Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2017-06-26 02:31:02

Threshold
Contributor
Registered: 2017-03-03
Posts: 27

[solved] "hf mf mifare" not working on latest build

Well, I have a mifare card which encrypt all sectors.
On latest iceman build(which located on http://www.proxmark.org/forum/viewtopic.php?id=3975), use "hf mf mifare" command is always showing "............",and after 15 minutes,it still showing "......." ,I have to pressed the button to stop it.
(No such as "Card is not vulnerable to Darkside attack (its random number generator seems to be based on the wellknown generating polynomial with 16 effective bits only, but shows unexpected behaviour" message,I know with such message is telling me the card can't use darkside attack)
So does the offical build.

Then I flash rom back to "pm3-bin-2.5.0"(which located on http://www.proxmark.org/forum/viewtopic.php?id=1562),use same command to get a valid key is succeed.

That is weird. The "pm3-bin-2.5.0" is really very old.


EDIT:2017/07/02
Now it is working on official build as usual.

Last edited by Threshold (2017-07-02 16:25:58)

Offline

#2 2017-06-26 02:32:47

Threshold
Contributor
Registered: 2017-03-03
Posts: 27

Re: [solved] "hf mf mifare" not working on latest build

Here is some output while i using "pm3-bin-2.5.0" rom(which located on http://www.proxmark.org/forum/viewtopic.php?id=1562)

D:\Users\Threshold.DESKTOP-EI3DCFV\Documents\RFID\PM3\pm3-bin-2.5.0\win32 (client+GUI)>proxmark3 COM5
Prox/RFID mark3 RFID instrument
bootrom: iceman/master/v1.1.0-2052-gd82de922 2017-06-22 11:53:54
os: /-suspect 2015-11-19 10:08:09
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at  9: 8: 8

uC: AT91SAM7S256 Rev A
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 169916 bytes (65%). Free: 92228 bytes (35%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 256K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> hf 14a read
 UID : b1 80 23 ae
ATQA : 00 04
 SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
Answers to chinese magic backdoor commands: NO
proxmark3> hf mf mifare
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average  :-)
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
.#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
.#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card




uid(b18023ae) nt(df4a659b) par(0000000000000000) ks(0708090602020a03) nr(800000000)


|diff|{nr}    |ks3|ks3^5|parity         |
+----+--------+---+-----+---------------+
| 00 |00000000| 7 |  2  |0,0,0,0,0,0,0,0|
| 20 |00000020| 8 |  d  |0,0,0,0,0,0,0,0|
| 40 |00000040| 9 |  c  |0,0,0,0,0,0,0,0|
| 60 |00000060| 6 |  3  |0,0,0,0,0,0,0,0|
| 80 |00000080| 2 |  7  |0,0,0,0,0,0,0,0|
| a0 |000000a0| 2 |  7  |0,0,0,0,0,0,0,0|
| c0 |000000c0| a |  f  |0,0,0,0,0,0,0,0|
| e0 |000000e0| 3 |  6  |0,0,0,0,0,0,0,0|
parity is all zero,try special attack!just wait for few more seconds...
key_count:0
Key not found (lfsr_common_prefix list is null). Nt=df4a659b
Failing is expected to happen in 25% of all cases. Trying again with a different reader nonce...
.#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
.#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
.#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
.#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
.#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
.#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card




uid(b18023ae) nt(df4a659b) par(0000000000000000) ks(0a0f0f0c0b0b060a) nr(800000001)


|diff|{nr}    |ks3|ks3^5|parity         |
+----+--------+---+-----+---------------+
| 00 |00000001| a |  f  |0,0,0,0,0,0,0,0|
| 20 |00000021| f |  a  |0,0,0,0,0,0,0,0|
| 40 |00000041| f |  a  |0,0,0,0,0,0,0,0|
| 60 |00000061| c |  9  |0,0,0,0,0,0,0,0|
| 80 |00000081| b |  e  |0,0,0,0,0,0,0,0|
| a0 |000000a1| b |  e  |0,0,0,0,0,0,0,0|
| c0 |000000c1| 6 |  3  |0,0,0,0,0,0,0,0|
| e0 |000000e1| a |  f  |0,0,0,0,0,0,0,0|
parity is all zero,try special attack!just wait for few more seconds...
key_count:0
Key not found (lfsr_common_prefix list is null). Nt=df4a659b
Failing is expected to happen in 25% of all cases. Trying again with a different reader nonce...
.#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
.#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
.#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
.#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card




uid(b18023ae) nt(df4a659b) par(0000000000000000) ks(0f000707070c0205) nr(800000002)


|diff|{nr}    |ks3|ks3^5|parity         |
+----+--------+---+-----+---------------+
| 00 |00000002| f |  a  |0,0,0,0,0,0,0,0|
| 20 |00000022| 0 |  5  |0,0,0,0,0,0,0,0|
| 40 |00000042| 7 |  2  |0,0,0,0,0,0,0,0|
| 60 |00000062| 7 |  2  |0,0,0,0,0,0,0,0|
| 80 |00000082| 7 |  2  |0,0,0,0,0,0,0,0|
| a0 |000000a2| c |  9  |0,0,0,0,0,0,0,0|
| c0 |000000c2| 2 |  7  |0,0,0,0,0,0,0,0|
| e0 |000000e2| 5 |  0  |0,0,0,0,0,0,0,0|
parity is all zero,try special attack!just wait for few more seconds...
p1:4ff2 p2:67cc p3:0 key:cff7b6cc8972
p1:575f p2:7189 p3:1 key:cb6e63f9074f
p1:78e3 p2:9cd2 p3:2 key:b74af72d8379
p1:7be3 p2:a0af p3:3 key:b580af88cdc3
p1:817f p2:a7d2 p3:4 key:b25bcb7d73bb
p1:c1c2 p2:fbc1 p3:5 key:8b9728821910
p1:f8b8 p2:14309 p3:6 key:6aa9e68b4e25
p1:1091e p2:15851 p3:7 key:60c3a07b048e
p1:11993 p2:16d29 p3:8 key:56fbc6d9469d
p1:12206 p2:17841 p3:9 key:51f97383b4b5
p1:13513 p2:19110 p3:a key:469523abc419
p1:19769 p2:20e87 p3:b key:0bf868b96bb2
p1:19dc0 p2:216a8 p3:c key:082eb96c6243
key_count:13
------------------------------------------------------------------
Found valid key:51f97383b4b5

Although this rom is very old ,but it worked!

What's going on the latest rom? Is there something wrong on my operation?

Any help will be appreciate!

Last edited by Threshold (2017-06-26 05:07:13)

Offline

#3 2017-06-26 02:35:20

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: [solved] "hf mf mifare" not working on latest build

To confirm, the comment "so does the official build" indicates you tried the latest official repo code and had the same issue?

Offline

#4 2017-06-26 04:55:50

Threshold
Contributor
Registered: 2017-03-03
Posts: 27

Re: [solved] "hf mf mifare" not working on latest build

marshmellow wrote:

To confirm, the comment "so does the official build" indicates you tried the latest official repo code and had the same issue?

Sorry for my poor english. I mean the latest offical build can't succeed attack by using "hf mf mifare" command too.

This is some output while I using "hf mf mifare" command on latest offical build rom.

/*omit some same output*/
#db# Mifare: Can't select card
#db# Mifare: Can't select card
.#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
Found 315 possible keys. Trying to authenticate with each of them ...

#db# ChkKeys: Can't select card (UID)
#db# ChkKeys: Can't select card (UID)
Authentication failed. Trying again...
.#db# Mifare: Can't select card
.............................................

As you can see ,at last line it just showing "............",and then i heard proxmark3 board click sound,the proxmark3 seems reboot.

Here is my proxmark3 information:

Prox/RFID mark3 RFID instrument
bootrom: iceman/master/v1.1.0-2052-gd82de922 2017-06-22 11:53:54
os: master/v2.2.0-520-g7f2114d-suspect 2017-06-24 10:36:07
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/05/17 at 17:48:26

uC: AT91SAM7S256 Rev A
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 192473 bytes (73%). Free: 69671 bytes (27%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 256K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory

Offline

#5 2017-06-26 08:00:39

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: [solved] "hf mf mifare" not working on latest build

Latest official build is v3.0.1
Your bootrom is iceman/v1.1.0
Your firmware is master/v2.2.0

You have somehow managed to have three different versions for client, bootrom and firmware. This will fail in most cases.

Offline

#6 2017-06-26 08:16:15

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved] "hf mf mifare" not working on latest build

@op's question
It could be the distance between your tag and antenna,  you get alot of error messages "Can't select card". 
To see if the actual darkside attack has other errors, you need to set the debug level.

hf mf dbg 4
hf mf mifare
hf mf dbg 0

--Sidenote
...hold on, I've mentioned this a couple of times.  The release tag doesn't set the version data per se.   We need annotade tag,
https://git-scm.com/book/en/v2/Git-Basics-Tagging

-f force,  -a  annotaded, 
git tag -f -a v3.0.1 
git push origin v3.0.1 

This is my device with latest source from GitHub. Since I didn't download a specific tag or release the git info is

Prox/RFID mark3 RFID instrument          
bootrom: master/v2.2.0-526-g893d0fc-dirty-suspect 2017-06-26 06:33:54
os: master/v2.2.0-526-g893d0fc-dirty-suspect 2017-06-26 06:33:54
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/05/17 at 17:48:26

Offline

#7 2017-06-26 10:04:23

Threshold
Contributor
Registered: 2017-03-03
Posts: 27

Re: [solved] "hf mf mifare" not working on latest build

@iceman

Here is output with debug level 4 on iceman build,

pm3 --> hf mf mifare
-------------------------------------------------------------------------
Executing darkside attack. Expected execution time: 25sec on average :-)
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.#db# ISO14443A Timeout set to 1060 (10ms)
#db# Mifare::Sync 1592
#db# calibrating in cycle 1. nt_distance=-1210, elapsed_prng_sequences=1, new sync_cycles: 66746

#db# calibrating in cycle 2. nt_distance=-8, elapsed_prng_sequences=1, new sync_cycles: 66754

#db# Lost sync in cycle 4. nt_distance=8. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 6. nt_distance=260. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 7. nt_distance=520. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 8. nt_distance=1032. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 9. nt_distance=2064. Consecutive Resyncs = 0. Trying one time catch up...

............................................................................................................................
............................................................................................................................
...............................................................

I don't know what that mean "Lost sync in cycle".
And if i try to remove card from reader, it shows

#db# Mifare: Can't select card (UID)

===================================================================
here is output with "pm3-bin-2.5.0" with debug level 4,

proxmark3> hf mf dbg 4
#db# Debug level: 4
proxmark3> hf mf mifare
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average  :-)
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.#db# ISO14443A Timeout set to 1050 (9ms)
#db# calibrating in cycle 1. nt_distance=-1234, elapsed_prng_sequences=1, new sync_cycles: 66770

#db# calibrating in cycle 2. nt_distance=-8, elapsed_prng_sequences=1, new sync_cycles: 66778

#db# Lost sync in cycle 4. nt_distance=8. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 6. nt_distance=8. Consecutive Resyncs = 1. Trying one time catch up...

#db# Lost sync in cycle 8. nt_distance=8. Consecutive Resyncs = 1. Trying one time catch up...

#db# Lost sync in cycle 10. nt_distance=8. Consecutive Resyncs = 1. Trying one time catch up...

.#db# Lost sync in cycle 12. nt_distance=8. Consecutive Resyncs = 1. Trying one time catch up...

#db# Lost sync in cycle 14. nt_distance=8. Consecutive Resyncs = 1. Trying one time catch up...





uid(b18023ae) nt(c27de4ce) par(0000000000000000) ks(0b0a020a04090d08) nr(800000000)


|diff|{nr}    |ks3|ks3^5|parity         |
+----+--------+---+-----+---------------+
| 00 |00000000| b |  e  |0,0,0,0,0,0,0,0|
| 20 |00000020| a |  f  |0,0,0,0,0,0,0,0|
| 40 |00000040| 2 |  7  |0,0,0,0,0,0,0,0|
| 60 |00000060| a |  f  |0,0,0,0,0,0,0,0|
| 80 |00000080| 4 |  1  |0,0,0,0,0,0,0,0|
| a0 |000000a0| 9 |  c  |0,0,0,0,0,0,0,0|
| c0 |000000c0| d |  8  |0,0,0,0,0,0,0,0|
| e0 |000000e0| 8 |  d  |0,0,0,0,0,0,0,0|
parity is all zero,try special attack!just wait for few more seconds...
key_count:0
Key not found (lfsr_common_prefix list is null). Nt=c27de4ce
Failing is expected to happen in 25% of all cases. Trying again with a different reader nonce...
.#db# Mifare: Can't select card
#db# Lost sync in cycle 1. nt_distance=-1157. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 4. nt_distance=8. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 6. nt_distance=8. Consecutive Resyncs = 1. Trying one time catch up...

#db# Lost sync in cycle 8. nt_distance=620. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 9. nt_distance=621. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 10. nt_distance=-8. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 11. nt_distance=-8. Consecutive Resyncs = 1. Trying one time catch up...

.#db# Lost sync in cycle 13. nt_distance=8. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 15. nt_distance=8. Consecutive Resyncs = 1. Trying one time catch up...

#db# Lost sync in cycle 17. nt_distance=8. Consecutive Resyncs = 1. Trying one time catch up...

#db# Lost sync in cycle 19. nt_distance=8. Consecutive Resyncs = 1. Trying one time catch up...





uid(b18023ae) nt(c27de4ce) par(0000000000000000) ks(060f0b0605040902) nr(800000001)


|diff|{nr}    |ks3|ks3^5|parity         |
+----+--------+---+-----+---------------+
| 00 |00000001| 6 |  3  |0,0,0,0,0,0,0,0|
| 20 |00000021| f |  a  |0,0,0,0,0,0,0,0|
| 40 |00000041| b |  e  |0,0,0,0,0,0,0,0|
| 60 |00000061| 6 |  3  |0,0,0,0,0,0,0,0|
| 80 |00000081| 5 |  0  |0,0,0,0,0,0,0,0|
| a0 |000000a1| 4 |  1  |0,0,0,0,0,0,0,0|
| c0 |000000c1| 9 |  c  |0,0,0,0,0,0,0,0|
| e0 |000000e1| 2 |  7  |0,0,0,0,0,0,0,0|
parity is all zero,try special attack!just wait for few more seconds...
p1:1244 p2:932 p3:0 key:fea288751712
p1:14d9 p2:a71 p3:1 key:fe73dde696a5
p1:19c3 p2:d28 p3:2 key:fe0ed9a762bf
p1:1d86 p2:f12 p3:3 key:fdc69eb3dbde
p1:2b32 p2:1627 p3:4 key:fcbbf27bf630
p1:412a p2:2175 p3:5 key:fb0dd32648e7
p1:464f p2:2411 p3:6 key:faad1b8fbb2d
p1:4841 p2:2508 p3:7 key:fa884a2ca7b1
p1:60ec p2:320b p3:8 key:f8aa0bdf5c53
p1:6db5 p2:38bd p3:9 key:f7b506a31272
p1:8202 p2:42fc p3:a key:f6373e9a681e
p1:8b2d p2:4774 p3:b key:f58979a2e96a
p1:8f08 p2:4954 p3:c key:f53f2b88959d
p1:a9ae p2:571e p3:d key:f343ad14cf3e
p1:af16 p2:5a0d p3:e key:f2d4c5e74d82
p1:d20f p2:6c65 p3:f key:f029c596030c
p1:d5e5 p2:6e7d p3:10 key:efdbcc3c7420
p1:e38c p2:75d7 p3:11 key:eecd662bc9dc
p1:f23d p2:7d12 p3:12 key:edb6f5acb97a
p1:f522 p2:7e8c p3:13 key:ed7d45c3cd63
p1:f7d8 p2:7ff7 p3:14 key:ed469497278e
p1:f8b5 p2:8076 p3:15 key:ed34cd806e68
p1:fa58 p2:8147 p3:16 key:ed15ace25ec6
p1:fe4f p2:835f p3:17 key:ecca14b2dfc2
p1:11080 p2:8c95 p3:18 key:eb66b6e55207
p1:1359c p2:9fb1 p3:19 key:e892e1971301
p1:13a3e p2:a239 p3:1a key:e839197767df
p1:1450b p2:a7ca p3:1b key:e768d7407b00
p1:15311 p2:aeef p3:1c key:e65c6ba030fa
p1:15af7 p2:b2c2 p3:1d key:e5ca00833de4
p1:162c4 p2:b6fe p3:1e key:e52fca7cb132
p1:162fe p2:b71b p3:1f key:e52b976dd4af
p1:170bb p2:bdfe p3:20 key:e421e1b6a3fb
p1:1748a p2:c00b p3:21 key:e3d450cb2ee8
p1:1751a p2:c04e p3:22 key:e3c9490042eb
p1:1b737 p2:e2b9 p3:23 key:deb79aedf7c8
p1:1b835 p2:e348 p3:24 key:dea3d6336c3b
p1:1bf48 p2:e75b p3:25 key:de0f9538d871
p1:1cfde p2:efae p3:26 key:dccbf4f95fcc
p1:1f975 p2:1054c p3:27 key:d99f3ed0e070
p1:20766 p2:10c9f p3:28 key:d89524d0bdc4
p1:21735 p2:11479 p3:29 key:d76a906929ad
p1:223be p2:11b4f p3:2a key:d6724bddbf90
p1:2346a p2:123b3 p3:2b key:d53932b2f5d9
p1:263ab p2:13bed p3:2c key:d19fcea79a29
p1:29f73 p2:15a08 p3:2d key:cd22b7a2e63d
p1:2a1c2 p2:15b09 p3:2e key:ccf9c36d4c70
p1:2ca7a p2:17015 p3:2f key:c9dc6c7a2072
p1:2d419 p2:17533 p3:30 key:c923d690777f
p1:2e833 p2:17fda p3:31 key:c79da49410d5
p1:2f23f p2:18531 p3:32 key:c6dbf6035d42
p1:2fa6f p2:18989 p3:33 key:c638bd3e5b69
p1:3109f p2:19536 p3:34 key:c48311cf2cce
p1:32c1e p2:1a2ae p3:35 key:c27aebf76cff
p1:34688 p2:1b040 p3:36 key:c0776cb2c514
p1:375b5 p2:1c8e2 p3:37 key:bce4183c2a05
p1:38316 p2:1cf8e p3:38 key:bbe3a532e7af
p1:3962f p2:1d9a0 p3:39 key:ba6a96615249
p1:3ab06 p2:1e48a p3:3a key:b8caab53507f
p1:3b6ca p2:1ead5 p3:3b key:b7db41693ce8
p1:3b892 p2:1ebe3 p3:3c key:b7b74be5800d
p1:3bacd p2:1ed17 p3:3d key:b789f1e7f047
p1:3c797 p2:1f397 p3:3e key:b69321ad7a7f
p1:3e275 p2:20127 p3:3f key:b4874e313b6a
p1:3ef09 p2:20801 p3:40 key:b38c0b2f5cae
p1:4020e p2:2121c p3:41 key:b20ff0faa084
p1:410af p2:2196e p3:42 key:b0f287465319
p1:42008 p2:22148 p3:43 key:afc500428909
p1:491f4 p2:25c13 p3:44 key:a72a959b0a84
p1:4967d p2:25e60 p3:45 key:a6d1c464882f
p1:496ad p2:25e8b p3:46 key:a6cccbae2559
p1:4979c p2:25ef4 p3:47 key:a6bbc406aa72
p1:4d8c3 p2:280a3 p3:48 key:a1caf3571e59
p1:4df85 p2:28412 p3:49 key:a14423937550
p1:4f0a8 p2:28cfc p3:4a key:9ff6bc25baf2
p1:4f192 p2:28d69 p3:4b key:9fe48dfefb45
p1:4fb15 p2:2924e p3:4c key:9f26989b85e7
p1:53fef p2:2b5f9 p3:4d key:99dcd8ce06f6
p1:555ce p2:2c188 p3:4e key:982defcc1b94
p1:5673e p2:2ca90 p3:4f key:96d68fc7809b
p1:5780a p2:2d370 p3:50 key:958f102923ee
p1:584d1 p2:2da0d p3:51 key:9490d3950b94
p1:5a373 p2:2e9bb p3:52 key:9240f86e58f3
p1:5c230 p2:2f97a p3:53 key:8ff0c2888067
p1:5ef84 p2:310c0 p3:54 key:8c769bcf9f15
p1:5f998 p2:315e4 p3:55 key:8bb6cd6dab17
p1:5fdf2 p2:31826 p3:56 key:8b6092df4d45
p1:60ab6 p2:31ee4 p3:57 key:8a682dadb770
p1:60ba3 p2:31f58 p3:58 key:8a573f8c0a53
p1:61175 p2:32251 p3:59 key:89e7aece061f
p1:61697 p2:324e7 p3:5a key:89816a4cd3fd
p1:6235e p2:32b59 p3:5b key:8889e9265677
p1:62c94 p2:33016 p3:5c key:87d67ce0fe98
p1:64654 p2:33d6c p3:5d key:85e15f583bbf
p1:64917 p2:33ece p3:5e key:85ac052056d1
p1:64c2f p2:34067 p3:5f key:856e0e13544d
p1:65d58 p2:348e3 p3:60 key:842c26d784e9
p1:65df1 p2:3493e p3:61 key:841e8954ec5c
p1:6859d p2:35e05 p3:62 key:810d846fcf0f
p1:6abae p2:37169 p3:63 key:7e29dde1f1ca
p1:6b648 p2:376ef p3:64 key:7d5c2345d9f7
p1:6bd94 p2:37aba p3:65 key:7ccf16ff7c8d
p1:6d132 p2:3848a p3:66 key:7b57fda3c8dc
p1:6de77 p2:38ba0 p3:67 key:7a54b0691396
p1:6e422 p2:38e72 p3:68 key:79e8f46a1753
p1:6fee8 p2:39c1d p3:69 key:77e3d143d481
p1:70958 p2:3a141 p3:6a key:7717993f9749
p1:70f63 p2:3a452 p3:6b key:769f2bbfe406
p1:718e0 p2:3a954 p3:6c key:75e5f7f8f466
p1:720bc p2:3ad83 p3:6d key:754d0b1305d3
p1:72e5e p2:3b432 p3:6e key:744677e36240
p1:731bf p2:3b5d8 p3:6f key:740535245c0e
p1:7482f p2:3c147 p3:70 key:724f7cab6c2d
p1:756cb p2:3c832 p3:71 key:7136c7279e61
p1:76c1c p2:3d315 p3:72 key:6f8e0b264ac7
p1:770a5 p2:3d579 p3:73 key:6f3401519f20
p1:77b21 p2:3dad1 p3:74 key:6e6d58c0c628
p1:77baa p2:3db0c p3:75 key:6e63aff2487e
p1:7949a p2:3e7d6 p3:76 key:6c7eb1749b38
p1:7b258 p2:3f708 p3:77 key:6a3f1df99708
p1:7b65c p2:3f906 p3:78 key:69f0358b7713
p1:7b980 p2:3fab5 p3:79 key:69aff3a3035e
p1:7ce40 p2:40564 p3:7a key:681b8ac298ba
p1:7d521 p2:408c1 p3:7b key:6795fdaefa0d
p1:80025 p2:41ec1 p3:7c key:644ff9943774
p1:83d31 p2:43e1e p3:7d key:5f9c374cb4a4
p1:83f35 p2:43f17 p3:7e key:5f765c473e64
p1:84fa2 p2:4475b p3:7f key:5e3b91596404
p1:8a525 p2:4730f p3:80 key:57c2ad25a02d
p1:8b8ed p2:47d74 p3:81 key:563774137734
p1:8b933 p2:47d93 p3:82 key:56325e29fda7
p1:8bc14 p2:47efc p3:83 key:55fce2fa4452
p1:8c92a p2:485f0 p3:84 key:54fb22ecb0de
p1:8e60c p2:494ab p3:85 key:52be2009a3df
p1:8e91d p2:4964a p3:86 key:528155fd7b34
p1:8f03a p2:499dd p3:87 key:51f97383b4b5
p1:8f8d9 p2:49e24 p3:88 key:51546c0fcb3f
p1:90ea5 p2:4a9b2 p3:89 key:4fa5631c926e
p1:9147d p2:4acaf p3:8a key:4f3191891447
p1:91a46 p2:4afa6 p3:8b key:4ec26bd76b46
p1:921eb p2:4b393 p3:8c key:4e2b9d5dc10e
p1:924ce p2:4b52d p3:8d key:4df0550facdd
p1:93a3b p2:4c058 p3:8e key:4c4e0aadc6f6
p1:94b22 p2:4c952 p3:8f key:4b0863909b82
p1:94d13 p2:4ca3e p3:90 key:4ae3c1d21090
p1:95633 p2:4ceca p3:91 key:4a381a5c7f91
p1:97337 p2:4ddc0 p3:92 key:4807d42d792a
p1:9775b p2:4dfef p3:93 key:47b59cb7428e
p1:97ff5 p2:4e46e p3:94 key:470eb09a6c11
p1:9876f p2:4e843 p3:95 key:46810833a34f
p1:988db p2:4e8d7 p3:96 key:4667898567ec
p1:989e8 p2:4e951 p3:97 key:46549f7a5e56
p1:98a3f p2:4e978 p3:98 key:464e782be64e
p1:98b2a p2:4e9f8 p3:99 key:463c7b896835
p1:98bb4 p2:4ea4d p3:9a key:4630cc56d634
p1:99e7d p2:4f3f4 p3:9b key:44c1c85596e1
p1:9a25f p2:4f5df p3:9c key:44758d2c4165
p1:9a545 p2:4f771 p3:9d key:443ddd84eff4
p1:9cdfe p2:50c5f p3:9e key:413459b63576
p1:9ee16 p2:51d56 p3:9f key:3eb8ef194527
p1:9ff6c p2:526b4 p3:a0 key:3d5e88af8a78
p1:a1170 p2:53003 p3:a1 key:3bfa1828b315
p1:a1e74 p2:536cc p3:a2 key:3af67eb71f9a
p1:a20e6 p2:5380f p3:a3 key:3ac588028558
p1:a295e p2:53c83 p3:a4 key:3a1fbc1b24f6
p1:a34fb p2:542a4 p3:a5 key:39402e390af4
p1:a3e99 p2:547a6 p3:a6 key:38887b62e419
p1:a415b p2:5492d p3:a7 key:385156077eb7
p1:a4444 p2:54acb p3:a8 key:3819e3182e10
p1:a5554 p2:55356 p3:a9 key:36d029dc20d2
p1:a6d16 p2:55fe4 p3:aa key:34f6721fe2cc
p1:a8561 p2:56c75 p3:ab key:33221db47f6e
p1:a9afc p2:577ae p3:ac key:317f656a7c2c
p1:aa093 p2:57a7c p3:ad key:3114a3cc7351
p1:abb3b p2:5880e p3:ae key:2f0d441fd501
p1:acd36 p2:5919e p3:af key:2da972337ecb
p1:ae649 p2:59eaa p3:b0 key:2bc480a5fe95
p1:af0ab p2:5a3c6 p3:b1 key:2b02f52be646
p1:afe29 p2:5aa95 p3:b2 key:29fcbca84a9c
p1:b0169 p2:5ac5d p3:b3 key:29bd23b6734e
p1:b0ec8 p2:5b369 p3:b4 key:28bde7d3dfbf
p1:b15d7 p2:5b6d6 p3:b5 key:28385e1f0070
p1:b568f p2:5d8a7 p3:b6 key:23499eb52a5f
p1:b665d p2:5e0af p3:b7 key:221b09fa2370
p1:b6680 p2:5e0b8 p3:b8 key:2218d9ffc93b
p1:b7298 p2:5e72d p3:b9 key:212c7ddaccf5
p1:b778d p2:5e9da p3:ba key:20ce27ed7c0f
p1:b7f72 p2:5ed9e p3:bb key:203a45cfd42c
p1:b83d0 p2:5f00d p3:bc key:1fe376268f5b
p1:b8d76 p2:5f533 p3:bd key:1f2474388d45
p1:b8dbe p2:5f560 p3:be key:1f1f49d4171e
p1:b8fca p2:5f685 p3:bf key:1ef453fc9372
p1:ba067 p2:5ff75 p3:c0 key:1dae84b1f4f3
p1:ba093 p2:5ff8e p3:c1 key:1daade48c24c
p1:bbdf2 p2:60e85 p3:c2 key:1b70518d3000
p1:bbe41 p2:60eaa p3:c3 key:1b6af3b11aa8
p1:bc1b6 p2:61079 p3:c4 key:1b26950d017a
p1:bce64 p2:616e3 p3:c5 key:1a313572fbf5
p1:bd439 p2:619cf p3:c6 key:19be40c96c3a
p1:bd71d p2:61b29 p3:c7 key:1988cdf0a454
p1:bdcd8 p2:61e4e p3:c8 key:191755038fa0
p1:be90a p2:624a1 p3:c9 key:182df576a2b0
p1:bed3e p2:626c6 p3:ca key:17dbe0883dc1
p1:c0bbb p2:6366a p3:cb key:15829cab5797
p1:c1152 p2:6391e p3:cc key:15171fd99788
p1:c215b p2:6415d p3:cd key:13e0c28a2ec6
p1:c2410 p2:642a6 p3:ce key:13af0f780218
p1:c3720 p2:64c6c p3:cf key:1237bc99320d
p1:c52d7 p2:65a84 p3:d0 key:101bebb4d9a3
p1:c6125 p2:661a2 p3:d1 key:0f077cdf505f
p1:c65f8 p2:66449 p3:d2 key:0ea8c007ae90
p1:c6bcf p2:6679f p3:d3 key:0e3255dea04a
p1:c8102 p2:67293 p3:d4 key:0c91cea72868
p1:c815f p2:672c8 p3:d5 key:0c89e873cb6c
p1:ca457 p2:684c6 p3:d6 key:09de949544d9
p1:cbe21 p2:691fe p3:d7 key:07e8a451ccaa
p1:cc508 p2:695c7 p3:d8 key:075ef3299f12
p1:cca61 p2:69891 p3:d9 key:06f5669d3511
p1:cf121 p2:6ac88 p3:da key:0405ee43bdca
p1:d0c8b p2:6baae p3:db key:01f474dc24e7
p1:d1e58 p2:6c40d p3:dc key:0096108548f0
p1:d1fd4 p2:6c4c0 p3:dd key:0077da671982
key_count:222
------------------------------------------------------------------
Found valid key:51f97383b4b5


proxmark3>

Offline

#8 2017-06-26 10:08:17

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved] "hf mf mifare" not working on latest build

ok, just to make sure.  Did you pull the latest source from github and  recompiled/flashed ?   
I'm just trying to verify that you were on v3.0.1

Offline

#9 2017-06-26 10:55:13

Threshold
Contributor
Registered: 2017-03-03
Posts: 27

Re: [solved] "hf mf mifare" not working on latest build

iceman wrote:

ok, just to make sure.  Did you pull the latest source from github and  recompiled/flashed ?   
I'm just trying to verify that you were on v3.0.1

Sorry,I don't have ProxSpace, and I download the @gator96100 build on this threadhttp://www.proxmark.org/forum/viewtopic.php?id=3975. which latest iceman build on his thread is 20170622 and official is 20170624

Thanks for your help.

Offline

#10 2017-06-26 11:34:01

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: [solved] "hf mf mifare" not working on latest build

Did you flash the bootrom and fullimage (os)?

Offline

#11 2017-06-26 12:48:08

Threshold
Contributor
Registered: 2017-03-03
Posts: 27

Re: [solved] "hf mf mifare" not working on latest build

marshmellow wrote:

Did you flash the bootrom and fullimage (os)?

yep, I already test it with  flash each bootrom and fullimage, it won't work too. I think bootrom is not the problem.
"hf mf mifare" Only worked on "pm3-bin-2.5.0".

Offline

#12 2017-06-26 12:53:45

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved] "hf mf mifare" not working on latest build

Well,  I've been testing hf mf mifare on both Pm3 v3.0.1 and icemanfork v1.7.1    and it works on both. So I'm not convinced that there is a bug in the code yet.  More likely @op is doing something wrong.

Offline

#13 2017-06-26 15:56:12

seanedu
Contributor
From: Canada
Registered: 2017-04-12
Posts: 105

Re: [solved] "hf mf mifare" not working on latest build

@ piwi
Hi,I just noticed that I have a same problem with Treshold,my bootrom ver 1.1 and os is ver 2.2,same like Treshold's ver,until now most of commands were working fine,I actually did use precompiled official
sw from gator 9600,can you give me an instruction how to get same  version for both  in order to get it work right.

Thanks in advance

Offline

#14 2017-06-26 16:10:08

Threshold
Contributor
Registered: 2017-03-03
Posts: 27

Re: [solved] "hf mf mifare" not working on latest build

iceman wrote:

Well,  I've been testing hf mf mifare on both Pm3 v3.0.1 and icemanfork v1.7.1    and it works on both. So I'm not convinced that there is a bug in the code yet.  More likely @op is doing something wrong.

@iceman Could you please upload your worked build , and i test it if something wrong with my firmware.
Thanks again! smile  Sorry to bother you so much.

Offline

#15 2017-06-26 16:15:54

Threshold
Contributor
Registered: 2017-03-03
Posts: 27

Re: [solved] "hf mf mifare" not working on latest build

piwi wrote:

Latest official build is v3.0.1
Your bootrom is iceman/v1.1.0
Your firmware is master/v2.2.0

You have somehow managed to have three different versions for client, bootrom and firmware. This will fail in most cases.

Could you please upload your working build, and i will test if something wrong with my bootrom and firmware.
Thanks a lot! smile

Offline

#16 2017-06-26 16:17:57

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved] "hf mf mifare" not working on latest build

My working build is on github,  just download it from there.

Offline

#17 2017-06-26 17:07:42

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: [solved] "hf mf mifare" not working on latest build

Did you try to increase the distance between antenna and card?
Don't place the card directly on the antenna.

Offline

#18 2017-06-26 17:22:38

Threshold
Contributor
Registered: 2017-03-03
Posts: 27

Re: [solved] "hf mf mifare" not working on latest build

Seems not work again. I compile latest iceman on my computer and I flash it.
Output inf0 with debug level 4 on latest iceman build:

Proxmark3 RFID instrument
bootrom: iceman/master/v1.1.0-2055-g4d189095 2017-06-27 13:59:19
os: iceman/master/v1.1.0-2055-g4d189095 2017-06-27 14:01:17
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at  9: 8: 8

uC: AT91SAM7S256 Rev A
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 216690 bytes (83%). Free: 45454 bytes (17%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 256K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
pm3 --> hf 14a reader
 UID : B1 80 23 AE 
ATQA : 00 04
 SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
Answers to magic commands: NO
Prng detection: WEAK (darkside)
pm3 --> hf mf dbg 4
#db# Debug level: 4
pm3 --> hf mf mifare
#db# ISO14443A Timeout set to 1060 (10ms)
#db# Mifare::Sync 2320
#db# calibrating in cycle 1. nt_distance=-1210, elapsed_prng_sequences=1, new sync_cycles: 66746

#db# calibrating in cycle 2. nt_distance=-8, elapsed_prng_sequences=1, new sync_cycles: 66754

#db# Lost sync in cycle 4. nt_distance=8. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 5. nt_distance=16. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 6. nt_distance=32. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 7. nt_distance=64. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 8. nt_distance=128. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 9. nt_distance=256. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 10. nt_distance=512. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 11. nt_distance=1024. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 12. nt_distance=2048. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 13. nt_distance=4096. Consecutive Resyncs = 0. Trying one time catch up...

.........................................................................................................................................
.........................................................................................................

#db# Number of sent auth requestes: 3411
Button pressed. Aborted.

When i back to official build,my proxmark3 seems rebooted after running "hf mf mifare" command after 2 minutes.I can hear the click sound.

Last edited by Threshold (2017-06-27 08:58:48)

Offline

#19 2017-06-27 08:53:56

Threshold
Contributor
Registered: 2017-03-03
Posts: 27

Re: [solved] "hf mf mifare" not working on latest build

v1.7.1 iceman build firmware:

Proxmark3 RFID instrument
bootrom: iceman/autoBuild/ 2017-06-27 15:05:30
os: iceman/autoBuild/ 2017-06-27 15:07:33
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at  9: 8: 8

uC: AT91SAM7S256 Rev A
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 216650 bytes (83%). Free: 45494 bytes (17%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 256K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
pm3 --> hf 14a reader
 UID : B1 80 23 AE 
ATQA : 00 04
 SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
Answers to magic commands: NO
pm3 --> hf mf dbg 4
#db# Debug level: 4
pm3 --> hf mf mifare
#db# ISO14443A Timeout set to 1060 (10ms)
#db# Mifare::Sync 2184
#db# calibrating in cycle 1. nt_distance=-1210, elapsed_prng_sequences=1, new sync_cycles: 66746

#db# calibrating in cycle 2. nt_distance=-8, elapsed_prng_sequences=1, new sync_cycles: 66754

#db# Lost sync in cycle 4. nt_distance=8. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 5. nt_distance=16. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 6. nt_distance=32. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 7. nt_distance=64. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 8. nt_distance=128. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 9. nt_distance=256. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 10. nt_distance=512. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 11. nt_distance=1024. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 12. nt_distance=2048. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 13. nt_distance=4096. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 16. nt_distance=1263. Consecutive Resyncs = 0. Trying one time catch up...
.....................................................................................................................................
........................................................................................................
#db# Lost sync in cycle 3940. nt_distance=4095. Consecutive Resyncs = 0. Trying one time catch up...

#db# Lost sync in cycle 4890. nt_distance=4094. Consecutive Resyncs = 0. Trying one time catch up...

#db# Number of sent auth requestes: 5306
Button pressed. Aborted.

@piwi I tried increase distance between card and antenna, it won't work too.
Just don't know why it worked on "pm3-bin-2.5.0" while card at same postion on antenna.

Last edited by Threshold (2017-06-27 10:05:49)

Offline

#20 2017-06-27 09:08:22

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved] "hf mf mifare" not working on latest build

and now turn off  debugging with "hf mf dbg 0",  since it interupts the critical timings,   and try running the attack again...

Offline

#21 2017-06-27 10:15:38

Threshold
Contributor
Registered: 2017-03-03
Posts: 27

Re: [solved] "hf mf mifare" not working on latest build

@iceman
Seems not work at my enviroment or device.
I compile your repository by @gator96100's ProxSpace,And I flash it into my device,Here is output:

D:\Windows\RFID\pm3\iceman-20170627\win32>proxmark3 COM3
Proxmark3 RFID instrument
bootrom: iceman/master/v1.1.0-2055-g4d189095 2017-06-27 13:59:19
os: iceman/master/v1.1.0-2055-g4d189095 2017-06-27 14:01:17
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at  9: 8: 8

uC: AT91SAM7S256 Rev A
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 216690 bytes (83%). Free: 454
54 bytes (17%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 256K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
pm3 --> hf 14a reader
 UID : B1 80 23 AE
ATQA : 00 04
 SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
Answers to magic commands: NO
Prng detection: WEAK (darkside)
pm3 --> hf mf mifare
-------------------------------------------------------------------------
Executing darkside attack. Expected execution time: 25sec on average :-)
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
................................................................................
...............................................................
Button pressed. Aborted.


pm3 -->

Same card,same position. So weird.

Thanks for your quick response!

Offline

#22 2017-06-27 12:10:57

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved] "hf mf mifare" not working on latest build

Now you change firmware between test...  So lets start over,
I want to see the output from these commands,  when running the same firmware...

hf mf dbg 4
hf mf mifare
hf mf dbg 0
hf mf mifare

Offline

#23 2017-06-27 12:35:12

Threshold
Contributor
Registered: 2017-03-03
Posts: 27

Re: [solved] "hf mf mifare" not working on latest build

@iceman
Ok, follow your instructions, here we go:

D:\Windows\RFID\pm3\iceman-20170627\win32>proxmark3 COM3
Proxmark3 RFID instrument
bootrom: iceman/master/v1.1.0-2055-g4d189095 2017-06-27 13:59:19
os: iceman/master/v1.1.0-2055-g4d189095 2017-06-27 14:01:17
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at  9: 8: 8

uC: AT91SAM7S256 Rev A
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 216690 bytes (83%). Free: 454
54 bytes (17%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 256K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
pm3 --> hf 14a reader
 UID : 41 95 2C AE
ATQA : 00 04
 SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
Answers to magic commands: NO
Prng detection: WEAK (darkside)
pm3 --> hf mf dbg 4
#db# Debug level: 4
pm3 --> hf mf mifare
-------------------------------------------------------------------------
Executing darkside attack. Expected execution time: 25sec on average :-)
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.#db# ISO14443A Timeout set to 1060 (10ms)
#db# Mifare::Sync 2256
#db# calibrating in cycle 1. nt_distance=-1202, elapsed_prng_sequences=1, new sy
nc_cycles: 66738

#db# calibrating in cycle 2. nt_distance=-8, elapsed_prng_sequences=1, new sync_
cycles: 66746

#db# Lost sync in cycle 6. nt_distance=8. Consecutive Resyncs = 0. Trying one ti
me catch up...

#db# Lost sync in cycle 7. nt_distance=16. Consecutive Resyncs = 0. Trying one t
ime catch up...

#db# Lost sync in cycle 8. nt_distance=24. Consecutive Resyncs = 0. Trying one t
ime catch up...

#db# Lost sync in cycle 9. nt_distance=40. Consecutive Resyncs = 0. Trying one t
ime catch up...

#db# Lost sync in cycle 10. nt_distance=80. Consecutive Resyncs = 0. Trying one
time catch up...

#db# Lost sync in cycle 11. nt_distance=152. Consecutive Resyncs = 0. Trying one
 time catch up...

#db# Lost sync in cycle 12. nt_distance=296. Consecutive Resyncs = 0. Trying one
 time catch up...

#db# Lost sync in cycle 13. nt_distance=592. Consecutive Resyncs = 0. Trying one
 time catch up...

#db# Lost sync in cycle 14. nt_distance=1184. Consecutive Resyncs = 0. Trying on
e time catch up...

#db# Lost sync in cycle 15. nt_distance=2360. Consecutive Resyncs = 0. Trying on
e time catch up...

.........#db# Lost sync in cycle 174. nt_distance=4096. Consecutive Resyncs = 0.
 Trying one time catch up...

................................................#db# Lost sync in cycle 1096. nt
_distance=4096. Consecutive Resyncs = 1. Trying one time catch up...

................................................#db# Lost sync in cycle 2010. nt
_distance=4096. Consecutive Resyncs = 2. Trying one time catch up...

.................................................#db# Lost sync in cycle 2937 fo
r the fourth time consecutively (nt_distance = 4096). Adjusting sync_cycles to 7
0842.

.#db# Lost sync in cycle 2952. nt_distance=63. Consecutive Resyncs = 0. Trying o
ne time catch up...

#db# Lost sync in cycle 2953. nt_distance=4088. Consecutive Resyncs = 0. Trying
one time catch up...

#db# Lost sync in cycle 2967. nt_distance=71. Consecutive Resyncs = 0. Trying on
e time catch up...

#db# Lost sync in cycle 2968. nt_distance=4088. Consecutive Resyncs = 0. Trying
one time catch up...

.#db# Lost sync in cycle 2982. nt_distance=71. Consecutive Resyncs = 0. Trying o
ne time catch up...

#db# Lost sync in cycle 2983. nt_distance=4088. Consecutive Resyncs = 0. Trying
one time catch up...

.#db# Lost sync in cycle 2997. nt_distance=79. Consecutive Resyncs = 0. Trying o
ne time catch up...

#db# Lost sync in cycle 2998. nt_distance=4088. Consecutive Resyncs = 0. Trying
one time catch up...

.#db# Lost sync in cycle 3012. nt_distance=71. Consecutive Resyncs = 0. Trying o
ne time catch up...

#db# Lost sync in cycle 3013. nt_distance=4088. Consecutive Resyncs = 0. Trying
one time catch up...

.#db# Lost sync in cycle 3027. nt_distance=55. Consecutive Resyncs = 0. Trying o
ne time catch up...

#db# Lost sync in cycle 3028. nt_distance=4088. Consecutive Resyncs = 0. Trying
one time catch up...

.#db# Lost sync in cycle 3042. nt_distance=39. Consecutive Resyncs = 0. Trying o
ne time catch up...

#db# Lost sync in cycle 3043. nt_distance=4088. Consecutive Resyncs = 0. Trying
one time catch up...

#db# Lost sync in cycle 3057. nt_distance=79. Consecutive Resyncs = 0. Trying on
e time catch up...

#db# Lost sync in cycle 3058. nt_distance=4096. .Consecutive Resyncs = 0. Trying
 one time catch up...

#db# Lost sync in cycle 3072. nt_distance=7. Consecutive Resyncs = 0. Trying one
 time catch up...

#db# Lost sync in cycle 3073. nt_distance=4096. Consecutive Resyncs = 0. Trying
one time catch up...

.#db# Lost sync in cycle 3087. nt_distance=103. Consecutive Resyncs = 0. Trying
one time catch up...

#db# Lost sync in cycle 3088. nt_distance=4088. Consecutive Resyncs = 0. Trying
one time catch up...

.#db# Lost sync in cycle 3102. nt_distance=15. Consecutive Resyncs = 0. Trying o
ne time catch up...

#db# Lost sync in cycle 3103. nt_distance=4096. Consecutive Resyncs = 0. Trying
one time catch up...

.#db# Lost sync in cycle 3117. nt_distance=55. Consecutive Resyncs = 0. Trying o
ne time catch up...

#db# Lost sync in cycle 3118. nt_distance=4096. Consecutive Resyncs = 0. Trying
one time catch up...

.#db# Lost sync in cycle 3132. nt_distance=47. Consecutive Resyncs = 0. Trying o
ne time catch up...

#db# Lost sync in cycle 3133. nt_distance=4088. Consecutive Resyncs = 0. Trying
one time catch up...

#db# Lost sync in cycle 3147. nt_distance=71. Consecutive Resyncs = 0. Trying on
e time catch up...

.#db# Lost sync in cycle 3148. nt_distance=4096. Consecutive Resyncs = 0. Trying
 one time catch up...

#db# Lost sync in cycle 3162. nt_distance=71. Consecutive Resyncs = 0. Trying on
e time catch up...

#db# Lost sync in cycle 3163. nt_distance=4096. Consecutive Resyncs = 0. Trying
one time catch up...

.#db# Lost sync in cycle 3177. nt_distance=55. Consecutive Resyncs = 0. Trying o
ne time catch up...

#db# Lost sync in cycle 3178. nt_distance=4096. Consecutive Resyncs = 0. Trying
one time catch up...

.#db# Lost sync in cycle 3192. nt_distance=39. Consecutive Resyncs = 0. Trying o
ne time catch up...

#db# Lost sync in cycle 3193. nt_distance=4096. Consecutive Resyncs = 0. Trying
one time catch up...

.#db# Lost sync in cycle 3207. nt_distance=31. Consecutive Resyncs = 0. Trying o
ne time catch up...

#db# Lost sync in cycle 3208. nt_distance=4096. Consecutive Resyncs = 0. Trying
one time catch up...

.#db# Lost sync in cycle 3222. nt_distance=15. Consecutive Resyncs = 0. Trying o
ne time catch up...

#db# Lost sync in cycle 3223. nt_distance=4096. Consecutive Resyncs = 0. Trying
one time catch up...

#db# Lost sync in cycle 3236. nt_distance=4095. Consecutive Resyncs = 0. Trying
one time catch up...

#db# Lost sync in cycle 3237. nt_distance=4096. .Consecutive Resyncs = 0. Trying
 one time catch up...

#db# Lost sync in cycle 3250. nt_distance=4095. Consecutive Resyncs = 0. Trying
one time catch up...

#db# Number of sent auth requestes: 3251

Button pressed. Aborted.


pm3 --> hf mf dbg 0
#db# Debug level: 0
pm3 --> hf mf mifare
-------------------------------------------------------------------------
Executing darkside attack. Expected execution time: 25sec on average :-)
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
................................................................................
............................................................................
Button pressed. Aborted.


pm3 -->

both of  "hf mf mifare" command,I wait for about 5 minutes to press the button to stop it.

Offline

#24 2017-06-27 12:37:52

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved] "hf mf mifare" not working on latest build

Nice,
it seem the attack can't syncronise properly with the prng. 
Now swap to PM3 Master / offical (recompile/flash fullimage/ run client/ run the commands)
and see what happens.

Also, which PM3 Device do you have?

Offline

#25 2017-06-27 13:07:39

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: [solved] "hf mf mifare" not working on latest build

Could be a clone mifare card made in China.  Some have different prng.

Offline

#26 2017-06-27 13:46:17

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: [solved] "hf mf mifare" not working on latest build

In this case it should abort at some time with a respective error message. Running forever isn't expected.

Offline

#27 2017-06-27 13:48:37

Threshold
Contributor
Registered: 2017-03-03
Posts: 27

Re: [solved] "hf mf mifare" not working on latest build

Well, I bought it from TaoBao last year.

D:\Windows\RFID\pm3\official-20170627\win32>proxmark3 COM5
Prox/RFID mark3 RFID instrument
bootrom: master/v2.2.0-528-g2a7861e-suspect 2017-06-27 06:13:03
os: master/v2.2.0-528-g2a7861e-suspect 2017-06-27 06:14:58
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/05/17 at 17:48:26

uC: AT91SAM7S256 Rev A
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 192561 bytes (73%). Free: 695
83 bytes (27%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 256K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> hf 14a reader
 UID : 41 95 2c ae
ATQA : 00 04
 SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
Answers to chinese magic backdoor commands: NO
proxmark3> hf mf dbg 4
#db# Debug level: 4
proxmark3> hf mf mifare
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.#db# ISO14443A Timeout set to 1050 (9ms)
.#db# Mifare: Can't select card
#db# Lost sync in cycle 1. nt_distance=-3566. Consecutive Resyncs = 0. Trying on
e time catch up...

#db# Lost sync in cycle 2. nt_distance=-8. Consecutive Resyncs = 0. Trying one t
ime catch up...

#db# Lost sync in cycle 5. nt_distance=8. Consecutive Resyncs = 0. Trying one ti
me catch up...

#db# Lost sync in cycle 6. nt_distance=-8. Consecutive Resyncs = 0. Trying one t
ime catch up...

#db# Lost sync in cycle 7. nt_distance=-8. Consecutive Resyncs = 1. Trying one t
ime catch up...

#db# Lost sync in cycle 10. nt_distance=8. Consecutive Resyncs = 0. Trying one t
ime catch up...

#db# Lost sync in cycle 11. nt_distance=-8. Consecutive Resyncs = 0. Trying one
time catch up...

.#db# Lost sync in cycle 14. nt_distance=8. Consecutive Resyncs = 0. Trying one
time catch up...

#db# Lost sync in cycle 15. nt_distance=-8. Consecutive Resyncs = 0. Trying one
time catch up...

#db# Lost sync in cycle 16. nt_distance=-8. Consecutive Resyncs = 1. Trying one
time catch up...

.#db# Mifare: Can't select card
#db# Lost sync in cycle 1. nt_distance=-3186. Consecutive Resyncs = 0. Trying on
e time catch up...

#db# Lost sync in cycle 3. nt_distance=8. Consecutive Resyncs = 0. Trying one ti
me catch up...

#db# Lost sync in cycle 4. nt_distance=8. Consecutive Resyncs = 1. Trying one ti
me catch up...

#db# Lost sync in cycle 6. nt_distance=8. Consecutive Resyncs = 1. Trying one ti
me catch up...

#db# Lost sync in cycle 7. nt_distance=8. Consecutive Resyncs = 2. Trying one ti
me catch up...

#db# Lost sync in cycle 9. nt_distance=16. Consecutive Resyncs = 0. Trying one t
ime catch up...

#db# Lost sync in cycle 11. nt_distance=8. Consecutive Resyncs = 0. Trying one t
ime catch up...

.#db# Lost sync in cycle 13. nt_distance=8. Consecutive Resyncs = 1. Trying one
time catch up...

#db# Lost sync in cycle 14. nt_distance=8. Consecutive Resyncs = 2. Trying one t
ime catch up...

#db# Lost sync in cycle 16. nt_distance=8. Consecutive Resyncs = 1. Trying one t
ime catch up...

#db# Lost sync in cycle 18. nt_distance=8. Consecutive Resyncs = 1. Trying one t
ime catch up...

#db# Lost sync in cycle 19. nt_distance=8. Consecutive Resyncs = 2. Trying one t
ime catch up...

Found 48 possible keys. Trying to authenticate with each of them ...

Authentication failed. Trying again...
.#db# Mifare: Can't select card
.......#db# Lost sync in cycle 1. nt_distance=-29321. Consecutive Resyncs = 0. T
rying one time catch up...

#db# Lost sync in cycle 3. nt_distance=8. Consecutive Resyncs = 0. Trying one ti
me catch up...

#db# Lost sync in cycle 4. nt_distance=8. Consecutive Resyncs = 1. Trying one ti
me catch up...

#db# Lost sync in cycle 6. nt_distance=8. Consecutive Resyncs = 1. Trying one ti
me catch up...

.#db# Lost sync in cycle 8. nt_distance=16. Consecutive Resyncs = 0. Trying one
time catch up...

#db# Lost sync in cycle 10. nt_distance=16. Consecutive Resyncs = 1. Trying one
time catch up...

#db# Lost sync in cycle 11. nt_distance=8. Consecutive Resyncs = 0. Trying one t
ime catch up...

#db# Lost sync in cycle 13. nt_distance=8. Consecutive Resyncs = 1. Trying one t
ime catch up...

#db# Lost sync in cycle 15. nt_distance=16. Consecutive Resyncs = 0. Trying one
time catch up...

#db# Lost sync in cycle 16. nt_distance=8. Consecutive Resyncs = 0. Trying one t
ime catch up...

#db# Lost sync in cycle 18. nt_distance=8. Consecutive Resyncs = 1. Trying one t
ime catch up...

.#db# Mifare: Can't select card
#db# Lost sync in cycle 1. nt_distance=-3243. Consecutive Resyncs = 0. Trying on
e time catch up...

#db# Lost sync in cycle 3. nt_distance=8. Consecutive Resyncs = 0. Trying one ti
me catch up...

#db# Lost sync in cycle 4. nt_distance=8. Consecutive Resyncs = 1. Trying one ti
me catch up...

#db# Lost sync in cycle 6. nt_distance=16. Consecutive Resyncs = 0. Trying one t
ime catch up...

#db# Lost sync in cycle 8. nt_distance=16. Consecutive Resyncs = 1. Trying one t
ime catch up...

#db# Lost sync in cycle 10. nt_distance=16. Consecutive Resyncs = 1. Trying one
time catch up...

#db# Lost sync in cycle 11. nt_distance=8. Consecutive Resyncs = 0. Trying one t
ime catch up...

.#db# Lost sync in cycle 13. nt_distance=16. Consecutive Resyncs = 0. Trying one
 time catch up...

#db# Lost sync in cycle 15. nt_distance=16. Consecutive Resyncs = 1. Trying one
time catch up...

#db# Lost sync in cycle 16. nt_distance=8. Consecutive Resyncs = 0. Trying one t
ime catch up...

#db# Lost sync in cycle 18. nt_distance=16. Consecutive Resyncs = 0. Trying one
time catch up...

.#db# Mifare: Can't select card
#db# Lost sync in cycle 1. nt_distance=-3559. Consecutive Resyncs = 0. Trying on
e time catch up...

#db# Lost sync in cycle 2. nt_distance=-8. Consecutive Resyncs = 0. Trying one t
ime catch up...

#db# Lost sync in cycle 6. nt_distance=8. Consecutive Resyncs = 0. Trying one ti
me catch up...

#db# Lost sync in cycle 9. nt_distance=8. Consecutive Resyncs = 1. Trying one ti
me catch up...

#db# Lost sync in cycle 12. nt_distance=8. Consecutive Resyncs = 1. Trying one t
ime catch up...

..#db# Mifare: Can't select card
#db# Lost sync in cycle 1. nt_distance=-3126. Consecutive Resyncs = 0. Trying on
e time catch up...

#db# Lost sync in cycle 3. nt_distance=8. Consecutive Resyncs = 0. Trying one ti
me catch up...

#db# Lost sync in cycle 4. nt_distance=8. Consecutive Resyncs = 1. Trying one ti
me catch up...

#db# Lost sync in cycle 5. nt_distance=-8. Consecutive Resyncs = 0. Trying one t
ime catch up...

#db# Lost sync in cycle 6. nt_distance=-8. Consecutive Resyncs = 1. Trying one t
ime catch up...

#db# Lost sync in cycle 8. nt_distance=8. Consecutive Resyncs = 0. Trying one ti
me catch up...

#db# Lost sync in cycle 10. nt_distance=8. Consecutive Resyncs = 1. Trying one t
ime catch up...

#db# Lost sync in cycle 12. nt_distance=8. Consecutive Resyncs = 1. Trying one t
ime catch up...
    .
#db# Lost sync in cycle 13. nt_distance=8. Consecutive Resyncs = 2. Trying one t
ime catch up...

#db# Lost sync in cycle 15. nt_distance=8. Consecutive Resyncs = 1. Trying one t
ime catch up...

#db# Lost sync in cycle 16. nt_distance=8. Consecutive Resyncs = 2. Trying one t
ime catch up...

#db# Lost sync in cycle 18. nt_distance=16. Consecutive Resyncs = 0. Trying one
time catch up...

#db# Lost sync in cycle 19. nt_distance=8. Consecutive Resyncs = 0. Trying one t
ime catch up...

#db# Lost sync in cycle 21. nt_distance=16. Consecutive Resyncs = 0. Trying one
time catch up...

#db# Lost sync in cycle 22. nt_distance=8. Consecutive Resyncs = 0. Trying one t
ime catch up...

Found 23 possible keys. Trying to authenticate with each of them ...

Authentication failed. Trying again...
.#db# Mifare: Can't select card
.............#db# Lost sync in cycle 1. nt_distance=21583. Consecutive Resyncs =
 0. Trying one time catch up...

#db# Lost sync in cycle 2. nt_distance=624. Consecutive Resyncs = 0. Trying one
time catch up...

#db# Lost sync in cycle 3. nt_distance=624. Consecutive Resyncs = 1. Trying one
time catch up...

#db# Lost sync in cycle 4. nt_distance=8. Consecutive Resyncs = 0. Trying one ti
me catch up...

#db# Lost sync in cycle 6. nt_distance=16. Consecutive Resyncs = 0. Trying one t
ime catch up...

.#db# Lost sync in cycle 7. nt_distance=8. Consecutive Resyncs = 0. Trying one t
ime catch up...

#db# Lost sync in cycle 9. nt_distance=8. Consecutive Resyncs = 1. Trying one ti
me catch up...

#db# Lost sync in cycle 11. nt_distance=8. Consecutive Resyncs = 1. Trying one t
ime catch up...

#db# Lost sync in cycle 13. nt_distance=16. Consecutive Resyncs = 0. Trying one
time catch up...

#db# Lost sync in cycle 14. nt_distance=8. Consecutive Resyncs = 0. Trying one t
ime catch up...

#db# Lost sync in cycle 16. nt_distance=8. Consecutive Resyncs = 1. Trying one t
ime catch up...

#db# Lost sync in cycle 18. nt_distance=8. Consecutive Resyncs = 1. Trying one t
ime catch up...

.#db# Lost sync in cycle 20. nt_distance=16. Consecutive Resyncs = 0. Trying one
 time catch up...

#db# Lost sync in cycle 21. nt_distance=8. Consecutive Resyncs = 0. Trying one t
ime catch up...

Found 5 possible keys. Trying to authenticate with each of them ...

Authentication failed. Trying again...
................#db# Lost sync in cycle 0. nt_distance=-20001. Consecutive Resyn
cs = 0. Trying one time catch up...

#db# Lost sync in cycle 1. nt_distance=-8. Consecutive Resyncs = 0. Trying one t
ime catch up...

#db# Lost sync in cycle 2. nt_distance=-8. Consecutive Resyncs = 1. Trying one t
ime catch up...

#db# Lost sync in cycle 3. nt_distance=-8. Consecutive Resyncs = 2. Trying one t
ime catch up...

#db# Lost sync in cycle 4 for the fourth time consecutively (nt_distance = -8).
Adjusting sync_cycles to 66794.

#db# Lost sync in cycle 6. nt_distance=16. Consecutive Resyncs = 0. Trying one t
ime catch up...

#db# Lost sync in cycle 7. nt_distance=8. Consecutive Resyncs = 0. Trying .one t
ime catch up...

#db# Lost sync in cycle 8. nt_distance=8. Consecutive Resyncs = 1. Trying one ti
me catch up...

#db# Lost sync in cycle 10. nt_distance=8. Consecutive Resyncs = 1. Trying one t
ime catch up...

#db# Lost sync in cycle 12. nt_distance=8. Consecutive Resyncs = 1. Trying one t
ime catch up...

#db# Lost sync in cycle 13. nt_distance=8. Consecutive Resyncs = 2. Trying one t
ime catch up...

#db# Lost sync in cycle 14 for the fourth time consecutively (nt_distance = 8).
Adjusting sync_cycles to 66786.

#db# Lost sync in cycle 15. nt_distance=8. Consecutive Resyncs = 0. Trying one t
ime catch up...

#db# Lost sync in cycle 17. nt_distance=8. Consecutive Resyncs = 1. Trying one t
ime catch up...

#db# Lost sync in cycle 18. nt_distance=-8. Consecutive Resyncs = 0. Trying one
time catch up...

.Found 26 possible keys. Trying to authenticate with each of them ...

Authentication failed. Trying again...
.#db# Mifare: Can't select card
....................................

(hint: at this moment, I hear the proxmark click sound and it rebooted. )
D:\Windows\RFID\pm3\official-20170627\win32>proxmark3 COM5
Prox/RFID mark3 RFID instrument
bootrom: master/v2.2.0-528-g2a7861e-suspect 2017-06-27 06:13:03
os: master/v2.2.0-528-g2a7861e-suspect 2017-06-27 06:14:58
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/05/17 at 17:48:26

uC: AT91SAM7S256 Rev A
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 192561 bytes (73%). Free: 695
83 bytes (27%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 256K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> hf 14a reader
 UID : ea 82 30 f2
ATQA : 00 04
 SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
Answers to chinese magic backdoor commands: NO
proxmark3> hf mf dbg 0
#db# Debug level: 0
proxmark3> hf mf mifare
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.....Parity is all zero. Most likely this card sends NACK on every failed authen
tication.
Attack will take a few seconds longer because we need two consecutive successful
 runs.
..............................Found 35 possible keys. Trying to authenticate wit
h each of them ...

Authentication failed. Trying again...
...................................
(hint:device rebooted  at here)

The device was rebooted while i set debug level to 0 after runing "hf mf mifare" command about 1 minute .
Sometimes it will succeed get a valid key when i set debug level to 4, but in most time, it will cause device reboot after running "hf mf mifare" command about 1 or 2 minutes.
(only official build will cause proxmark device reboot while using "hf mf mifare" command, iceman build won't)

Last edited by Threshold (2017-06-27 14:50:02)

Offline

#28 2017-06-27 13:52:35

Threshold
Contributor
Registered: 2017-03-03
Posts: 27

Re: [solved] "hf mf mifare" not working on latest build

marshmellow wrote:

Could be a clone mifare card made in China.  Some have different prng.

yep, you are right! this  card is made in China!
proxmark will  rebooted while running "hf mf mifare" command  about 1 minutes.(only in official build, iceman build won't cause device reboot, and iceman build can't get valid key either by this attack command)
But the old firmware "pm3-bin-2.5.0" is good to attack and won't cause proxmark reboot.

Last edited by Threshold (2017-06-27 14:44:32)

Offline

#29 2017-06-27 15:21:57

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved] "hf mf mifare" not working on latest build

it gets stuck in the all zero parity attack  This could be a bug  with v3.0.0 release since that part was refactored.

Offline

#30 2017-06-27 15:33:38

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved] "hf mf mifare" not working on latest build

PM3 v3.0.1, running darkside attack against clone tag.

proxmark3> hw ver
[[[ Cached information ]]]

Prox/RFID mark3 RFID instrument
bootrom: master/v2.2.0-526-g893d0fc-dirty-suspect 2017-06-26 06:33:54
os: master/v2.2.0-528-g2a7861e-dirty-suspect 2017-06-27 13:54:19
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/05/17 at 17:48:26

uC: AT91SAM7S256 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 192561 bytes (73%). Free: 69583 bytes (27%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory

proxmark3> hf mf mif
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
...Card is not vulnerable to Darkside attack (its random number generator seems to be based on the wellknown
generating polynomial with 16 effective bits only, but shows unexpected behaviour.

[edit]
Running against four different magic cards.

  • 2 stalls device,  "clickdeath"

  • 1 show messge "card is not vuln to darkside attack (doesn't send NACK)..."

  • 1 show message "card is not vuln to darkside attack (its random generator seems to be based on the wellknown..."

Offline

#31 2017-06-27 15:55:57

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved] "hf mf mifare" not working on latest build

icemanf fork v1.7.1, running darkside attack against clone tag and four different magic cards.

Difference is no stall / "clickdeath"

  • 3 show messge "card is not vuln to darkside attack (doesn't send NACK)..."

  • 2 show message "card is not vuln to darkside attack (its random generator seems to be based on the wellknown..."

os: iceman/master/v1.7.1-3-g4d189095-dirty-unclean 2017-06-27 16:18:52
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at  9: 8: 8

pm3 --> hf mf mif
-------------------------------------------------------------------------
Executing darkside attack. Expected execution time: 25sec on average :-)
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.
Card isn't vulnerable to Darkside attack (its random number generator is not predictable).

pm3 --> hf mf mif
-------------------------------------------------------------------------
Executing darkside attack. Expected execution time: 25sec on average :-)
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.
Card isn't vulnerable to Darkside attack (its random number generator is not predictable).

pm3 --> hf mf mif
-------------------------------------------------------------------------
Executing darkside attack. Expected execution time: 25sec on average :-)
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.........
Card isn't vulnerable to Darkside attack (doesn't send NACK on authentication requests).

pm3 --> hf mf mif
-------------------------------------------------------------------------
Executing darkside attack. Expected execution time: 25sec on average :-)
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.........
Card isn't vulnerable to Darkside attack (doesn't send NACK on authentication requests).

pm3 --> hf mf mif
-------------------------------------------------------------------------
Executing darkside attack. Expected execution time: 25sec on average :-)
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.........
Card isn't vulnerable to Darkside attack (doesn't send NACK on authentication requests).

Offline

#32 2017-06-27 21:04:29

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: [solved] "hf mf mifare" not working on latest build

Quite mysterious. Look what I get with latest master:

  • Fudan clone:

    proxmark3> hw ver
    [[[ Cached information ]]]
    
    Prox/RFID mark3 RFID instrument
    bootrom: master/v3.0.1-22-g2a7861e-suspect 2017-06-27 19:35:06
    os: master/v3.0.1-22-g2a7861e-suspect 2017-06-27 19:03:21
    LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
    HF FPGA image built for 2s30vq100 on 2017/05/17 at 17:48:26
    
    uC: AT91SAM7S256 Rev B
    Embedded Processor: ARM7TDMI
    Nonvolatile Program Memory Size: 256K bytes. Used: 193020 bytes (74%). Free: 69124 bytes (26%).
    Second Nonvolatile Program Memory Size: None
    Internal SRAM Size: 64K bytes
    Architecture Identifier: AT91SAM7Sxx Series
    Nonvolatile Program Memory Type: Embedded Flash Memory
    
    proxmark3> hf mf dbg 0
    #db# Debug level: 0
    proxmark3> hf mf mif
    -------------------------------------------------------------------------
    Executing command. Expected execution time: 25sec on average
    Press button on the proxmark3 device to abort both proxmark3 and client.
    -------------------------------------------------------------------------
    ..Parity is all zero. Most likely this card sends NACK on every failed authentication.
    Attack will take a few seconds longer because we need two consecutive successful runs.
    ....Found 2 possible keys. Trying to authenticate with each of them ...
    
    Found valid key:ffffffffffff
    
    
    proxmark3>
  • Gen2 Magic Card:

    proxmark3> hf mf mif
    -------------------------------------------------------------------------
    Executing command. Expected execution time: 25sec on average
    Press button on the proxmark3 device to abort both proxmark3 and client.
    -------------------------------------------------------------------------
    ....Card is not vulnerable to Darkside attack (its random number generator seems to be based on the wellknown
    generating polynomial with 16 effective bits only, but shows unexpected behaviour.
    proxmark3>

    Note: hardnested works with this card if you add the "slow" option

  • Standard Classic:

    proxmark3> hf mf mif
    -------------------------------------------------------------------------
    Executing command. Expected execution time: 25sec on average
    Press button on the proxmark3 device to abort both proxmark3 and client.
    -------------------------------------------------------------------------
    ............Key not found (lfsr_common_prefix list is null). Nt=6317ecf0
    This is expected to happen in 25% of all cases. Trying again with a different reader nonce...
    ............Key not found (lfsr_common_prefix list is null). Nt=6317ecf0
    This is expected to happen in 25% of all cases. Trying again with a different reader nonce...
    ......................Found a possible key. Trying to authenticate...
    
    Found valid key:ffffffffffff
    
    
    proxmark3>

A little bit unlucky in the last case but otherwise as expected. What's going on here?

Offline

#33 2017-06-27 21:06:47

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved] "hf mf mifare" not working on latest build

@piwi,  do you have some different magic gen1 tags to try on too?

Offline

#34 2017-06-27 21:15:54

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: [solved] "hf mf mifare" not working on latest build

Do you mean "different Gen 2" or do you mean "Gen 1"?

Offline

#35 2017-06-27 21:50:40

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved] "hf mf mifare" not working on latest build

I meant "different gen 1"

Offline

#36 2017-06-28 07:08:08

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: [solved] "hf mf mifare" not working on latest build

  • Gen1 Magic Card:

    proxmark3> hf mf mif
    -------------------------------------------------------------------------
    Executing command. Expected execution time: 25sec on average
    Press button on the proxmark3 device to abort both proxmark3 and client.
    -------------------------------------------------------------------------
    ...................Card is not vulnerable to Darkside attack (doesn't send NACK on authentication requests).
    proxmark3>

Again, nothing unexpected.

BTW: why do we concentrate on Magic Cards now? The initial post didn't mention magic cards.

Offline

#37 2017-06-28 07:53:36

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved] "hf mf mifare" not working on latest build

I'm not focusing on them,  I'm just testing to which cards works and which that don't.  To be able to exlude possibilities.

Other then being bought on Taobao we know little of @OP's tag,  besides that darkside doesn't work on v3.0.1 and the old asper bin-distro v2.5.0 does.

How shall we proceed @piwi?

Offline

#38 2017-06-28 08:21:50

Threshold
Contributor
Registered: 2017-03-03
Posts: 27

Re: [solved] "hf mf mifare" not working on latest build

@iceman's point is right.
The card in this thread is my door card(Not magic card, just normal mifare card. @marshmellow was right, it made in China.).
It encrypt all sectors without well-known keys.(which i can't use nested attack)
I can use "pm3-bin-2.5.0" firmware to crack("hf mf mifare" command) one valid key for nested attack.
I just don't know why the latest firmware don't work, and i don't want to stay on old firmware, so it is why i post this thread here.
I wish I could help more.
Thanks for everyone in this thread. smile you gus are the best!

Offline

#39 2017-06-30 10:44:17

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: [solved] "hf mf mifare" not working on latest build

iceman wrote:

--Sidenote
...hold on, I've mentioned this a couple of times.  The release tag doesn't set the version data per se.   We need annotade tag,
https://git-scm.com/book/en/v2/Git-Basics-Tagging

-f force,  -a  annotaded, 
git tag -f -a v3.0.1 
git push origin v3.0.1 

@iceman
Sorry to hijack this thread for one clarify question only. Is the above information you give for us users or the admins who release codes, iceman?


iceman wrote:

This is my device with latest source from GitHub. Since I didn't download a specific tag or release the git info is

Prox/RFID mark3 RFID instrument          
bootrom: master/v2.2.0-526-g893d0fc-dirty-suspect 2017-06-26 06:33:54
os: master/v2.2.0-526-g893d0fc-dirty-suspect 2017-06-26 06:33:54
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/05/17 at 17:48:26

I use the main repo V3.0.1, but I have different version print out , you have on 27/06 the label master/v2.2.0-526-g893d0fc.

Here is mine version printout follow the instruction thanks to Mollusc to checkout the V3.0.1
git clone https://github.com/Proxmark/proxmark3.git
cd proxmark3
git checkout v3.0.1

Prox/RFID mark3 RFID instrument
bootrom: HEAD/v2.2.0-506-g8040afa-dirty-suspect 2017-06-30 07:28:51
os: HEAD/v2.2.0-506-g8040afa-dirty-suspect 2017-06-30 07:28:59
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/05/17 at 17:48:26

it is different than yours one! Is it normal with these different label order?


and again it is different than Piwi's one

Prox/RFID mark3 RFID instrument
bootrom: master/v3.0.1-22-g2a7861e-suspect 2017-06-27 19:35:06
os: master/v3.0.1-22-g2a7861e-suspect 2017-06-27 19:03:21
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/05/17 at 17:48:26

are all our sw the same main V3.0.1? What would be the correct git procedure to get same v3.0.1 version like piwi has?

Last edited by ntk (2017-06-30 13:19:34)

Offline

#40 2017-06-30 16:50:53

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: [solved] "hf mf mifare" not working on latest build

@iceman
Sorry to hijack this thread for one clarify question only. Is the above information you give for us users or the admins who release codes, iceman?

This was for the admins. Done.

What would be the correct git procedure to get same v3.0.1 version like piwi has?

Pull from github. Don't checkout a specific version. Compile and flash.

Offline

#41 2017-06-30 18:14:26

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved] "hf mf mifare" not working on latest build

I see the annoted tags has been added smile  I suspect we have @piwi to thank.
I've not tested since they were created to pm3 master.  However it should say "v3.0.1"  now when I pull/compile/flash. 
This should reduce a lot of confusion about those firmware-version outputs.

Offline

#42 2017-06-30 20:48:25

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: [solved] "hf mf mifare" not working on latest build

thank you.

I have done just pull by using the command:
git clone https://github.com/Proxmark/proxmark3.git
then in  proxmark3 I compile and flash

Now I have

bootrom: master/v3.0.1-26-g82e8eee-suspect 2017-06-30 19:05:49
os: master/v3.0.1-26-g82e8eee-suspect 2017-06-30 19:06:00
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/05/17 at 17:48:26

But piwi has master/v3.0.1-22-g2a7861e! So mine V3.0.1 is similar to piwi's v3.0.1 or is it still not?

Offline

#43 2017-06-30 21:46:56

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: [solved] "hf mf mifare" not working on latest build

Developers are quite active these days.

v3.0.1-22 has 22 new commits since v3.0.1
v3.0.1-26 has 26 new commits since v3.0.1

Offline

#44 2017-07-01 09:05:29

Threshold
Contributor
Registered: 2017-03-03
Posts: 27

Re: [solved] "hf mf mifare" not working on latest build

Recently, I found that most TaoBao Proxmark device sellers sell theirs device with asper 2.0.0 firmware(also include with a GUI software).
I chat with some sellers, I asked why they stay on so old firmware, they told me that 2.0.0 is one of the most stable firmwares and the GUI software is based on this firmware.
I test this firmware with my mifare card, just like asper 2.5.0 version, it can crack a valid key by using "hf mf mifare" command.
If you interested with this firmware, here is asper's 2.0.0 firmware which include "Proxmark_easy_GUI" software.
("Proxmark_easy_GUI" is a GUI tool to help people which not familiar with command line.This software is come from Taobao seller. This software is based on asper's 2.0.0 firmware. BYW, this software only have Chinese lang.)
https://drive.google.com/open?id=0BzqO2 … XB6WGM1TWc

Offline

#45 2017-07-01 12:04:29

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: [solved] "hf mf mifare" not working on latest build

.threshold, thanks for the Proxmark_easy_GUI from the tao bao seller. I would like to have a look into it long time ago. you are an engel.

Offline

#46 2017-07-01 13:33:56

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: [solved] "hf mf mifare" not working on latest build

@threshold
regarding the statement of "pm2.0.0 is one of the most stable firmwares" I would hold back a little because it is not fair towards many contributors who have put their effort in the Proxmark3 development over the years in to the product of today.

how can I explain. Like a baby there is a saying "baby in sleep looks the most like an angel. only grown-ups are devils" some past elementary school stage still are like angel, problem is babies can not pay bill pay rent pay tax, they need to develop into a useful member of society, so babies need to be changed: they learn, they develop, they change, some are no angel any more, some could turn unstable, and some  still have to continue to learn even past 40.... some could turn nasty ... but they have to develop... that is the only way on this earth the way of evolution

Same as SW pm2.0.0 it has passed its infantile stage but still have not all the developments to work with different card/tag types different solution PM3 has now-a-days ... like human it could turn unstable in some area, we hope our competent developers continue to find way, to develop to correct and make it more stronger. We on users side will discover weaknesses and they will be checked be looked into develop ironed out and PM3 will be better at the end

but like babies PM3 needs to grown up.... it can not stay cute like an angel.

Last edited by ntk (2017-07-01 13:35:00)

Offline

#47 2017-07-01 14:40:02

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: [solved] "hf mf mifare" not working on latest build

Or in a few words: if you like, you can stick with a more than 2 years old firmware. Or, if you want to use the latest features but you are unsatisfied with the stability of the latest releases, then report the issues here or on github.

Offline

#48 2017-07-01 14:55:28

Threshold
Contributor
Registered: 2017-03-03
Posts: 27

Re: [solved] "hf mf mifare" not working on latest build

@ntk
Well, maybe you misunderstanding me.That statement not by me,and the most reason they stay on that old firmware is that GUI is based on that.
I respect you guys and what your effort sincerely.

Offline

#49 2017-07-01 15:05:58

Threshold
Contributor
Registered: 2017-03-03
Posts: 27

Re: [solved] "hf mf mifare" not working on latest build

BTW, the only reason of me post a 2.0.0 firmware here is for someone who would like to test it or interested it.
No other reasons.
Just like what i said before, I respect you guys and what your effort. Thanks.

Last edited by Threshold (2017-07-01 15:08:08)

Offline

#50 2017-07-01 15:11:05

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: [solved] "hf mf mifare" not working on latest build

smile. No one took offense.  Thanks threshold, thanks for sharing the software as well.

Offline

Board footer

Powered by FluxBB