Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2018-05-09 15:19:21
- T.
- Contributor
- Registered: 2017-09-20
- Posts: 20
(Solved) Proxmark crash for classic 1 k
Hey there,
I have a small problem trying to crack a mifare 1k classic :
Let me explain everything, first I have that version :
proxmark3> hw version
[[[ Cached information ]]]
Prox/RFID mark3 RFID instrument
bootrom: master-rysc/v3.0.1 2017-09-21 19:05:39
os: master-rysc/v3.0.1 2017-09-21 19:05:45
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/05/17 at 17:48:26
uC: AT91SAM7S256 Rev D
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 192390 bytes (73%). Free: 69754 bytes (27%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash MemoryThen I am trying to crack that card :
proxmark3> hf search
UID : f5 34 7c 00
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected
Prng detection: WEAK
Valid ISO14443A Tag Found - Quiting Search proxmark3> hf 14a read
UID : f5 34 7c 00
ATQA : 00 04
SAK : 08 [2]
Field dropped.Hf mf mifare is giving me a key :
proxmark3> hf mf mifare
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.#db# Mifare: Can't select card
Found 7 possible keys. Trying to authenticate with each of them ...
Found valid key:e733745249e9 Hf mf chk *1 ? is giving me no key
proxmark3> hf mf chk *1 ?
No key specified, trying default keys
chk default key[ 0] ffffffffffff
chk default key[ 1] 000000000000
chk default key[ 2] a0a1a2a3a4a5
chk default key[ 3] b0b1b2b3b4b5
chk default key[ 4] aabbccddeeff
chk default key[ 5] 1a2b3c4d5e6f
chk default key[ 6] 123456789abc
chk default key[ 7] 010203040506
chk default key[ 8] 123456abcdef
chk default key[ 9] abcdef123456
chk default key[10] 4d3a99c351dd
chk default key[11] 1a982c7e459a
chk default key[12] d3f7d3f7d3f7
chk default key[13] 714c5c886e97
chk default key[14] 587ee5f9350f
chk default key[15] a0478cc39091
chk default key[16] 533cb6c723f6
chk default key[17] 8fd0a4f256e9
To cancel this operation press the button on the proxmark...
--.
No valid keys found.The hardnest is giving me another key :
proxmark3> hf mf hardnested 0 A e733745249e9 4 a s
--target block no: 4, target key type:A, known target key: 0x000000000000 (not set), file action: none, Slow: Yes, Tests: 0
Using AVX2 SIMD core.
time | #nonces | Activity | expected to brute force
| | | #states | time
------------------------------------------------------------------------------------------------------
0 | 0 | Start using 8 threads and AVX2 SIMD core | |
0 | 0 | Brute force benchmark: 926 million (2^29.8) keys/s | 140737488355328 | 2d
17 | 0 | Using 235 precalculated bitflip state tables | 140737488355328 | 2d
21 | 112 | Apply bit flip properties | 154259030016 | 3min
22 | 224 | Apply bit flip properties | 31561357312 | 34s
23 | 336 | Apply bit flip properties | 20053813248 | 22s
24 | 447 | Apply bit flip properties | 18644912128 | 20s
25 | 559 | Apply bit flip properties | 18611140608 | 20s
25 | 670 | Apply bit flip properties | 18187343872 | 20s
26 | 782 | Apply bit flip properties | 18187343872 | 20s
27 | 893 | Apply bit flip properties | 18187343872 | 20s
27 | 1005 | Apply bit flip properties | 18187343872 | 20s
28 | 1117 | Apply bit flip properties | 18187343872 | 20s
29 | 1185 | Apply bit flip properties | 18187343872 | 20s
30 | 1295 | Apply bit flip properties | 18187343872 | 20s
31 | 1331 | Apply bit flip properties | 18187343872 | 20s
32 | 1443 | Apply bit flip properties | 18187343872 | 20s
32 | 1508 | Apply bit flip properties | 18187343872 | 20s
34 | 1619 | Apply Sum property. Sum(a0) = 96 | 1301511040 | 1s
35 | 1731 | Apply bit flip properties | 1301511040 | 1s
35 | 1843 | Apply bit flip properties | 1301511040 | 1s
36 | 1954 | Apply bit flip properties | 1785375104 | 2s
37 | 2035 | Apply bit flip properties | 1199415296 | 1s
38 | 2146 | Apply bit flip properties | 1199415296 | 1s
39 | 2146 | (1. guess: Sum(a8) = 224) | 1199415296 | 1s
39 | 2146 | Apply Sum(a8) and all bytes bitflip properties | 1199415296 | 1s
39 | 2146 | Starting brute force... | 1199415296 | 1s
39 | 2146 | (2. guess: Sum(a8) = 192) | 3025586944 | 3s
39 | 2146 | Apply Sum(a8) and all bytes bitflip properties | 3025585152 | 3s
39 | 2146 | Starting brute force... | 3025586944 | 3s
39 | 2146 | (3. guess: Sum(a8) = 160) | 5734760960 | 6s
41 | 2146 | Apply Sum(a8) and all bytes bitflip properties | 5723732480 | 6s
41 | 2146 | Starting brute force... | 5734760960 | 6s
41 | 2146 | (4. guess: Sum(a8) = 176) | 8874139648 | 10s
42 | 2146 | Apply Sum(a8) and all bytes bitflip properties | 8450249216 | 9s
42 | 2146 | Starting brute force... | 8874139648 | 10s
42 | 2146 | (5. guess: Sum(a8) = 200) | 11526259712 | 12s
42 | 2146 | Apply Sum(a8) and all bytes bitflip properties | 11436068864 | 12s
42 | 2146 | Starting brute force... | 11526259712 | 12s
42 | 2146 | (6. guess: Sum(a8) = 128) | 17479796736 | 19s
45 | 2146 | Apply Sum(a8) and all bytes bitflip properties | 3500292608 | 4s
45 | 2146 | Starting brute force... | 17479796736 | 19s
46 | 2146 | (7. guess: Sum(a8) = 152) | 4460759552 | 5s
47 | 2146 | Apply Sum(a8) and all bytes bitflip properties | 3153695232 | 3s
47 | 2146 | Starting brute force... | 4460759552 | 5s
48 | 2146 | Brute force phase completed. Key found: 2a2c13cc242a | 0 | 0sBut then when I am using hf mf nested with the previous key found I have a crash, PRoxmark.exe stopped working
proxmark3> hf mf nested 1 0 A e733745249e9 d
--nested. sectors:16, block no: 0, key type:A, eml:n, dmp=y checktimeout=471 us
Testing known keys. Sector count=16
nested...
-----------------------------------------------
uid:f5347c00 trgbl=0 trgkey=0
Found valid key:e733745249e9 I feel that I am doing something quite stupid but a long time I didn't touch my proxmark and I don't really remember everything.
Anyway if you guys could help me solving that stupid stuff I would be very happy
Thank you for your time 
Ps :
After running the script autopwn I have :
-----------------------------------------------
Nested statistic:
Iterations count: 107
Time in nested: 67.340 (0.629 sec per key)
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| 000000000000 | 1 | ffffffffffff | 1 |
|001| 22d14e00f087 | 1 | ffffffffffff | 1 |
|002| 6961206b6579 | 1 | 000000000000 | 0 |
|003| 000000000000 | 1 | 000000000000 | 0 |
|004| e0f72e06e0f7 | 1 | ffffffffffff | 1 |
|005| 000000000000 | 1 | ffffffffffff | 1 |
|006| e733745249e9 | 1 | ffffffffffff | 1 |
|007| e733745249e9 | 1 | ffffffffffff | 1 |
|008| e733745249e9 | 1 | ffffffffffff | 1 |
|009| e733745249e9 | 1 | ffffffffffff | 1 |
|010| e733745249e9 | 1 | 000000000000 | 0 |
|011| e733745249e9 | 1 | ffffffffffff | 1 |
|012| e733745249e9 | 1 | ffffffffffff | 1 |
|013| e733745249e9 | 1 | ffffffffffff | 1 |
|014| e733745249e9 | 1 | ffffffffffff | 1 |
|015| e733745249e9 | 1 | ffffffffffff | 1 |
|---|----------------|---|----------------|--- But most of the block error auth :
|-----------------------------------------|
#db# Authentication failed. Error card response.
#db# Auth error
#db# READ BLOCK FINISHED
#db# Authentication failed. Error card response.
#db# Auth error
#db# READ BLOCK FINISHED
#db# Authentication failed. Error card response.
#db# Auth error
#db# READ BLOCK FINISHED
Could not read block 0 of sector 0
ERROR: Could not read file dumpdata.bin
ERROR: Could not read file dumpdata.bin
ERROR: Could not read file Last edited by T. (2018-05-11 12:55:20)
Offline
#2 2018-05-09 16:48:27
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: (Solved) Proxmark crash for classic 1 k
You are runing on a un-released source code version from Rysccorp. I suggest you turn to them to ask your questions.
We usually can answer questions regarding the offical open-source pm3 repo.
bootrom: master-rysc/v3.0.1 2017-09-21 19:05:39
os: master-rysc/v3.0.1 2017-09-21 19:05:45Offline
#3 2018-05-09 16:52:16
- T.
- Contributor
- Registered: 2017-09-20
- Posts: 20
Re: (Solved) Proxmark crash for classic 1 k
You are runing on a un-released source code version from Rysccorp. I suggest you turn to them to ask your questions.
We usually can answer questions regarding the offical open-source pm3 repo.bootrom: master-rysc/v3.0.1 2017-09-21 19:05:39 os: master-rysc/v3.0.1 2017-09-21 19:05:45
Will update that now so I can use the same as the community, coming back to the forum soon if that still doesn't work
Thank you so much again for your work Iceman 
Last edited by T. (2018-05-09 17:00:54)
Offline
#4 2018-05-09 20:12:43
- T.
- Contributor
- Registered: 2017-09-20
- Posts: 20
Re: (Solved) Proxmark crash for classic 1 k
After a small update of the firmware, everything is working perfectly fine
I don't know how to put (solved) in the title of my post, or if it is only admin and moderator that can do that.
Last edited by T. (2018-05-09 20:13:30)
Offline
#5 2018-05-09 20:46:50
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: (Solved) Proxmark crash for classic 1 k
you edit your first post.
Offline
Pages: 1