Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2018-11-11 10:46:46

maxben14
Contributor
Registered: 2017-06-17
Posts: 13

How brut Nt on 1k ?

My sniffer get only reader comand. I have uid,nr,ar and know key. How recover nt ?
On 1k not patched nt generation how nt = count << 16 | prng_successor(count, 16);
and i found nt quickly.
But if i try with card 1k with patched nt, i not found nt.

How rule get nt on fixed card ?

For example prox read 7 byte fixed card

36352 |      41056 | Rdr | 60  00  f5  7b                                                  |  ok | AUTH-A(0)     
      43060 |      47732 | Tag | f5  9c  b1  44

nt = f59cb144 not found by nt = count << 16 | prng_successor(count, 16);

Offline

#2 2018-11-11 11:03:27

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: How brut Nt on 1k ?

currently you don't.   For hardend prng,  you have to use the hardnested attack   (see helptext:  hf mf hard h )

Offline

#3 2018-11-11 11:31:03

maxben14
Contributor
Registered: 2017-06-17
Posts: 13

Re: How brut Nt on 1k ?

iceman, I do not break the card, I know the key. I wanted to find out what formula in patched cards is generated Nt ?

Or nt is completely random and not described by a formula like in non-patched cards?

Offline

#4 2018-11-11 13:25:55

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: How brut Nt on 1k ?

So do we all.  The fixed prng formula is unknown.

Offline

Board footer

Powered by FluxBB