Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
#1 2017-11-11 10:50:10
- goseoan
- Contributor
- Registered: 2017-11-06
- Posts: 11
need help hf 14a snoop data analysis
We snooped the process of writing data(maybe increment process) to the card.
However, there are two parts that differ from the existing results.
I thought it would be a change.
I do not know what the value is.
The hypothesis test is repeatedly performed.
encrypted value?
random value?
Time-related values?
increment process?
If you play a replay with this apdu command
0B 00 91 0F 67 6E error occurs in the last instruction.
In the last reader command, there is an unknown value of apdu command part, data part, 4byte. This part was brute force, but failed.
I need help so much.
-------------------------------------------------------------------------------------------
hf 14a snoop
hf list 14a
i don't this part data
( 00 00 00 65 b9 51 ea 31 52 1e 47 eb c1 ab fa 4e )
( f1 00 b1 f0 )
8166224 | 8182448 | Rdr | 0a 00 90 40 00 00 04 00 00 03 e8 1e fc 95 | ok | ?
8303748 | 8345348 | Tag | 0a 00 10 00 00 33 2c 0b 10 40 12 97 02 27 00 90 | |
< here > | | | ( 00 00 00 65 b9 51 ea 31 52 1e 47 eb c1 ab fa 4e ) | |
| | | 90 00 32 0d | ok |
10444272 | 10474320 | Rdr | 0b 00 90 42 00 00 10 00 00 01 00 09 51 52 82 00 | |
< here > | | | 02 a8 4f ( f1 00 b1 f0 )08 90 d4 | ok | ?
11066356 | 11082548 | Tag | 0b 00 00 00 37 14 74 11 31 a2 90 00 eb 95 | ok |The values will continue to change as follows before write snoop data
7217764 | 7259364 | Tag | 0a 00 10 00 00 2b 5c 0b 10 40 12 97 02 27 00 90 | |
| | | ( 00 00 00 64 f0 87 c5 60 ca 40 04 e6 68 94 93 76 )| |
| | | 90 00 77 9b | ok |
9358416 | 9388464 | Rdr | 0b 00 90 42 00 00 10 00 00 01 00 09 51 52 82 00 | |
| | | 02 a8 4e (67 f6 5c 3a 08 )83 28 | ok | ?
10019796 | 10035988 | Tag | 0b 00 00 00 33 2c df 1d 46 42 90 00 81 55 | ok |* this is all snoop data
0 | 992 | Rdr | 52 | | WUPA
2244 | 4612 | Tag | 04 00 | |
7936 | 10400 | Rdr | 93 20 | | ANTICOLL
11588 | 17412 | Tag | 99 63 fb 97 96 | |
21376 | 31840 | Rdr | 93 70 99 63 fb 97 96 bc 0a | ok | SELECT_UID
33092 | 36676 | Tag | 20 fc 70 | |
39808 | 44576 | Rdr | 50 00 57 cd | ok | HALT
60544 | 61600 | Rdr | 26 | | REQA
950048 | 951040 | Rdr | 52 | | WUPA
952292 | 954660 | Tag | 04 00 | |
957984 | 960448 | Rdr | 93 20 | | ANTICOLL
961636 | 967460 | Tag | 99 63 fb 97 96 | |
971424 | 981888 | Rdr | 93 70 99 63 fb 97 96 bc 0a | ok | SELECT_UID
983140 | 986724 | Tag | 20 fc 70 | |
990112 | 994816 | Rdr | e0 70 be 84 | ok | RATS
997988 | 1010724 | Tag | 09 78 00 92 02 54 13 02 04 2d e8 | ok |
1020576 | 1040320 | Rdr | 0a 00 00 a4 04 00 07 d4 10 00 00 03 00 01 33 1d | |
| | | f4 | ok | ?
1051492 | 1058532 | Tag | 0a 00 6a 82 91 b5 | ok |
1067808 | 1087552 | Rdr | 0b 00 00 a4 04 00 07 d4 10 00 00 03 00 01 33 37 | |
| | | bc | ok | ?
1097956 | 1104932 | Tag | 0b 00 6a 82 2a a9 | ok |
1115280 | 1134960 | Rdr | 0a 00 00 a4 04 00 07 d4 10 00 00 14 00 01 33 9d | |
| | | 60 | ok | ?
1148116 | 1148308 | Tag | 0a 00 6f 31 b0 2f 03 10 01 0b 10 40 12 97 02 27 | |
| | | 00 90 03 30 47 92 81 20 16 04 15 20 21 04 15 01 | |
| | | 00 00 07 a1 20 31 10 00 00 00 00 00 00 00 00 00 | |
| | | 00 00 00 00 02 90 00 f1 17 | ok |
1232016 | 1242544 | Rdr | 0b 00 00 ca 01 01 08 9e d9 | ok | ?
1247188 | 1263444 | Tag | 0b 00 99 63 fb 97 34 4c 5c 08 90 00 1f b9 | ok |
1274752 | 1285280 | Rdr | 0a 00 00 b2 01 24 1a ce 97 | ok | ?
1293508 | 1330500 | Tag | 0a 00 02 18 00 00 33 2c 00 00 00 64 00 00 07 d0 | |
| | | 00 00 01 00 09 51 52 82 00 02 a8 4e 90 00 4a 13 | ok |
5524304 | 5525296 | Rdr | 52 | | WUPA
5526548 | 5528916 | Tag | 04 00 | |
5532240 | 5534704 | Rdr | 93 20 | | ANTICOLL
5535892 | 5541716 | Tag | 99 63 fb 97 96 | |
5545680 | 5556144 | Rdr | 93 70 99 63 fb 97 96 bc 0a | ok | SELECT_UID
5557396 | 5560980 | Tag | 20 fc 70 | |
5564112 | 5568880 | Rdr | 50 00 57 cd | ok | HALT
5584976 | 5586032 | Rdr | 26 | | REQA
6474368 | 6475360 | Rdr | 52 | | WUPA
6476612 | 6478980 | Tag | 04 00 | |
6482304 | 6484768 | Rdr | 93 20 | | ANTICOLL
6485956 | 6491780 | Tag | 99 63 fb 97 96 | |
6495728 | 6506192 | Rdr | 93 70 99 63 fb 97 96 bc 0a | ok | SELECT_UID
6507444 | 6511028 | Tag | 20 fc 70 | |
6514416 | 6519120 | Rdr | e0 70 be 84 | ok | RATS
6522292 | 6535028 | Tag | 09 78 00 92 02 54 13 02 04 2d e8 | ok |
6544752 | 6564432 | Rdr | 0a 00 00 a4 04 00 07 d4 10 00 00 14 00 01 33 9d | |
| | | 60 | ok | ?
6578356 | 6578548 | Tag | 0a 00 6f 31 b0 2f 03 10 01 0b 10 40 12 97 02 27 | |
| | | 00 90 03 30 47 92 81 20 16 04 15 20 21 04 15 01 | |
| | | 00 00 07 a1 20 31 10 00 00 00 00 00 00 00 00 00 | |
| | | 00 00 00 00 02 90 00 f1 17 | ok |
6661472 | 6672000 | Rdr | 0b 00 00 b2 01 24 1a 1b 08 | ok | ?
6680100 | 6717028 | Tag | 0b 00 02 18 00 00 33 2c 00 00 00 64 00 00 07 d0 | |
| | | 00 00 01 00 09 51 52 82 00 02 a8 4e 90 00 b9 33 | ok |
8166224 | 8182448 | Rdr | 0a 00 90 40 00 00 04 00 00 03 e8 1e fc 95 | ok | ?
8303748 | 8345348 | Tag | 0a 00 10 00 00 33 2c 0b 10 40 12 97 02 27 00 90 | |
| | | 00 00 00 65 b9 51 ea 31 52 1e 47 eb c1 ab fa 4e | |
| | | 90 00 32 0d | ok |
10444272 | 10474320 | Rdr | 0b 00 90 42 00 00 10 00 00 01 00 09 51 52 82 00 | |
| | | 02 a8 4f f1 00 b1 f0 08 90 d4 | ok | ?
11066356 | 11082548 | Tag | 0b 00 00 00 37 14 74 11 31 a2 90 00 eb 95 | ok |Last edited by goseoan (2017-11-11 11:01:29)
Offline
#2 2017-11-11 11:28:01
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: need help hf 14a snoop data analysis
Maybe should move this to Desfire category....
[edit] ...change of category....
Offline
#3 2017-11-11 13:39:50
- goseoan
- Contributor
- Registered: 2017-11-06
- Posts: 11
Re: need help hf 14a snoop data analysis
What's mean move to 14b category?
this is not btype card
proxmark3> hf 14a reader
UID : 99 63 fb 97
ATQA : 00 04
SAK : 20 [1]
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41
ATS : 09 78 00 92 02 54 13 02 04 2d e8
- TL : length is 9 bytes
- T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)
- TA1 : different divisors are supported, DR: [], DS: []
- TB1 : SFGI = 2 (SFGT = 16384/fc), FWI = 9 (FWT = 2097152/fc)
- TC1 : NAD is NOT supported, CID is supported
- HB : 54 13 02 04
Answers to chinese magic backdoor commands: NO
proxmark3> hf 14b info
no 14443B tag found
Last edited by goseoan (2017-11-11 13:40:27)
Offline
#4 2017-11-11 13:53:18
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: need help hf 14a snoop data analysis
Correct, should be in desfire.
Read the desfire datasheet and see which commands your trace contains. It will help you in the process of analysing reader/tag communication.
Offline
#5 2017-11-12 00:38:15
- goseoan
- Contributor
- Registered: 2017-11-06
- Posts: 11
Re: need help hf 14a snoop data analysis
I originally wrote in the Desfire category, but I did not have an answer and was in a hurry. I'm sorry.
How can I get a Desfire Data Sheet if I sign a deal with NXP? Is there any other way?
Last edited by goseoan (2017-11-12 00:38:49)
Offline