[solved] hardnested throw "Out of memory error." exception while

xiaojin1985 · 2017-12-22 16:42:29

I have a mifare classic card with a0a1a2a3a4a5 keyset on sector 0, when I try to get the key B on sector 2 using hardnested command,it acquired over 160000 nonces(60000/65000 with distinct bytes),it throw out lots of "Out of memory error.",how can I get the correct key?Is it a bug or my hardware fault?I'm an "EASY" hw version with only 256KB Mem,I saw the offical ver was 512KB.

Last edited by xiaojin1985 (2017-12-22 19:20:59)

iceman · 2017-12-22 17:02:39

You need to provide more details of your setup. Which version of firmware are you using?

hw version
hw status
hf 14a info

xiaojin1985 · 2017-12-22 17:10:41

seems it is too old to have the hf 14a info command.........

Proxmark3 RFID instrument
bootrom: iceman/master/YEMA-PM3 Customization -unclean 2017-05-11 21:48:17
os: iceman/master/YEMA-PM3 Customization -unclean 2017-05-11 21:48:19
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at 9: 8: 8

uC: AT91SAM7S256 Rev D
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 217599 bytes (83%). Free: 445
45 bytes (17%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
pm3 --> hw ver
[[[ Cached information ]]]

Proxmark3 RFID instrument
bootrom: iceman/master/YEMA-PM3 Customization -unclean 2017-05-11 21:48:17
os: iceman/master/YEMA-PM3 Customization -unclean 2017-05-11 21:48:19
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at 9: 8: 8

uC: AT91SAM7S256 Rev D
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 217599 bytes (83%). Free: 445
45 bytes (17%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory

pm3 --> hw status
#db# Memory
#db# BIGBUF_SIZE.............40000
#db# Available memory........40000
#db# Tracing
#db# tracing ................1
#db# traceLen ...............0
#db# Fgpa
#db# mode.............HF
#db# LF Sampling config:
#db# [q] divisor: 95 (125 KHz)
#db# bbps: 8
#db# [d] decimation: 1
#db# [a] averaging: Yes
#db# [t] trigger threshold: 0
#db# USB Speed:
#db# Sending USB packets to client...
#db# Time elapsed: 1500ms
#db# Bytes transferred: 84992
#db# USB Transfer Speed PM3 -> Client = 56661 Bytes/s
#db# Various
#db# MF_DBGLEVEL........2
#db# ToSendMax..........0
#db# ToSendBit..........0
#db# ToSend BUFFERSIZE..2308
pm3 --> hf 14a info
help This help
list [Deprecated] List ISO 14443a history
reader Act like an ISO14443 Type A reader
cuids <n> Collect n>0 ISO14443 Type A UIDs in one go
sim <UID> -- Simulate ISO 14443a tag
sniff sniff ISO 14443 Type A traffic
raw Send raw hex data to tag
pm3 --> hf 14a reader
UID : 22 6E 92 8F
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
Answers to magic commands: NO
pm3 -->

iceman · 2017-12-22 17:16:45

Sorry, I can't help you. You are using a unknown modified version of iceman fork.

os: iceman/master/YEMA-PM3 Customization -unclean 2017-05-11 21:48:19

You would need to contact the person who sold you the proxmark3 easy and ask them, for support.

xiaojin1985 · 2017-12-22 17:25:24

iceman wrote:

Sorry, I can't help you. You are using a unknown modified version of iceman fork.
os: iceman/master/YEMA-PM3 Customization -unclean 2017-05-11 21:48:19
You would need to contact the person who sold you the proxmark3 easy and ask them, for support.

I think there have more than 2 ver of PM3 hardware with different customize firmware,"wild horse" and "ELECHOUSE",I will try to flash your lastest version.......

iceman · 2017-12-22 17:41:41

I have no idea what that customize firmware do.

xiaojin1985 · 2017-12-22 18:14:23

iceman wrote:

I have no idea what that customize firmware do.

I think I have succeed flash your lastest firmware.....

pm3 --> hw ver
[[[ Cached information ]]]

Proxmark3 RFID instrument

[ ARM ]
bootrom: iceman/master/YEMA-PM3 Customization -unclean 2017-05-11 21:48:17
os: iceman// 2017-12-23 00:20:54
[ FPGA ]
LF image built for 2s30vq100 on 2017/10/25 at 19:50:50
HF image built for 2s30vq100 on 2017/11/10 at 19:24:16

[ Hardware ]
--= uC: AT91SAM7S256 Rev D
--= Embedded Processor: ARM7TDMI
--= Nonvolatile Program Memory Size: 256K bytes, Used: 233775 bytes (89%) Free: 28369 bytes (11%)
--= Second Nonvolatile Program Memory Size: None
--= Internal SRAM Size: 64K bytes
--= Architecture Identifier: AT91SAM7Sxx Series
--= Nonvolatile Program Memory Type: Embedded Flash Memory

pm3 --> hw tune

Measuring antenna characteristics, please wait......
# LF antenna: 22.82 V @ 125.00 kHz
# LF antenna: 20.62 V @ 134.00 kHz
# LF optimal: 23.24 V @ 126.32 kHz
# HF antenna: 14.07 V @ 13.56 MHz
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.

pm3 --> hf 14a info
UID : 22 6E 92 8F
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1 | 1k Ev1
proprietary non iso14443-4 card found, RATS not supported
Answers to magic commands: NO
Prng detection: HARDEND (hardnested)
pm3 -->

testing to read key B...
Reading block 3
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| a0a1a2a3a4a5 | 1 | ------------ | 0 |
|001| ------------ | 0 | ------------ | 0 |
|002| ------------ | 0 | ------------ | 0 |
|003| ------------ | 0 | ------------ | 0 |
|004| ------------ | 0 | ------------ | 0 |
|005| ------------ | 0 | ------------ | 0 |
|006| ------------ | 0 | ------------ | 0 |
|007| ------------ | 0 | ------------ | 0 |
|008| ------------ | 0 | ------------ | 0 |
|009| ffffffffffff | 1 | ffffffffffff | 1 |
|010| ffffffffffff | 1 | ffffffffffff | 1 |
|011| ffffffffffff | 1 | ffffffffffff | 1 |
|012| ffffffffffff | 1 | ffffffffffff | 1 |
|013| ffffffffffff | 1 | ffffffffffff | 1 |
|014| ffffffffffff | 1 | ffffffffffff | 1 |
|015| ffffffffffff | 1 | ffffffffffff | 1 |
|---|----------------|---|----------------|---|
Found keys have been transferred to the emulator memory

xiaojin1985 · 2017-12-22 18:16:32

but there still some problem?

pm3 --> hf mf hardnested 0 A a0a1a2a3a4a5 8 B w
--target block no: 8, target key type:B, known target key: 0x000000000000 (not set), file action: write, Slow: No, Test
s: 0
Couldn't read benchmark data. Assuming brute force rate of 120000000 states per second

time | #nonces | Activity | expected to brute force
| | | #states | time
------------------------------------------------------------------------------------------------------
0 | 0 | Start using 4 threads and AVX2 SIMD core | |
0 | 0 | Brute force benchmark: 120 million (2^26.8) keys/s | 140737488355328 | 14d
0 | 0 | Using 0 precalculated bitflip state tables | 140737488355328 | 14d
5 | 0 | Writing acquired nonces to binary file nonces.bin | 140737488355328 | 14d
5 | 112 | Apply bit flip properties | 140737488355328 | 14d
5 | 224 | Apply bit flip properties | 140737488355328 | 14d
6 | 336 | Apply bit flip properties | 140737488355328 | 14d
7 | 447 | Apply bit flip properties | 140737488355328 | 14d
8 | 558 | Apply bit flip properties | 140737488355328 | 14d
8 | 670 | Apply bit flip properties | 140737488355328 | 14d
9 | 780 | Apply bit flip properties | 140737488355328 | 14d
10 | 892 | Apply bit flip properties | 140737488355328 | 14d
11 | 1001 | Apply bit flip properties | 140737488355328 | 14d
12 | 1111 | Apply bit flip properties | 140737488355328 | 14d
12 | 1222 | Apply bit flip properties | 140737488355328 | 14d
13 | 1333 | Apply bit flip properties | 140737488355328 | 14d
14 | 1440 | Apply bit flip properties | 140737488355328 | 14d
15 | 1547 | Apply bit flip properties | 140737488355328 | 14d
16 | 1658 | Apply Sum property. Sum(a0) = 128 | nan | nand
16 | 1768 | Apply bit flip properties | nan | nand
17 | 1880 | Apply bit flip properties | nan | nand
18 | 1991 | Apply bit flip properties | nan | nand
19 | 2098 | Apply bit flip properties | nan | nand
19 | 2206 | Apply bit flip properties | nan | nand
20 | 2312 | Apply bit flip properties | nan | nand
21 | 2415 | Apply bit flip properties | nan | nand
22 | 2521 | Apply bit flip properties | nan | nand
23 | 2632 | Apply bit flip properties | nan | nand
23 | 2736 | Apply bit flip properties | nan | nand
24 | 2842 | Apply bit flip properties | nan | nand
25 | 2951 | Apply bit flip properties | nan | nand
26 | 3061 | Apply bit flip properties | nan | nand
27 | 3170 | Apply bit flip properties | nan | nand
27 | 3280 | Apply bit flip properties | nan | nand
28 | 3386 | Apply bit flip properties | nan | nand
29 | 3497 | Apply bit flip properties | nan | nand
Button pressed. Aborted.

iceman · 2017-12-22 18:21:33

Did you compile the fork?? Since you have a custom bootrom version, I suggest you flash that one too.

You seem to have some issues indeed. Which OS did you compile on?

Couldn't read benchmark data. Assuming brute force rate of 120000000 states per second

xiaojin1985 · 2017-12-22 18:30:37

iceman wrote:

Did you compile the fork?? Since you have a custom bootrom version, I suggest you flash that one too.
You seem to have some issues indeed. Which OS did you compile on?
Couldn't read benchmark data. Assuming brute force rate of 120000000 states per second

Win7 and ProxSpace from http://www.proxmark.org/files/Windows-Compile-Environment/2017.06.08%20ProxSpace.zip

iceman · 2017-12-22 18:32:00

If you look at your compilation output, does anything say there? Some warning? error?

xiaojin1985 · 2017-12-22 19:02:41

iceman wrote:

If you look at your compilation output, does anything say there? Some warning? error?

tks,I copied the ProxSpace\Qt\5.6\plugins\platforms folder into Client folder and it works,tried to read an old MF Card and get succeed.

pm3 --> hf mf hardnested 0 B ffffffffffff 0 A w
--target block no: 0, target key type:A, known target key: 0x000000000000 (not
set), file action: write, Slow: No, Tests: 0

time | #nonces | Activity | e
xpected to brute force
| | | #
states | time
--------------------------------------------------------------------------------
----------------------
0 | 0 | Start using 4 threads and AVX2 SIMD core |
|
0 | 0 | Brute force benchmark: 359 million (2^28.4) keys/s | 1
40737488355328 | 5d
1 | 0 | Using 235 precalculated bitflip state tables | 1
40737488355328 | 5d
5 | 0 | Writing acquired nonces to binary file nonces.bin | 1
40737488355328 | 5d
6 | 107 | Apply bit flip properties |
66029490176 | 3min
7 | 219 | Apply bit flip properties |
16002001920 | 45s
8 | 329 | Apply bit flip properties |
15706522624 | 44s
9 | 441 | Apply bit flip properties |
11370173440 | 32s
10 | 553 | Apply bit flip properties |
10464859136 | 29s
11 | 662 | Apply bit flip properties |
10464859136 | 29s
12 | 774 | Apply bit flip properties |
7964823552 | 22s
13 | 886 | Apply bit flip properties |
3876487936 | 11s
14 | 998 | Apply bit flip properties |
2894578688 | 8s
15 | 1108 | Apply bit flip properties |
2189505280 | 6s
16 | 1220 | Apply bit flip properties |
2189505280 | 6s
17 | 1331 | Apply bit flip properties |
2042360192 | 6s
18 | 1440 | Apply bit flip properties |
1589498368 | 4s
19 | 1552 | Apply bit flip properties |
1385794560 | 4s
20 | 1663 | Apply bit flip properties |
1385794560 | 4s
22 | 1766 | Apply Sum property. Sum(a0) = 136 |
80548128 | 0s
22 | 1875 | Apply bit flip properties |
80548128 | 0s
23 | 1984 | Apply bit flip properties |
80548128 | 0s
24 | 2089 | Apply bit flip properties |
78853824 | 0s
24 | 2089 | (Ignoring Sum(a8) properties) |
78853824 | 0s
25 | 2089 | Brute force phase completed. Key found: 013738141583 |
0 | 0s
pm3 -->

xiaojin1985 · 2017-12-22 19:03:42

Now I will try the hardest MF Card........

iceman · 2017-12-22 19:14:53

I suggest you edit your first post and add "[solved]" to your subject line as a prefix.

btw, on old cards, use nested instead, or try the new check keys..

xiaojin1985 · 2017-12-22 19:20:15

oh well it's done quickly..........

so the taobao "EASY" ver is running an old firmware,I think it was built on 2015,they sell it at more than 300RMB,and the "2018 new version" is up to 600RMB...Now I think both of their hardware is the same one and only different firmware,WTF....

big thanks to iceman!

xiaojin1985 · 2017-12-22 19:22:34

iceman wrote:

I suggest you edit your first post and add "[solved]" to your subject line as a prefix.
btw, on old cards, use nested instead, or try the new check keys..

yes I know,the old card can use ACS-122U for the full dump.......

iceman · 2017-12-22 19:33:28

no need to use another device/tool. You can do it all with the pm3 client and your pm3 easy.

your version seem to have a kind of bad HF voltage. Maybe the 2018 version is better.

Nothing says thank you as much as a donation!

xiaojin1985 · 2017-12-23 04:18:25

iceman wrote:

no need to use another device/tool. You can do it all with the pm3 client and your pm3 easy.
your version seem to have a kind of bad HF voltage. Maybe the 2018 version is better.

Nothing says thank you as much as a donation!

of course I will

The normal state of my HF Voltage is 15V,is it ok?I heard that it can work fine above 5V?

pm3 --> hw tune

Measuring antenna characteristics, please wait......
# LF antenna: 22.69 V @ 125.00 kHz
# LF antenna: 20.62 V @ 134.00 kHz
# LF optimal: 23.10 V @ 126.32 kHz
# HF antenna: 15.14 V @ 13.56 MHz
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.

BTW,I don't know if I don't flash the bootrom to the lastest ver,in my opinion the BOOTROM is a Loader for System image,so if it can load and run the fullimage.elf,its job was done......Any suggest?I still afraid I make it bricked......I don't have a JTAG Link and EASY hw have this connector.....

iceman · 2017-12-23 09:27:20

Don't flash if it works well. pm3 easy have jtag tag connections. near the side which has the leds.

As ever with antennas and voltage, the high voltage the better, but an pm3 easy can't swap antennas so there is nothing you can do.

Thanks for the donation,

xiaojin1985 · 2017-12-24 03:18:08

iceman wrote:

Don't flash if it works well. pm3 easy have jtag tag connections. near the side which has the leds.
As ever with antennas and voltage, the high voltage the better, but an pm3 easy can't swap antennas so there is nothing you can do.
Thanks for the donation,

OK,I will use the mixed and what is the different between your fork and official release?

xiaojin1985 · 2017-12-24 03:19:37

I mean the functions,like snoop or something else

Dot.Com · 2017-12-24 13:12:36

Look. Buy the original or get rip like always.

23V at LF and 14V at HF.

You don't even have enough voltage to do the complete function of what the real can do.

When you dump the LF data, you might not even read past block 5.

Poor voltage gives poor performance. We cannot help you in term of software since your hardware is trash my friend.

marshmellow · 2017-12-24 14:58:18

Dot.Com wrote:

Look. Buy the original or get rip like always.
23V at LF and 14V at HF.
You don't even have enough voltage to do the complete function of what the real can do.
When you dump the LF data, you might not even read past block 5.
Poor voltage gives poor performance. We cannot help you in term of software since your hardware is trash my friend.

Lol, spoken like someone offended they didn't buy from your shop.
I don't know what hardware he has but voltage alone doesn't make it bad. Those voltages are actually better than the true "original" antennas you could buy. But then, voltage isn't everything when it comes to antennas...

xiaojin1985 · 2017-12-24 17:03:03

marshmellow wrote:

Dot.Com wrote:
Look. Buy the original or get rip like always.
23V at LF and 14V at HF.
You don't even have enough voltage to do the complete function of what the real can do.
When you dump the LF data, you might not even read past block 5.
Poor voltage gives poor performance. We cannot help you in term of software since your hardware is trash my friend.
Lol, spoken like someone offended they didn't buy from your shop.
I don't know what hardware he has but voltage alone doesn't make it bad. Those voltages are actually better than the true "original" antennas you could buy. But then, voltage isn't everything when it comes to antennas...

em......I bought that PM3 "Easy" ver which printed "ELECHOUSE" in LF antenna,and 2 USB connectors,like this: https://item.taobao.com/item.htm?spm=a230r.1.14.17.8080c51FsLtmA&id=562475266492&ns=1&abbucket=19#detail

Is there something wrong in the hardware?

xiaojin1985 · 2017-12-24 17:09:22

Dot.Com wrote:

Look. Buy the original or get rip like always.
23V at LF and 14V at HF.
You don't even have enough voltage to do the complete function of what the real can do.
When you dump the LF data, you might not even read past block 5.
Poor voltage gives poor performance. We cannot help you in term of software since your hardware is trash my friend.

I saw the "EASY" ver on your website........They are look the same......Both have "ELECHOUSE" sign on LF.....

https://www.rfxsecure.com/product/iceman-x-proxgrind-proxmark3-easy-hard-autopwn-function/

What voltage your EASY ver have?

Dot.Com · 2017-12-24 17:22:55

Marshmellow no offense on this but we tried dumping a LF tag with a pm3 (fake) with bad voltage. Firmware all good with the latest but the dump file is just always inconsistent with every read. I have been providing support regardless if the guys buy from me. Just getting bad dumps frustrate me every time.

@xiaojin1985
We have been educating people on the trade section. Please read it to spot the fakes from the real.

The font is a pretty good giveaway for the fakes.

Real Easy Vers has
1) 38-40V for LF
2) 25-26V for the HF

xiaojin1985 · 2017-12-27 18:13:37

I found some card eat lots of voltage and make error while long distance analysis........must put it down to the motherboard,below to HF antenna........

hw tune report that voltage downgrade to 10V after putting card...

marshmellow · 2017-12-27 18:24:03

Dot.Com wrote:

Marshmellow no offense on this but we tried dumping a LF tag with a pm3 (fake) with bad voltage. Firmware all good with the latest but the dump file is just always inconsistent with every read. I have been providing support regardless if the guys buy from me. Just getting bad dumps frustrate me every time.

Dump how? T55xx dump's effectiveness will fluctuate card to card, antenna to antenna. It is not intended as a completely reliable command and should only be taken as part of the story, NEVER as the sole data to clone or backup tags.

I can dump any dumb lf tag with a 10v antenna. (It is how I test my demod functions, with multiple antennas).

iceman · 2017-12-27 18:42:52

Keep to the subject, start a new thread in appropriate category.

Proxmark3 community

Announcement

#1 2017-12-22 16:42:29

[solved] hardnested throw "Out of memory error." exception while

#2 2017-12-22 17:02:39

Re: [solved] hardnested throw "Out of memory error." exception while

#3 2017-12-22 17:10:41

Re: [solved] hardnested throw "Out of memory error." exception while

#4 2017-12-22 17:16:45

Re: [solved] hardnested throw "Out of memory error." exception while

#5 2017-12-22 17:25:24

Re: [solved] hardnested throw "Out of memory error." exception while

#6 2017-12-22 17:41:41

Re: [solved] hardnested throw "Out of memory error." exception while

#7 2017-12-22 18:14:23

Re: [solved] hardnested throw "Out of memory error." exception while

#8 2017-12-22 18:16:32

Re: [solved] hardnested throw "Out of memory error." exception while

#9 2017-12-22 18:21:33

Re: [solved] hardnested throw "Out of memory error." exception while

#10 2017-12-22 18:30:37

Re: [solved] hardnested throw "Out of memory error." exception while

#11 2017-12-22 18:32:00

Re: [solved] hardnested throw "Out of memory error." exception while

#12 2017-12-22 19:02:41

Re: [solved] hardnested throw "Out of memory error." exception while

#13 2017-12-22 19:03:42

Re: [solved] hardnested throw "Out of memory error." exception while

#14 2017-12-22 19:14:53

Re: [solved] hardnested throw "Out of memory error." exception while

#15 2017-12-22 19:20:15

Re: [solved] hardnested throw "Out of memory error." exception while

#16 2017-12-22 19:22:34

Re: [solved] hardnested throw "Out of memory error." exception while

#17 2017-12-22 19:33:28

Re: [solved] hardnested throw "Out of memory error." exception while

#18 2017-12-23 04:18:25

Re: [solved] hardnested throw "Out of memory error." exception while

#19 2017-12-23 09:27:20

Re: [solved] hardnested throw "Out of memory error." exception while

#20 2017-12-24 03:18:08

Re: [solved] hardnested throw "Out of memory error." exception while

#21 2017-12-24 03:19:37

Re: [solved] hardnested throw "Out of memory error." exception while

#22 2017-12-24 13:12:36

Re: [solved] hardnested throw "Out of memory error." exception while

#23 2017-12-24 14:58:18

Re: [solved] hardnested throw "Out of memory error." exception while

#24 2017-12-24 17:03:03

Re: [solved] hardnested throw "Out of memory error." exception while

#25 2017-12-24 17:09:22

Re: [solved] hardnested throw "Out of memory error." exception while

#26 2017-12-24 17:22:55

Re: [solved] hardnested throw "Out of memory error." exception while

#27 2017-12-27 18:13:37

Re: [solved] hardnested throw "Out of memory error." exception while

#28 2017-12-27 18:24:03

Re: [solved] hardnested throw "Out of memory error." exception while

#29 2017-12-27 18:42:52

Re: [solved] hardnested throw "Out of memory error." exception while

Board footer