Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2017-11-13 20:29:36

Charlie
Contributor
Registered: 2017-01-27
Posts: 129

ICT fob

So im having issues trying to copy a ICT fob

First.

proxmark3> hf 14a reader
 UID : 75 fb e9 2e           
ATQA : 00 04          
 SAK : 08 [2]          
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1          
proprietary non iso14443-4 card found, RATS not supported          
Answers to chinese magic backdoor commands: NO  

Then..     

proxmark3> hf mf chk * ?  d default_keys.dic
chk custom key[ 0] ffffffffffff          
chk custom key[ 1] 000000000000          
chk custom key[ 2] a0a1a2a3a4a5          
chk custom key[ 3] b0b1b2b3b4b5          
chk custom key[ 4] aabbccddeeff          
chk custom key[ 5] 4d3a99c351dd          
chk custom key[ 6] 1a982c7e459a          
chk custom key[ 7] d3f7d3f7d3f7          
chk custom key[ 8] 714c5c886e97          
chk custom key[ 9] 587ee5f9350f          
chk custom key[10] a0478cc39091          
chk custom key[11] 533cb6c723f6          
chk custom key[12] 8fd0a4f256e9          
chk custom key[13] 000000000001          
chk custom key[14] 000000000002          
chk custom key[15] 00000000000a          
chk custom key[16] 00000000000b          
chk custom key[17] 00000ffe2488          
chk custom key[18] 010203040506          
chk custom key[19] 0123456789ab          
chk custom key[20] 0297927c0f77          
chk custom key[21] 100000000000          
chk custom key[22] 111111111111          
chk custom key[23] 123456789abc          
chk custom key[24] 12f2ee3478c1          
chk custom key[25] 14d446e33363          
chk custom key[26] 1999a3554a55          
chk custom key[27] 200000000000          
chk custom key[28] 222222222222          
chk custom key[29] 26940b21ff5d          
chk custom key[30] 27dd91f1fcf1          
chk custom key[31] 2ba9621e0a36          
chk custom key[32] 333333333333          
chk custom key[33] 33f974b42769          
chk custom key[34] 34d1df9934c5          
chk custom key[35] 434f4d4d4f41          
chk custom key[36] 434f4d4d4f42          
chk custom key[37] 43ab19ef5c31          
chk custom key[38] 444444444444          
chk custom key[39] 47524f555041          
chk custom key[40] 47524f555042          
chk custom key[41] 4af9d7adebe4          
chk custom key[42] 4b0b20107ccb          
chk custom key[43] 505249564141          
chk custom key[44] 505249564142          
chk custom key[45] 505249565441          
chk custom key[46] 505249565442          
chk custom key[47] 54726176656c          
chk custom key[48] 555555555555          
chk custom key[49] 55f5a5dd38c9          
chk custom key[50] 569369c5a0e5          
chk custom key[51] 5c598c9c58b5          
chk custom key[52] 632193be1c3c          
chk custom key[53] 644672bd4afe          
chk custom key[54] 666666666666          
chk custom key[55] 722bfcc5375f          
chk custom key[56] 776974687573          
chk custom key[57] 777777777777          
chk custom key[58] 888888888888          
chk custom key[59] 8fe644038790          
chk custom key[60] 999999999999          
chk custom key[61] 99c636334433          
chk custom key[62] 9de89e070277          
chk custom key[63] a00000000000          
chk custom key[64] a053a292a4af          
chk custom key[65] a64598a77478          
chk custom key[66] a94133013401          
chk custom key[67] aaaaaaaaaaaa          
chk custom key[68] abcdef123456          
chk custom key[69] b00000000000          
chk custom key[70] b127c6f41436          
chk custom key[71] b5ff67cba951          
chk custom key[72] bbbbbbbbbbbb          
chk custom key[73] bd493a3962b6          
chk custom key[74] c934fe34d934          
chk custom key[75] cccccccccccc          
chk custom key[76] dddddddddddd          
chk custom key[77] e4d2770a89be          
chk custom key[78] ee0042f88840          
chk custom key[79] eeeeeeeeeeee          
chk custom key[80] eff603e1efe9          
chk custom key[81] f14ee7cae863          
chk custom key[82] f1a97341a9fc          
chk custom key[83] f1d83f964314          
chk custom key[84] fc00018778f7          
chk custom key[85] fc0001877bf7          
chk custom key[86] 44ab09010845          
chk custom key[87] 85fed980ea5a          
chk custom key[88] 314b49474956          
chk custom key[89] 564c505f4d41          
chk custom key[90] f4a9ef2afc6d          
chk custom key[91] a9f953def0a3          
--sector: 0, block:  3, key type:A, key count:92           
Found valid key:[ffffffffffff]          
--sector: 1, block:  7, key type:A, key count:92           
--sector: 2, block: 11, key type:A, key count:92           
--sector: 3, block: 15, key type:A, key count:92           
--sector: 4, block: 19, key type:A, key count:92           
--sector: 5, block: 23, key type:A, key count:92           
--sector: 6, block: 27, key type:A, key count:92           
--sector: 7, block: 31, key type:A, key count:92           
--sector: 8, block: 35, key type:A, key count:92           
--sector: 9, block: 39, key type:A, key count:92           
--sector:10, block: 43, key type:A, key count:92           
--sector:11, block: 47, key type:A, key count:92           
--sector:12, block: 51, key type:A, key count:92           
--sector:13, block: 55, key type:A, key count:92           
--sector:14, block: 59, key type:A, key count:92           
Found valid key:[ffffffffffff]          
--sector:15, block: 63, key type:A, key count:92           
Found valid key:[ffffffffffff]          
--sector: 0, block:  3, key type:B, key count:92           
Found valid key:[ffffffffffff]          
--sector: 1, block:  7, key type:B, key count:92           
--sector: 2, block: 11, key type:B, key count:92           
--sector: 3, block: 15, key type:B, key count:92           
--sector: 4, block: 19, key type:B, key count:92           
--sector: 5, block: 23, key type:B, key count:92           
--sector: 6, block: 27, key type:B, key count:92           
--sector: 7, block: 31, key type:B, key count:92           
--sector: 8, block: 35, key type:B, key count:92           
--sector: 9, block: 39, key type:B, key count:92           
--sector:10, block: 43, key type:B, key count:92           
--sector:11, block: 47, key type:B, key count:92           
--sector:12, block: 51, key type:B, key count:92           
--sector:13, block: 55, key type:B, key count:92           
--sector:14, block: 59, key type:B, key count:92           
Found valid key:[ffffffffffff]          
--sector:15, block: 63, key type:B, key count:92           
Found valid key:[ffffffffffff]          
Found keys have been dumped to file dumpkeys.bin. 0xffffffffffff has been inserted for unknown keys. 

         
So following...
hf mf nested  o <block number> <key A/B> <key (12 hex symbols)> <target block number> <target key A/B>

I tried the following with the found key...

proxmark3> hf mf nested o 3 A FFFFFFFFFFFF 4 A
--target block no:  4, target key type:A           
Tag isn't vulnerable to Nested Attack (random numbers are not predictable).
          
proxmark3> hf mf nested o 3 A FFFFFFFFFFFF 4 b
--target block no:  4, target key type:B           
Tag isn't vulnerable to Nested Attack (random numbers are not predictable).

Do I need to try to hardnest or am I not following the procedure correctly? Thanks for any help

Offline

#2 2017-11-14 11:13:29

T.
Contributor
Registered: 2017-09-20
Posts: 20

Re: ICT fob

Hello Charlie,

Got often the same error, I use hardnested it always work but could take some time.
Use it to get from block 3 to block 7 for the key A and you will probably end up with most of the keys

T.

Offline

#3 2017-11-16 05:22:07

Charlie
Contributor
Registered: 2017-01-27
Posts: 129

Re: ICT fob

Thanks, I'm having a few issues with my proxmark and the hardnested commands. Once I figure out whats going wrong I look forward to trying out your suggestion.

Offline

Board footer

Powered by FluxBB