Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2017-07-14 19:15:36

dontlook
Contributor
Registered: 2017-01-28
Posts: 57

[solved]Trouble with mf_default_keys.lua additions

First-time poster, please let me know if this is in the wrong sub forum.

I went to add 47 keys to the mf_default_keys.lua for use with some cards I have.  A couple things are currently perplexing me:
It says it loaded 113 keys total, but then alternates between testing 85 and 48 keys.

proxmark3> script run mfkeys
--- Executing: mfkeys.lua, args ''
This script implements check keys. It utilises a large list of default keys (currently 133 keys).
If you want to add more, just put them inside mf_default_keys.lua. 
Found a NXP MIFARE CLASSIC 1k | Plus 2k tag
Testing block 3, keytype 0, with 85 keys
Testing block 3, keytype 0, with 48 keys
Testing block 3, keytype 1, with 85 keys
Testing block 3, keytype 1, with 48 keys

I was using
hf mf chk * ? keys.dic   #my custom keys files with the same additional keys
and it matches up all the keys to sectors correctly.

Currently with all the keys mfkeys.lua comes up empty handed, even though I'm using a card I know I just added the correct keys for.

I found if I remove most of the stock keys(not all) from mf_default_keys.lua and leave my additions then mfkeys.lua finds the appropriate keys.  I would, however, like to be able to maintain one list/file of keys.

Any thoughts or suggestions?   I'm not terribly familiar with LUA, so I could be missing some linguistic limitations here, but I'm also perplexed by the changing number of keys tested.

Thanks in advance for any help.

Last edited by dontlook (2017-07-24 14:48:00)

Offline

#2 2017-07-14 19:30:08

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved]Trouble with mf_default_keys.lua additions

1)   85 + 48 = ?

why 85?..  well, there is a limit in the usb package to 512b,  giving us 512 / 6 = 85.3333 (mifare keys are 6bytes) to send in each package.
this is the same for hf mf chk it may not have the same output to the user...

What do your custom default_keys.lua file look like?

Offline

#3 2017-07-16 05:36:20

dontlook
Contributor
Registered: 2017-01-28
Posts: 57

Re: [solved]Trouble with mf_default_keys.lua additions

Hmmm good to know about USB.  That makes a lot sense then.  Thank you!

Below is the beginning and end of where I put in the custom keys.    I pasted the entire file here: https://p.dousse.eu/?d2f972320fb93b9d#Q … StcNU1VNU=



	 --]]
	 'f4a9ef2afc6d',
	 
	 --[[	 
	 --]]
	 'a9f953def0a3',

    --[[
    --]]
    '3363236f9f3f',
    '9ff39f322f2f',
    '3f39993f9993',
    'f9f9f9669ff9',
    '39333399fff3',
    '93993339fff3',
    '9fff3999939f',
    'f2f3ff3f3ff9',
    '369f3663fff2',
    '3f299ff93296',
    '93f3f9ff396f',
    'f936ff3339f3',
    '2f2f93ff232f',
    'f936ff3339f3',
    'f33f99939f39',


}

---
--    The keys above have just been pasted in, for completeness sake. They contain duplicates. 
--    We need to weed the duplicates out before we expose the list to someone who actually wants to use them
--    @param list a list to do 'uniq' on

local function uniq(list)
    
    local foobar = {}
    --print("list length ", #list)
    for _, value in pairs(list) do
        value = value:lower()
        if not foobar[value] then
            foobar[value] = true
            table.insert(foobar, value);
        end
    end
    --print("final list length ", #foobar)
    return foobar
end

return uniq(_keys)

Offline

#4 2017-07-16 08:36:02

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved]Trouble with mf_default_keys.lua additions

the file looks ok.
lets start with the basic questions.
which firmware/client are you running ?   if not on the latest source from Github -> update and try your tests again.
Output from when you run the hf mf chk vs script run mfkeys  ?

Offline

#5 2017-07-17 00:01:29

dontlook
Contributor
Registered: 2017-01-28
Posts: 57

Re: [solved]Trouble with mf_default_keys.lua additions

client and firmware info

Prox/RFID mark3 RFID instrument          
bootrom: master/v2.2.0-264-gd1057e7-dirty-suspect 2016-11-03 06:42:08
os: master/v2.2.0-514-g58c00ce-suspect 2017-06-20 19:20:57
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/05/17 at 17:48:26
          
uC: AT91SAM7S512 Rev B          
Embedded Processor: ARM7TDMI          
Nonvolatile Program Memory Size: 512K bytes. Used: 192390 bytes (37%). Free: 331898 bytes (63%).          
Second Nonvolatile Program Memory Size: None          
Internal SRAM Size: 64K bytes          
Architecture Identifier: AT91SAM7Sxx Series          
Nonvolatile Program Memory Type: Embedded Flash Memory

test@test-VirtualBox:~/newProxmark/proxmark3$ git show
commit 53814fe4f236f9c9b71a0b9312b12c6bf588ea13
Merge: 067bfc8 03a4837
Author: Iceman <iceman@iuse.se>
Date:   Thu Jul 6 09:25:03 2017 +0200

hf mf chk

proxmark3> hf mf chk * ? t ../../../keys.dic
......
proxmark3> hf mf ekeyprn
|---|----------------|----------------|          
|sec|key A           |key B           |          
|---|----------------|----------------|          
|000|  3363236f9f3f  |  f9f9f9669ff9  |          
|001|  9ff39f322f2f  |  f662239f3f99  |          
|002|  9ff39f322f2f  |  f662239f3f99  |          
|003|  9ff39f322f2f  |  f662239f3f99  |          
|004|  9ff39f322f2f  |  f662239f3f99  |          
|005|  9ff39f322f2f  |  f66223ff9f99  |          
|006|  9ff39f322f2f  |  f66223ff9f99  |          
|007|  9ff39f322f2f  |  f66223ff9f99  |          
|008|  3f39993f9993  |  62393f9f293f  |          
|009|  f239f39ff39f  |  9ff292f36293  |          
|010|  fff3ff93f623  |  92ff3ff93999  |          
|011|  f39f3f3fff39  |  396ff99f2933  |          
|012|  333ff3ff9f6f  |  932f9ff333ff  |          
|013|  9f9f3f999f9f  |  ff9f3f9ff2f3  |          
|014|  f99323ff2fff  |  62fff32f6f93  |          
|015|  2939f333ff29  |  2ff3f99f3f3f  |          
|---|----------------|----------------|         

script run mfkeys

proxmark3> script run mfkeys
--- Executing: mfkeys.lua, args ''
This script implements check keys. It utilises a large list of default keys (currently 133 keys).
If you want to add more, just put them inside mf_default_keys.lua. 
Found a NXP MIFARE CLASSIC 1k | Plus 2k tag
Testing block 3, keytype 0, with 85 keys
Testing block 3, keytype 0, with 48 keys
Testing block 3, keytype 1, with 85 keys
Testing block 3, keytype 1, with 48 keys
Testing block 7, keytype 0, with 85 keys
Testing block 7, keytype 0, with 48 keys
.....

Testing block 63, keytype 1, with 85 keys
Testing block 63, keytype 1, with 48 keys
________________________________________
|Sector|Block|     A      |      B     |
|--------------------------------------|
|   1  |   3 |||
|   2  |   7 |||
|   3  |  11 |||
|   4  |  15 |||
|   5  |  19 |||
|   6  |  23 |||
|   7  |  27 |||
|   8  |  31 |||
|   9  |  35 |||
|  10  |  39 |||
|  11  |  43 |||
|  12  |  47 |||
|  13  |  51 |||
|  14  |  55 |||
|  15  |  59 |||
|  16  |  63 |||
|--------------------------------------|
Do you wish to save the keys to dumpfile? [y]/[n] ?

Offline

#6 2017-07-17 01:39:33

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved]Trouble with mf_default_keys.lua additions

why are you transfering the keys to the device?  and read it out with ekeyprn?

hf mf chk *1 ? d ../../../keys.dic

whats the output from this?

Offline

#7 2017-07-17 02:07:05

dontlook
Contributor
Registered: 2017-01-28
Posts: 57

Re: [solved]Trouble with mf_default_keys.lua additions

It was the easier way I figured to display the keys nicely at the end, so I could review them(especially without leaving the Proxmark client).

I can't plug it back in but will in a couple hours.  If I just want to see the keys, and more importantly, what if any keys were not found what is better to do?

Offline

#8 2017-07-17 08:47:34

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved]Trouble with mf_default_keys.lua additions

the thing is your output doesn't show the success of running checkkeys command.   The data printed could be any junk laying around in that part of the device memory.
I belive the lua script tells you the truth,  that the keys are not found.  Since the output is empty.

If you run these two cmds and post their outputs here we will know more of your card.

hf 14a read
hf mf mifare

Offline

#9 2017-07-17 16:37:23

dontlook
Contributor
Registered: 2017-01-28
Posts: 57

Re: [solved]Trouble with mf_default_keys.lua additions

I'll run that as well.  I'm sanitizing the keys with the same regex's because I'm not ready to share them(soon though).

The card is vulnerable to the darkside attack.  If I dump them to a file instead of transferring them, the dump of the actual card works fine.  As I can read the sectors/get back successful reads and clone the card.

If I go in to the mf_default_keys.lua script and remove most of the pre-included keys(leaving my additions) from the file the mfkeys script finds matches.  It seems that it doesn't find them when I add them and leave the existing keys in my testing.



I'll have to mock up a card to continue this with different keys, because I'm not comfortable that all this text replacement isn't going to muck with the troubleshooting and I appreciate your time and energy.

Offline

#10 2017-07-17 19:27:24

dontlook
Contributor
Registered: 2017-01-28
Posts: 57

Re: [solved]Trouble with mf_default_keys.lua additions

Further update, if I move my custom added keys from the bottom of the file where are in the paste to just below the first set of keys in the default file, it works and matches all the keys to the correct blocks/sectors. 

Additionally if I leave them where they are and comment out most of the other keys in the file it works.

I'll still work on that dummy card.

Offline

#11 2017-07-17 19:46:11

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved]Trouble with mf_default_keys.lua additions

No need to worry,  I think I found the bug in the script.
Only the first set of 85keys are tested..  So if you put your keys within that limit, you will see it works.
outside of that, and you will see the script fails finding your keys...

Offline

#12 2017-07-17 23:33:23

dontlook
Contributor
Registered: 2017-01-28
Posts: 57

Re: [solved]Trouble with mf_default_keys.lua additions

\o/  Awesome!  Thanks for looking.

Offline

#13 2017-07-22 13:43:40

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [solved]Trouble with mf_default_keys.lua additions

This commit should sort things out for this script.  Do please test it and report back. 
https://github.com/iceman1001/proxmark3 … d00150fa19

If ok, you can edit your first post and add the prefix "solved" to the subject

Offline

#14 2017-07-24 15:05:51

dontlook
Contributor
Registered: 2017-01-28
Posts: 57

Re: [solved]Trouble with mf_default_keys.lua additions

It works like a charm.  Thanks, Iceman.

Offline

#15 2018-03-07 18:17:09

Charlie
Contributor
Registered: 2017-01-27
Posts: 129

Re: [solved]Trouble with mf_default_keys.lua additions

I'm running the Official build not Iceman's and I am running into this same issue. Will this fix be implemented into the official build?

Offline

#16 2018-03-08 01:58:43

dontlook
Contributor
Registered: 2017-01-28
Posts: 57

Re: [solved]Trouble with mf_default_keys.lua additions

In the meantime add your custom keys to the top of the list instead of the bottom and you should be all set.

Offline

#17 2018-03-08 05:11:55

Charlie
Contributor
Registered: 2017-01-27
Posts: 129

Re: [solved]Trouble with mf_default_keys.lua additions

dontlook wrote:

In the meantime add your custom keys to the top of the list instead of the bottom and you should be all set.

Yeah, thanks i've been doing that. I might just pull the two files and put them into my master build as a partial fix.

Offline

Board footer

Powered by FluxBB