Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
I have the follow trace from snoop:
3832108 | 3842636 | Rdr | 93 70 86 62 85 b1 d0 a9 08 | ok | SELECT_UID
3843824 | 3847344 | Tag | 08 b6 dd | |
3853100 | 3857868 | Rdr | 60 03 6e 49 | ok | AUTH-A(3)
3859824 | 3864560 | Tag | b8 30 04 9b | |
3866924 | 3876236 | Rdr | 8d 36 9b! 4d 92 48! 31! 4a! | !crc| ?
3877488 | 3882160 | Tag | 92 80 e2! 03 | |
3885228 | 3889932 | Rdr | 41 e5 86 f9 | !crc|
3891312 | 3912112 | Tag |30! 83! 3a 9e! 9c! 01! 06 19 bb! 9a 1f! 7e! 79! d8 d8 0e! | |
| | |7e! 5c | !crc|
3918380 | 3923084 | Rdr | a6 7f! f4 79! | !crc| ?
3925104 | 3929776 | Tag |35! 08! ca 2f! | |
3932204 | 3941580 | Rdr | 49 a8 bb! 52 cd! 19! 95! b9 | !crc| ?
3942768 | 3947504 | Tag |30! c8 96 12! | |
3951020 | 3955724 | Rdr | 2b 0e b3 8e | !crc| ?
3957104 | 3977968 | Tag | 89 5a f8! 68! b8! f6! fb ea! 8d! 9a! 68! 51 e0! e1! 2f a4! | |
| | |80! 6e | !crc|
3981740 | 3986508 | Rdr |3e! 5d! 80 b6 | !crc|
3987824 | 4008688 | Tag |3a! 6d! 57 59 74 e4 3e c1! b0! 24! e3! 92 70! a8! 46 2b | |
| | |48! 8e! | !crc|
4012332 | 4017036 | Rdr | 8d 60 fb 49! | !crc| ?
4018416 | 4039280 | Tag | 02 61 af ee 8c 43 47 58! 9c 64 7b 8e! c9 e8 de 94! | |
| | | 5f 60! | !crc|
mfkey found the correct password but in decrypted communication after another authentication, I can understand the commands.
./mfkey64 866285b1 b830049b 8d369b4d 9248314a 9280e203 41e586f9 30833a9e9c010619bb9a1f7e79d8d80e7e5c a67ff479 3508ca2f 49a8bb52cd1995b9 30c89612 2b0eb38e 895af868b8f6fbea8d9a6851e0e12fa4
MIFARE Classic key recovery - based on 64 bits of keystream
Recover key from only one complete authentication!
Recovering key for:
uid: 866285b1
nt: b830049b
{nr}: 8d369b4d
{ar}: 9248314a
{at}: 9280e203
{enc0}: 41e586f9
{enc1}: 30833a9e9c010619bb9a1f7e79d8d80e7e5c
{enc2}: a67ff479
{enc3}: 3508ca2f
{enc4}: 49a8bb52cd1995b9
{enc5}: 30c89612
{enc6}: 2b0eb38e
{enc7}: 895af868b8f6fbea8d9a6851e0e12fa4
LFSR successors of the tag challenge:
nt' : 7b5d612b
nt'': 8e15f092
Time spent in lfsr_recovery64(): 0.13 seconds
Keystream used to generate {ar} and {at}:
ks2: e9155061
ks3: 1c951291
Decrypted communication:
{dec0}: 3003999a
{dec1}: 000000000000787788c10000000000003e30
{dec2}: 60036e49 // New authentication to the same block
{dec3}: 9e030098
{dec4}: 02d3ae2c12772386
{dec5}: 7c027c0a
{dec6}: 3e39a917 // 3e is not a command, maybe a read
{dec7}: 378e2a67b3c0cf15f3f4c1afdce6c1d6 // return 16 byte response of read?
Found Key: [a0a1a2a3a4a5]
mfkey64 with new authentication not give me good data. Wrong password and no decrpyted data.
./mfkey64 866285b1 9e030098 02d3ae2c 12772386 7c027c0a 3e39a917
MIFARE Classic key recovery - based on 64 bits of keystream
Recover key from only one complete authentication!
Recovering key for:
uid: 866285b1
nt: 9e030098
{nr}: 02d3ae2c
{ar}: 12772386
{at}: 7c027c0a
{enc0}: 3e39a917
LFSR successors of the tag challenge:
nt' : 51280dae
nt'': 3f4dbee5
Time spent in lfsr_recovery64(): 0.10 seconds
Keystream used to generate {ar} and {at}:
ks2: 435f2e28
ks3: 434fc2ef
Decrypted communication:
{dec0}: 3e39a917 // NO decryption
Found Key: [635863a133db] // Wrong password
Suggestions for get all trace decrypted?
Offline
..what you are looking at is the Mifare functionality called nested authentication
..you will need to read up on J_Run's attack against nested authentications. Its a two phased attack, first part is offline form trace. Second one is online against tag. Now depending on your luck, you can get a valid key form phase1...
see below
pm3 ~/tools/mf_nonce_brute$ mf_nonce_brute 866285b1 3508ca2f 1101 49a8bb52 cd1995b9 1110 30c89612 1001
Mifare classic nested auth key recovery. Phase 1.
-------------------------------------------------
uid: 866285b1
nt encrypted: 3508ca2f
nt parity err: 1101
nr encrypted: 49a8bb52
ar encrypted: cd1995b9
ar parity err: 1110
at encrypted: 30c89612
at parity err: 1001
Bruteforce using 4 threads to find encrypted tagnonce last bytes
Valid Key found: [a0a1a2a3a4a5]
Online
I think you're missing the beginning of communication.
Starter packets will be important for mfkey64 calculation.
@iceman: I'm glad I can learn something new now.
Last edited by Tatka (2017-08-30 13:31:51)
Offline
@tatka, yes, you had a similar post
Online
I think you're missing the beginning of communication.
I don't know but first 3 commands decrypted are good.
Read block 3, return 16 bytes from block 3, authentication on block 3.
Now I don't want recover keys, I have already all keys. I want understand the commands executed from reader on my tag.
Last edited by meter (2017-08-30 15:32:23)
Offline
see below
Interesting this tool. I will study it, also how to calculate parity err parameters.
This tool help only to recover keys not to decrypt encrypted comunications.
EDIT
My fault, the tool accept more parameters after AR.
Last edited by meter (2017-08-30 15:50:32)
Offline
Not quite right,
https://github.com/iceman1001/mf_nonce_brute
If you modify the source to output some interesting stats, you can use that in conjuction with another command.
Below you see those extra stats.
pm3 ~/tools/mf_nonce_brute$ mf_nonce_brute 866285b1 3508ca2f 1101 49a8bb52 cd1995b9 1110 30c89612 1001 2b0eb38e
Mifare classic nested auth key recovery. Phase 1.
-------------------------------------------------
uid: 866285b1
nt encrypted: 3508ca2f
nt parity err: 1101
nr encrypted: 49a8bb52
ar encrypted: cd1995b9
ar parity err: 1110
at encrypted: 30c89612
at parity err: 1001
next cmd enc: 2b0eb38e
Bruteforce using 4 threads to find encrypted tagnonce last bytes
thread #0 idx 0
current nt(6fdb0220) ar_enc(cd1995b9) at_enc(30c89612)
ks2:54e245e4
ks3:c00bfb77
ks4:1b0eb126
CMD enc(2b0eb38e)
dec(300002a8) <-- Valid cmd
Valid Key found: [a0a1a2a3a4a5]
If the step above was succesfull, you can now do this:
Since you now know the nt, ar_enc, ar_enc used, hook it into hf mf decrypt together with the tracelog data that comes after a successful nested auth.
{enc6}: 2b0eb38e
{enc7}: 895af868b8f6fbea8d9a6851e0e12fa4
pm3 --> hf mf decrypt 6fdb0220 cd1995b9 30c89612 2b0eb38e895af868b8f6fbea8d9a6851e0e12fa4
nt 6FDB0220
ar enc CD1995B9
at enc 30C89612
Encrypted data: [2B 0E B3 8E 89 5A F8 68 B8 F6 FB EA 8D 9A 68 51 E0 E1 2F A4 ]
Decrypted data: [30 00 02 A8 86 62 85 B1 D0 88 04 00 47 C1 14 D7 A1 00 08 04 ]
The decrypted data sure looks like a auth to block 0 / keyA. Which would indicate another authentication sequence..
You get the idea...
High level Mifare Classic analyse
Online
You get the idea...
High level Mifare Classic analyse
Sure, thank you, now I have the knowledge to continue.
Offline