Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2010-08-03 06:48:15

sikinmettugi
Member
Registered: 2010-07-08
Posts: 10

MiFare Classic trace decryption - need help

Okay, I got another question now.
I snooped some communication between card and reader. Attached part of it below.

 +  27716:    :     52   
 +     64:   0: TAG 04  00   
 +   1200:    :     93  20   
 +     64:   0: TAG 3b  4c  ca  d6  6b   
 +   3022:    :     93  70  3b  4c  ca  d6  6b  fc  64   
 +     64:   0: TAG 08  b6  dd   
 +   2272:    :     30  02  10  8b   
 +     72:   0: TAG 04   
 +   1376:    :     52   
 +     64:   0: TAG 04  00   
 +   1736:    :     93  70  3b  4c  ca  d6  6b  fc  64   
 +     64:   0: TAG 08  b6  dd   
 +   5440:    :     60  00  f5  7b   
 +    112:   0: TAG 10  18  d6  ed   
 +   1448:    :     da  ff  c0  a2  74  24  8f  45      !crc
 +     63:   0: TAG 0f! f3! 81! 13   
 +   1408:    :     01  ab  d2  58      !crc
 +     72:   0: TAG a0! d2! 34  df  15! a7! 06! 4e! 15  3f! c7! d7  79! 91! 5d! 2b! 96  c4!     !crc
 +   3768:    :     2e  d7  61  b6      !crc
 +     72:   0: TAG 0a! e5! 5a  79! 00! 73! f1  5d  d5  02! df  e4! 63! 17  fa! 59! 06  cd!     !crc

Now I want to decrypt some encrypted traces, like 01 ab d2 58 !crc.
Using simple Crapto1 application code(like test2.c in proxmark3 manual) I got Key, ks2, ks3, ks4, etc.
I can decrypt the first command after authentication(in here, 01 ab d2 58 !crc) using ks4 but,
still not clear how to decrypt 18-byte response of card, and followings of that.
I think I need a 18 -byte sized ks5, but cannot find how.

In conclusion, how can I create some codes that decrypts all commands including 18-byte sized data or 4-bit ACK/NACK?
Do I need an additional library with Crapto1?

Last edited by sikinmettugi (2010-08-03 06:48:53)

Offline

#2 2010-08-03 15:06:14

hat
Contributor
Registered: 2009-04-12
Posts: 160

Re: MiFare Classic trace decryption - need help

crypto1_word gets 4 byte of keystream at a time
crypto1_byte gets 1 byte of keystream at a time
crypto1_bit gets 1 bit of keystream at a time

somehow i think you should be able to manage to get 18 bytes of keystream from the cipher and xor them against the 18bytes of data you have.

Offline

#3 2010-08-04 00:12:36

sikinmettugi
Member
Registered: 2010-07-08
Posts: 10

Re: MiFare Classic trace decryption - need help

So, concatenating 4 times of crypto1_word(revstate, 0, 0) and 2 crypto1_byte(revstate, 0, 0) would be the solution, right?

Last edited by sikinmettugi (2010-08-04 00:54:17)

Offline

#4 2010-08-04 06:40:20

hat
Contributor
Registered: 2009-04-12
Posts: 160

Re: MiFare Classic trace decryption - need help

four times four plus two is indeed eighteen

you may be a genius yet.

Offline

Board footer

Powered by FluxBB