
4CF06EE465FD
CE3B73498F9D
1791F9C1EB72
0DCFCD909021

Offline

#6 2016-04-27 15:20:09

Christian22
Contributor
Registered: 2016-04-11
Posts: 13

Re: [solved] MiZip Key hardnested/calc

iceman wrote:

Since the hardnested is called with blocks,  and your list is in sectors,   I hope you didn't do same misstake as I did when I tested it.. So for sector 3, it would med a block number of 12,13,14,15 to target it.

You're so right!!! I did the same mistake... With the block number 12 I get another key.
Thanks for the great help!

I get the same keys that you post above - and all are right. Did you calculate it? Is it XOR?

Offline

#7 2016-04-27 15:50:20

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved] MiZip Key hardnested/calc

The MIzip keygen algo is known and yes it involves xor:ing among others.

Offline

#8 2016-04-27 19:30:39

Christian22
Contributor
Registered: 2016-04-11
Posts: 13

Re: [solved] MiZip Key hardnested/calc

Known means I find it at a google search or it's known, but not public?

Offline

#9 2016-04-27 19:43:38

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved] MiZip Key hardnested/calc

It means that its been figured out.   whether or not it has been release into the public is different story.  But if I were you, I'd brush up on my italian.

Offline

#10 2016-04-27 19:59:39

Christian22
Contributor
Registered: 2016-04-11
Posts: 13

Re: [solved] MiZip Key hardnested/calc

Thank you iceman - you help me a lot!
First thing to do is figure out what the blocks on the mizip card means.

Offline

#11 2016-04-27 20:16:40

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved] MiZip Key hardnested/calc

One of these days, you will be helping me.

But for now, I would be pleased if you edit your first post, adding "[solved]" before your present title. 

I, among others, are curious on your progress so please do start a new thread regarding your findings in datamapping a MiZip Key.

Offline

#12 2016-04-29 14:24:10

skappy
Contributor
Registered: 2014-01-13
Posts: 91

Re: [solved] MiZip Key hardnested/calc

Dear all,
may I ask you what kind of antenna are you using with Mizip tag please ?
I'm tying to use the standard PM3 loop with hirose connector but the tag is not detected...
Thank you very much for your help !
Have a great day

Offline

#13 2016-04-29 18:57:47

Christian22
Contributor
Registered: 2016-04-11
Posts: 13

Re: [solved] MiZip Key hardnested/calc

Hey skappy,

I've got the pm3 v2 set from elechouse. This antenna works with no problems.

Offline

#14 2016-05-12 16:35:41

skappy
Contributor
Registered: 2014-01-13
Posts: 91

Re: [solved] MiZip Key hardnested/calc

Dear Christian,

Thank you very much for this information. I keep trying to build a antenna for my proxmark but voltage still too low ... :-(

May i ask you, if according to you, a mizip tag can be duplicated please ?

Thank you , have a great day

Offline

Board footer

Powered by FluxBB