[solved] Need help to clone mifare classic 4k

seanedu · 2019-02-23 18:46:07

Hellow,It's been awhile to the forum,I recently moved in to new place,building used for access entrance with mifare classic 4k,I had successfully clone mifare classic 1k with alot of reading of threads,but I have faced real troubles to clone my new appartment fob which is mifare classic 4k which is quite deffernet than mf ckassic 1k,I followed all the insructions on thread it took me 2 weeks to try to clone but no success until now,I really appreciated any help to clone my fobs,there is print on my card which is
3038 291 D,I am not sure if that number related to clone the fob,below is what I tried so far and stuck..

[ CLIENT ]
client: iceman build for RDV40 with flashmem; smartcard;

[ ARM ]
bootrom: iceman/master/ice_v3.1.0-1075-ga5dfd9b1 2019-02-18 13:35:37
os: iceman/master/ice_v3.1.0-1075-ga5dfd9b1 2019-02-18 13:35:41

[ FPGA ]
LF image built for 2s30vq100 on 2017/10/25 at 19:50:50
HF image built for 2s30vq100 on 2018/ 9/ 3 at 21:40:23

[ Hardware ]
--= uC: AT91SAM7S256 Rev B
--= Embedded Processor: ARM7TDMI
--= Nonvolatile Program Memory Size: 256K bytes, Used: 237349 bytes (91%) Free: 24795 bytes ( 9%)
--= Second Nonvolatile Program Memory Size: None
--= Internal SRAM Size: 64K bytes
--= Architecture Identifier: AT91SAM7Sxx Series
--= Nonvolatile Program Memory Type: Embedded Flash Memory

UID : AD 60 3D 92
ATQA : 00 02
SAK : 18 [2]
TYPE : NXP MIFARE Classic 4k | Plus 4k SL1 | 4k Ev1
[=] proprietary non iso14443-4 card found, RATS not supported
[=] Answers to magic commands: NO
[+] Prng detection: HARD

[+] Valid ISO14443-A Tag Found

No key specified, trying default keys
[ 0] ffffffffffff
[ 1] 000000000000
[ 2] a0a1a2a3a4a5
[ 3] b0b1b2b3b4b5
[ 4] c0c1c2c3c4c5
[ 5] d0d1d2d3d4d5
[ 6] aabbccddeeff
[ 7] 1a2b3c4d5e6f
[ 8] 123456789abc
[ 9] 010203040506
[10] 123456abcdef
[11] abcdef123456
[12] 4d3a99c351dd
[13] 1a982c7e459a
[14] d3f7d3f7d3f7
[15] 714c5c886e97
[16] 587ee5f9350f
[17] a0478cc39091
[18] 533cb6c723f6
[19] 8fd0a4f256e9

Time in checkkeys: 0 seconds

testing to read key B...
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| ------------ | 0 | ------------ | 0 |
|001| ------------ | 0 | ------------ | 0 |
|002| ------------ | 0 | ------------ | 0 |
|003| ------------ | 0 | ------------ | 0 |
|004| ------------ | 0 | ------------ | 0 |
|005| ------------ | 0 | ------------ | 0 |
|006| ------------ | 0 | ------------ | 0 |
|007| ------------ | 0 | ------------ | 0 |
|008| ------------ | 0 | ------------ | 0 |
|009| ------------ | 0 | ------------ | 0 |
|010| ------------ | 0 | ------------ | 0 |
|011| ------------ | 0 | ------------ | 0 |
|012| ------------ | 0 | ------------ | 0 |
|013| ------------ | 0 | ------------ | 0 |
|014| ------------ | 0 | ------------ | 0 |
|015| ------------ | 0 | ------------ | 0 |
|016| ------------ | 0 | ------------ | 0 |
|017| ------------ | 0 | ------------ | 0 |
|018| ------------ | 0 | ------------ | 0 |
|019| ------------ | 0 | ------------ | 0 |
|020| ------------ | 0 | ------------ | 0 |
|021| ------------ | 0 | ------------ | 0 |
|022| ------------ | 0 | ------------ | 0 |
|023| ------------ | 0 | ------------ | 0 |
|024| ------------ | 0 | ------------ | 0 |
|025| ------------ | 0 | ------------ | 0 |
|026| ------------ | 0 | ------------ | 0 |
|027| ------------ | 0 | ------------ | 0 |
|028| ------------ | 0 | ------------ | 0 |
|029| ------------ | 0 | ------------ | 0 |
|030| ------------ | 0 | ------------ | 0 |
|031| ------------ | 0 | ------------ | 0 |
|032| ------------ | 0 | ------------ | 0 |
|033| ------------ | 0 | ------------ | 0 |
|034| ------------ | 0 | ------------ | 0 |
|035| ------------ | 0 | ------------ | 0 |
|036| ------------ | 0 | ------------ | 0 |
|037| ------------ | 0 | ------------ | 0 |
|038| ------------ | 0 | ------------ | 0 |
|039| ------------ | 0 | ------------ | 0 |
|---|----------------|---|----------------|---|
Printing keys to binary file hf-mf-AD603D92-key.bin...
Found keys have been dumped to file hf-mf-AD603D92-key.bin. 0xffffffffffff has been inserted for unknown keys.

[ 0] key FF FF FF FF FF FF

time | #nonces | Activity | expected to brute force
| | | #states | time
------------------------------------------------------------------------------------------------------
0 | 0 | Start using 2 threads and SSE2 SIMD core | |
0 | 0 | Brute force benchmark: 128 million (2^26.9) keys/s | 140737488355328 | 13d
10 | 0 | Using 235 precalculated bitflip state tables | 140737488355328 | 13d
293 | 111 | Apply bit flip properties | 140737488355328 | 13d
505 | 223 | Apply bit flip properties | 106061499465728 | 10d
582 | 335 | Apply bit flip properties | 80629345550336 | 7d
594 | 447 | Apply bit flip properties | 54741342093312 | 5d
600 | 556 | Apply bit flip properties | 35826046074880 | 3d
604 | 668 | Apply bit flip properties | 30277034311680 | 3d
607 | 779 | Apply bit flip properties | 28686082375680 | 3d
610 | 889 | Apply bit flip properties | 25524021755904 | 2d
613 | 996 | Apply bit flip properties | 25327373910016 | 2d
669 | 1106 | Apply bit flip properties | 17394005180416 | 2d
671 | 1216 | Apply bit flip properties | 13672305917952 | 30h
674 | 1326 | Apply bit flip properties | 13672305917952 | 30h
697 | 1435 | Apply Sum property. Sum(a0) = 0 | 130553528320 | 17min
699 | 1546 | Apply bit flip properties | 117800845312 | 15min
702 | 1655 | Apply bit flip properties | 113346232320 | 15min
704 | 1764 | Apply bit flip properties | 113346232320 | 15min
706 | 1872 | Apply bit flip properties | 113346232320 | 15min
709 | 1982 | Apply bit flip properties | 112783368192 | 15min
711 | 1982 | (1. guess: Sum(a8) = 0) | 112783368192 | 15min
728 | 1982 | Apply Sum(a8) and all bytes bitflip properties | 112783138816 | 15min
1811 | 1982 | Brute force phase: 25.00% | 84995719168 | 11min
1819 | 1982 | Brute force phase completed. Key found: ffffffffffff

--chk keys. sectors:40, block no: 0, key type:B, eml:n, dmp=y checktimeout=471 us
No key specified, trying default keys
chk default key[ 0] ffffffffffff
chk default key[ 1] 000000000000
chk default key[ 2] a0a1a2a3a4a5
chk default key[ 3] b0b1b2b3b4b5
chk default key[ 4] aabbccddeeff
chk default key[ 5] 1a2b3c4d5e6f
chk default key[ 6] 123456789abc
chk default key[ 7] 010203040506
chk default key[ 8] 123456abcdef
chk default key[ 9] abcdef123456
chk default key[10] 4d3a99c351dd
chk default key[11] 1a982c7e459a
chk default key[12] d3f7d3f7d3f7
chk default key[13] 714c5c886e97
chk default key[14] 587ee5f9350f
chk default key[15] a0478cc39091
chk default key[16] 533cb6c723f6
chk default key[17] 8fd0a4f256e9
To cancel this operation press the button on the proxmark...

|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| 000000005128 | 1 | ffffffffffff | 0 |
|001| 000000005128 | 1 | ffffffffffff | 0 |
|002| 000000005128 | 1 | ffffffffffff | 0 |
|003| 000000005128 | 1 | ffffffffffff | 0 |
|004| 000000005128 | 1 | ffffffffffff | 0 |
|005| 000000005128 | 1 | ffffffffffff | 0 |
|006| ffffffffffff | 0 | ffffffffffff | 0 |
|007| ffffffffffff | 0 | ffffffffffff | 0 |
|008| ffffffffffff | 0 | ffffffffffff | 0 |
|009| ffffffffffff | 0 | ffffffffffff | 0 |
|010| ffffffffffff | 0 | ffffffffffff | 0 |
|011| ffffffffffff | 0 | ffffffffffff | 0 |
|012| ffffffffffff | 0 | ffffffffffff | 0 |
|013| ffffffffffff | 0 | ffffffffffff | 0 |
|014| ffffffffffff | 0 | ffffffffffff | 0 |
|015| ffffffffffff | 0 | ffffffffffff | 0 |
|016| ffffffffffff | 0 | ffffffffffff | 0 |
|017| ffffffffffff | 0 | ffffffffffff | 0 |
|018| ffffffffffff | 0 | ffffffffffff | 0 |
|019| ffffffffffff | 0 | ffffffffffff | 0 |
|020| ffffffffffff | 0 | ffffffffffff | 0 |
|021| ffffffffffff | 0 | ffffffffffff | 0 |
|022| ffffffffffff | 0 | ffffffffffff | 0 |
|023| ffffffffffff | 0 | ffffffffffff | 0 |
|024| ffffffffffff | 0 | ffffffffffff | 0 |
|025| ffffffffffff | 0 | ffffffffffff | 0 |
|026| ffffffffffff | 0 | ffffffffffff | 0 |
|027| ffffffffffff | 0 | ffffffffffff | 0 |
|028| ffffffffffff | 0 | ffffffffffff | 0 |
|029| ffffffffffff | 0 | ffffffffffff | 0 |
|030| ffffffffffff | 0 | ffffffffffff | 0 |
|031| ffffffffffff | 0 | ffffffffffff | 0 |
|032| ffffffffffff | 0 | ffffffffffff | 0 |
|033| ffffffffffff | 0 | ffffffffffff | 0 |
|034| ffffffffffff | 0 | ffffffffffff | 0 |
|035| ffffffffffff | 0 | ffffffffffff | 0 |
|036| ffffffffffff | 0 | ffffffffffff | 0 |
|037| ffffffffffff | 0 | ffffffffffff | 0 |
|038| ffffffffffff | 0 | ffffffffffff | 0 |
|039| ffffffffffff | 0 | ffffffffffff | 0 |
|---|----------------|---|----------------|---|
Found keys have been dumped to file dumpkeys.bin. 0xffffffffffff has been inserted for unknown keys.

Can't authenticate to block: 0 key type:A key:00 00 00 00 51 28
Can't authenticate to block: 1 key type:A key:00 00 00 00 51 28

chk key[ 0] ffffffffffff
To cancel this operation press the button on the proxmark...

|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| 00000000c227 | 1 | ffffffffffff | 0 |
|001| 00000000c227 | 1 | ffffffffffff | 0 |
|002| 00000000c227 | 1 | ffffffffffff | 0 |
|003| 00000000c227 | 1 | ffffffffffff | 0 |
|004| 00000000c227 | 1 | ffffffffffff | 0 |
|005| 00000000c227 | 1 | ffffffffffff | 0 |
|006| ffffffffffff | 0 | ffffffffffff | 0 |
|007| ffffffffffff | 0 | ffffffffffff | 0 |
|008| ffffffffffff | 0 | ffffffffffff | 0 |
|009| ffffffffffff | 0 | ffffffffffff | 0 |
|010| ffffffffffff | 0 | ffffffffffff | 0 |
|011| ffffffffffff | 0 | ffffffffffff | 0 |
|012| ffffffffffff | 0 | ffffffffffff | 0 |
|013| ffffffffffff | 0 | ffffffffffff | 0 |
|014| ffffffffffff | 0 | ffffffffffff | 0 |
|015| ffffffffffff | 0 | ffffffffffff | 0 |
|016| ffffffffffff | 0 | ffffffffffff | 0 |
|017| ffffffffffff | 0 | ffffffffffff | 0 |
|018| ffffffffffff | 0 | ffffffffffff | 0 |
|019| ffffffffffff | 0 | ffffffffffff | 0 |
|020| ffffffffffff | 0 | ffffffffffff | 0 |
|021| ffffffffffff | 0 | ffffffffffff | 0 |
|022| ffffffffffff | 0 | ffffffffffff | 0 |
|023| ffffffffffff | 0 | ffffffffffff | 0 |
|024| ffffffffffff | 0 | ffffffffffff | 0 |
|025| ffffffffffff | 0 | ffffffffffff | 0 |
|026| ffffffffffff | 0 | ffffffffffff | 0 |
|027| ffffffffffff | 0 | ffffffffffff | 0 |
|028| ffffffffffff | 0 | ffffffffffff | 0 |
|029| ffffffffffff | 0 | ffffffffffff | 0 |
|030| ffffffffffff | 0 | ffffffffffff | 0 |
|031| ffffffffffff | 0 | ffffffffffff | 0 |
|032| ffffffffffff | 0 | ffffffffffff | 0 |
|033| ffffffffffff | 0 | ffffffffffff | 0 |
|034| ffffffffffff | 0 | ffffffffffff | 0 |
|035| ffffffffffff | 0 | ffffffffffff | 0 |
|036| ffffffffffff | 0 | ffffffffffff | 0 |
|037| ffffffffffff | 0 | ffffffffffff | 0 |
|038| ffffffffffff | 0 | ffffffffffff | 0 |
|039| ffffffffffff | 0 | ffffffffffff | 0 |
|---|----------------|---|----------------|---|
Found keys have been dumped to file dumpkeys.bin. 0xffffffffffff has been inserted for unknown keys.

Last edited by seanedu (2019-03-02 21:25:07)

seanedu · 2019-02-23 20:49:35

Hi,see the below,I tried out again,but no luck..

C:\Users\gsjh1209\Desktop\pm3 official 2017>proxmark3 COM10
Prox/RFID mark3 RFID instrument
[ ARM ]
bootrom: iceman/master/ice_v3.1.0-1075-ga5dfd9b1 2019-02-18 13:35:37
os: iceman/master/ice_v3.1.0-1075-ga5dfd9b1 2019-02-18 13:35:41

[ FPGA ]
LF image built for 2s30vq100 on 2017/10/25 at 19:50:50
HF image built for 2s30vq100 on 2018/ 9/ 3 at 21:40:23
uC: AT91SAM7S256 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 237349 bytes (91%). Free: 247
95 bytes ( 9%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> hf sea

UID : ad 60 3d 92
ATQA : 00 02
SAK : 18 [2]
TYPE : NXP MIFARE Classic 4k | Plus 4k SL1
proprietary non iso14443-4 card found, RATS not supported
Answers to chinese magic backdoor commands: NO

Valid ISO14443A Tag Found - Quiting Search

proxmark3> hf mf mif
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.............Card is not vulnerable to Darkside attack (doesn't send NACK on aut
hentication requests).
proxmark3> hf mf chk *4 ? d
No key specified, trying default keys
chk default key[ 0] ffffffffffff
chk default key[ 1] 000000000000
chk default key[ 2] a0a1a2a3a4a5
chk default key[ 3] b0b1b2b3b4b5
chk default key[ 4] aabbccddeeff
chk default key[ 5] 4d3a99c351dd
chk default key[ 6] 1a982c7e459a
chk default key[ 7] d3f7d3f7d3f7
chk default key[ 8] 714c5c886e97
chk default key[ 9] 587ee5f9350f
chk default key[10] a0478cc39091
chk default key[11] 533cb6c723f6
chk default key[12] 8fd0a4f256e9
--sector: 0, block: 3, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector: 1, block: 7, key type:A, key count:13
--sector: 2, block: 11, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector: 3, block: 15, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector: 4, block: 19, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector: 5, block: 23, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector: 6, block: 27, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector: 7, block: 31, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector: 8, block: 35, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector: 9, block: 39, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:10, block: 43, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:11, block: 47, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:12, block: 51, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:13, block: 55, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:14, block: 59, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:15, block: 63, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:16, block: 67, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:17, block: 71, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:18, block: 75, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:19, block: 79, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:20, block: 83, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:21, block: 87, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:22, block: 91, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:23, block: 95, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:24, block: 99, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:25, block:103, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:26, block:107, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:27, block:111, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:28, block:115, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:29, block:119, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:30, block:123, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:31, block:127, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:32, block:143, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:33, block:159, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:34, block:175, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:35, block:191, key type:A, key count:13
--sector:36, block:207, key type:A, key count:13
--sector:37, block:223, key type:A, key count:13
--sector:38, block:239, key type:A, key count:13
--sector:39, block:255, key type:A, key count:13
--sector: 0, block: 3, key type:B, key count:13
--sector: 1, block: 7, key type:B, key count:13
--sector: 2, block: 11, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector: 3, block: 15, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector: 4, block: 19, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector: 5, block: 23, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector: 6, block: 27, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector: 7, block: 31, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector: 8, block: 35, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector: 9, block: 39, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:10, block: 43, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:11, block: 47, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:12, block: 51, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:13, block: 55, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:14, block: 59, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:15, block: 63, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:16, block: 67, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:17, block: 71, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:18, block: 75, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:19, block: 79, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:20, block: 83, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:21, block: 87, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:22, block: 91, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:23, block: 95, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:24, block: 99, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:25, block:103, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:26, block:107, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:27, block:111, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:28, block:115, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:29, block:119, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:30, block:123, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:31, block:127, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:32, block:143, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:33, block:159, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:34, block:175, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:35, block:191, key type:B, key count:13
--sector:36, block:207, key type:B, key count:13
--sector:37, block:223, key type:B, key count:13
--sector:38, block:239, key type:B, key count:13
--sector:39, block:255, key type:B, key count:13
Found keys have been dumped to file dumpkeys.bin. 0xffffffffffff has been insert
ed for unknown keys.

proxmark3> hf mf nested 1 11 a ffffffffffff d
Testing known keys. Sector count=16
nested...
-----------------------------------------------
Tag isn't vulnerable to Nested Attack (random numbers are not predictable).

proxmark3> hf mf 4 175 a ffffffffffff d
help This help
dbg Set default debug mode
rdbl Read MIFARE classic block
rdsc Read MIFARE classic sector
dump Dump MIFARE classic tag to binary file
restore Restore MIFARE classic binary file to BLANK tag
wrbl Write MIFARE classic block
chk Test block keys
mifare Read parity error messages.
hardnested Nested attack for hardened Mifare cards
nested Test nested authentication
sniff Sniff card-reader communication
sim Simulate MIFARE card
eclr Clear simulator memory block
eget Get simulator memory block
eset Set simulator memory block
eload Load from file emul dump
esave Save to file emul dump
ecfill Fill simulator memory with help of keys from simulator

ekeyprn Print keys from simulator memory
csetuid Set UID for magic Chinese card
csetblk Write block - Magic Chinese card
cgetblk Read block - Magic Chinese card
cgetsc Read sector - Magic Chinese card
cload Load dump into magic Chinese card
csave Save dump from magic Chinese card into file or emulator

decrypt [nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace

proxmark3> hf mf nested 4 175 a ffffffffffff d
Testing known keys. Sector count=40
nested...
-----------------------------------------------
Tag isn't vulnerable to Nested Attack (random numbers are not predictable).

proxmark3>

seanedu · 2019-02-24 01:23:00

Hi,see the result,I tried with older firmware,still no luck..
Found valid key:[ffffffffffff]
--sector:26, block:107, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:27, block:111, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:28, block:115, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:29, block:119, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:30, block:123, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:31, block:127, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:32, block:143, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:33, block:159, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:34, block:175, key type:B, key count:13
Found valid key:[ffffffffffff]
--sector:35, block:191, key type:B, key count:13
--sector:36, block:207, key type:B, key count:13
--sector:37, block:223, key type:B, key count:13
--sector:38, block:239, key type:B, key count:13
--sector:39, block:255, key type:B, key count:13
Found keys have been dumped to file dumpkeys.bin. 0xffffffffffff has been insert
ed for unknown keys.

proxmark3> hf mf nested 4 3 a ffffffffffff d
Testing known keys. Sector count=40

-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
------------
-----------------------------------------------
-----------------------------------------------
Time in nested: 438.666 (3.374 sec per key)

-----------------------------------------------
Iterations count: 130

|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| ffffffffffff | 1 | 000000000000 | 0 |
|001| 000000000000 | 0 | 000000000000 | 0 |
|002| ffffffffffff | 1 | ffffffffffff | 1 |
|003| ffffffffffff | 1 | ffffffffffff | 1 |
|004| ffffffffffff | 1 | ffffffffffff | 1 |
|005| ffffffffffff | 1 | ffffffffffff | 1 |
|006| ffffffffffff | 1 | ffffffffffff | 1 |
|007| ffffffffffff | 1 | ffffffffffff | 1 |
|008| ffffffffffff | 1 | ffffffffffff | 1 |
|009| ffffffffffff | 1 | ffffffffffff | 1 |
|010| ffffffffffff | 1 | ffffffffffff | 1 |
|011| ffffffffffff | 1 | ffffffffffff | 1 |
|012| ffffffffffff | 1 | ffffffffffff | 1 |
|013| ffffffffffff | 1 | ffffffffffff | 1 |
|014| ffffffffffff | 1 | ffffffffffff | 1 |
|015| ffffffffffff | 1 | ffffffffffff | 1 |
|016| ffffffffffff | 1 | ffffffffffff | 1 |
|017| ffffffffffff | 1 | ffffffffffff | 1 |
|018| ffffffffffff | 1 | ffffffffffff | 1 |
|019| ffffffffffff | 1 | ffffffffffff | 1 |
|020| ffffffffffff | 1 | ffffffffffff | 1 |
|021| ffffffffffff | 1 | ffffffffffff | 1 |
|022| ffffffffffff | 1 | ffffffffffff | 1 |
|023| ffffffffffff | 1 | ffffffffffff | 1 |
|024| ffffffffffff | 1 | ffffffffffff | 1 |
|025| ffffffffffff | 1 | ffffffffffff | 1 |
|026| ffffffffffff | 1 | ffffffffffff | 1 |
|027| ffffffffffff | 1 | ffffffffffff | 1 |
|028| ffffffffffff | 1 | ffffffffffff | 1 |
|029| ffffffffffff | 1 | ffffffffffff | 1 |
|030| ffffffffffff | 1 | ffffffffffff | 1 |
|031| ffffffffffff | 1 | ffffffffffff | 1 |
|032| ffffffffffff | 1 | ffffffffffff | 1 |
|033| ffffffffffff | 1 | ffffffffffff | 1 |
|034| ffffffffffff | 1 | ffffffffffff | 1 |
|035| 000000000000 | 0 | 000000000000 | 0 |
|036| 000000000000 | 0 | 000000000000 | 0 |
|037| 000000000000 | 0 | 000000000000 | 0 |
|038| 000000000000 | 0 | 000000000000 | 0 |
|039| 000000000000 | 0 | 000000000000 | 0 |
|---|----------------|---|----------------|---|
Printing keys to binary file dumpkeys.bin...
proxmark3> hf mf dump 4
|-----------------------------------------|
|------ Reading sector access bits...-----|
|-----------------------------------------|
Command execute timeout when trying to read access rights for sector 0. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 1. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 2. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 3. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 4. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 5. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 6. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 7. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 8. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 9. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 10. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 11. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 12. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 13. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 14. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 15. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 16. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 17. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 18. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 19. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 20. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 21. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 22. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 23. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 24. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 25. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 26. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 27. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 28. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 29. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 30. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 31. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 32. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 33. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 34. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 35. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 36. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 37. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 38. Trying
with defaults...
Command execute timeout when trying to read access rights for sector 39. Trying
with defaults...
|-----------------------------------------|
|----- Dumping all blocks to file... -----|
|-----------------------------------------|
Command execute timeout when trying to read block 0 of sector 0.
proxmark3>

seanedu · 2019-02-24 16:13:07

I did more search on forums,I compiled Iceman's build,and tried again,getting close to nested attack,

pm3 ~$ ./client/proxmark3.exe com10
Prox/RFID mark3 RFID instrument
bootrom: /-suspect 2019-02-24 14:25:53
os: /-suspect 2019-02-24 14:25:00
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/10/27 at 08:30:59

uC: AT91SAM7S256 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 197097 bytes (75%). Free: 650
47 bytes (25%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> hf mf chk *4 ? d
No key specified, trying default keys
chk default key[ 0] ffffffffffff
chk default key[ 1] 000000000000
chk default key[ 2] a0a1a2a3a4a5
chk default key[ 3] b0b1b2b3b4b5
chk default key[ 4] aabbccddeeff
chk default key[ 5] 1a2b3c4d5e6f
chk default key[ 6] 123456789abc
chk default key[ 7] 010203040506
chk default key[ 8] 123456abcdef
chk default key[ 9] abcdef123456
chk default key[10] 4d3a99c351dd
chk default key[11] 1a982c7e459a
chk default key[12] d3f7d3f7d3f7
chk default key[13] 714c5c886e97
chk default key[14] 587ee5f9350f
chk default key[15] a0478cc39091
chk default key[16] 533cb6c723f6
chk default key[17] 8fd0a4f256e9

To cancel this operation press the button on the proxmark...
--o
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| ffffffffffff | 1 | ffffffffffff | 0 |
|001| ffffffffffff | 0 | ffffffffffff | 0 |
|002| ffffffffffff | 1 | ffffffffffff | 1 |
|003| ffffffffffff | 1 | ffffffffffff | 1 |
|004| ffffffffffff | 1 | ffffffffffff | 1 |
|005| ffffffffffff | 1 | ffffffffffff | 1 |
|006| ffffffffffff | 1 | ffffffffffff | 1 |
|007| ffffffffffff | 1 | ffffffffffff | 1 |
|008| ffffffffffff | 1 | ffffffffffff | 1 |
|009| ffffffffffff | 1 | ffffffffffff | 1 |
|010| ffffffffffff | 1 | ffffffffffff | 1 |
|011| ffffffffffff | 1 | ffffffffffff | 1 |
|012| ffffffffffff | 1 | ffffffffffff | 1 |
|013| ffffffffffff | 1 | ffffffffffff | 1 |
|014| ffffffffffff | 1 | ffffffffffff | 1 |
|015| ffffffffffff | 1 | ffffffffffff | 1 |
|016| ffffffffffff | 1 | ffffffffffff | 1 |
|017| ffffffffffff | 1 | ffffffffffff | 1 |
|018| ffffffffffff | 1 | ffffffffffff | 1 |
|019| ffffffffffff | 1 | ffffffffffff | 1 |
|020| ffffffffffff | 1 | ffffffffffff | 1 |
|021| ffffffffffff | 1 | ffffffffffff | 1 |
|022| ffffffffffff | 1 | ffffffffffff | 1 |
|023| ffffffffffff | 1 | ffffffffffff | 1 |
|024| ffffffffffff | 1 | ffffffffffff | 1 |
|025| ffffffffffff | 1 | ffffffffffff | 1 |
|026| ffffffffffff | 1 | ffffffffffff | 1 |
|027| ffffffffffff | 1 | ffffffffffff | 1 |
|028| ffffffffffff | 1 | ffffffffffff | 1 |
|029| ffffffffffff | 1 | ffffffffffff | 1 |
|030| ffffffffffff | 1 | ffffffffffff | 1 |
|031| ffffffffffff | 1 | ffffffffffff | 1 |
|032| ffffffffffff | 1 | ffffffffffff | 1 |
|033| ffffffffffff | 1 | ffffffffffff | 1 |
|034| ffffffffffff | 1 | ffffffffffff | 1 |
|035| ffffffffffff | 0 | ffffffffffff | 0 |
|036| ffffffffffff | 0 | ffffffffffff | 0 |
|037| ffffffffffff | 0 | ffffffffffff | 0 |
|038| ffffffffffff | 0 | ffffffffffff | 0 |
|039| ffffffffffff | 0 | ffffffffffff | 0 |
|---|----------------|---|----------------|---|
Found keys have been dumped to file dumpkeys.bin. 0xffffffffffff has been insert
ed for unknown keys.

proxmark3> hf mf mif
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
..Card is not vulnerable to Darkside attack (its random number generator is not
predictable).
proxmark3> hf mf nested 4 3 a ffffffffffff d
--nested. sectors:40, block no: 3, key type:A, eml:n, dmp=y checktimeout=471 us

Testing known keys. Sector count=40
nested...
-----------------------------------------------
Tag isn't vulnerable to Nested Attack (random numbers are not predictable).

proxmark3> hf mf dbg 2
#db# Debug level: 2
proxmark3> hf mf mif
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
..Card is not vulnerable to Darkside attack (its random number generator is not
predictable).
proxmark3> hf mf dump 4
|-----------------------------------------|
|------ Reading sector access bits...-----|
|-----------------------------------------|
#db# READ BLOCK FINISHED
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
Could not get access rights for sector 1. Trying with defaults...
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
Could not get access rights for sector 35. Trying with defaults...
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
Could not get access rights for sector 36. Trying with defaults...
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
Could not get access rights for sector 37. Trying with defaults...
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
Could not get access rights for sector 38. Trying with defaults...
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
Could not get access rights for sector 39. Trying with defaults...
|-----------------------------------------|
|----- Dumping all blocks to file... -----|
|-----------------------------------------|
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 0.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 0.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 0.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 0.
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
Could not read block 0 of sector 1
proxmark3>

seanedu · 2019-02-28 15:35:17

I now got the 2 keys from hardnested attack,using official build and iceman's build,after that i did
chk keys with new key both from hardnested attack,but result are below,all other keys are res.exceptProx/RFID mark3 RFID instrument
bootrom: /-suspect 2019-02-24 14:25:53
os: /-suspect 2019-02-24 14:25:00
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/10/27 at 08:30:59

uC: AT91SAM7S256 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 197097 bytes (75%). Free: 6
47 bytes (25%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> hf sea

UID : ad 60 3d 92
ATQA : 00 02
SAK : 18 [2]
TYPE : NXP MIFARE Classic 4k | Plus 4k SL1
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected
Prng detection: HARDEND (hardnested)

Valid ISO14443A Tag Found - Quiting Search

proxmark3> hf mf fchk 4
help This help
dbg Set default debug mode
rdbl Read MIFARE classic block
rdsc Read MIFARE classic sector
dump Dump MIFARE classic tag to binary file
restore Restore MIFARE classic binary file to BLANK tag
wrbl Write MIFARE classic block
chk Test block keys
mifare Read parity error messages.
hardnested Nested attack for hardened Mifare cards
nested Test nested authentication
sniff Sniff card-reader communication
sim Simulate MIFARE card
eclr Clear simulator memory block
eget Get simulator memory block
eset Set simulator memory block
eload Load from file emul dump
esave Save to file emul dump
ecfill Fill simulator memory with help of keys from simulator

ekeyprn Print keys from simulator memory
cwipe Wipe magic Chinese card
csetuid Set UID for magic Chinese card
csetblk Write block - Magic Chinese card
cgetblk Read block - Magic Chinese card
cgetsc Read sector - Magic Chinese card
cload Load dump into magic Chinese card
csave Save dump from magic Chinese card into file or emulator

decrypt [nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace

proxmark3> hf mf chk *4 ? d
No key specified, trying default keys
chk default key[ 0] ffffffffffff
chk default key[ 1] 000000000000
chk default key[ 2] a0a1a2a3a4a5
chk default key[ 3] b0b1b2b3b4b5
chk default key[ 4] aabbccddeeff
chk default key[ 5] 1a2b3c4d5e6f
chk default key[ 6] 123456789abc
chk default key[ 7] 010203040506
chk default key[ 8] 123456abcdef
chk default key[ 9] abcdef123456
chk default key[10] 4d3a99c351dd
chk default key[11] 1a982c7e459a
chk default key[12] d3f7d3f7d3f7
chk default key[13] 714c5c886e97
chk default key[14] 587ee5f9350f
chk default key[15] a0478cc39091
chk default key[16] 533cb6c723f6
chk default key[17] 8fd0a4f256e9

To cancel this operation press the button on the proxmark...
--o
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| ffffffffffff | 1 | ffffffffffff | 0 |
|001| ffffffffffff | 0 | ffffffffffff | 0 |
|002| ffffffffffff | 1 | ffffffffffff | 1 |
|003| ffffffffffff | 1 | ffffffffffff | 1 |
|004| ffffffffffff | 1 | ffffffffffff | 1 |
|005| ffffffffffff | 1 | ffffffffffff | 1 |
|006| ffffffffffff | 1 | ffffffffffff | 1 |
|007| ffffffffffff | 1 | ffffffffffff | 1 |
|008| ffffffffffff | 1 | ffffffffffff | 1 |
|009| ffffffffffff | 1 | ffffffffffff | 1 |
|010| ffffffffffff | 1 | ffffffffffff | 1 |
|011| ffffffffffff | 1 | ffffffffffff | 1 |
|012| ffffffffffff | 1 | ffffffffffff | 1 |
|013| ffffffffffff | 1 | ffffffffffff | 1 |
|014| ffffffffffff | 1 | ffffffffffff | 1 |
|015| ffffffffffff | 1 | ffffffffffff | 1 |
|016| ffffffffffff | 1 | ffffffffffff | 1 |
|017| ffffffffffff | 1 | ffffffffffff | 1 |
|018| ffffffffffff | 1 | ffffffffffff | 1 |
|019| ffffffffffff | 1 | ffffffffffff | 1 |
|020| ffffffffffff | 1 | ffffffffffff | 1 |
|021| ffffffffffff | 1 | ffffffffffff | 1 |
|022| ffffffffffff | 1 | ffffffffffff | 1 |
|023| ffffffffffff | 1 | ffffffffffff | 1 |
|024| ffffffffffff | 1 | ffffffffffff | 1 |
|025| ffffffffffff | 1 | ffffffffffff | 1 |
|026| ffffffffffff | 1 | ffffffffffff | 1 |
|027| ffffffffffff | 1 | ffffffffffff | 1 |
|028| ffffffffffff | 1 | ffffffffffff | 1 |
|029| ffffffffffff | 1 | ffffffffffff | 1 |
|030| ffffffffffff | 1 | ffffffffffff | 1 |
|031| ffffffffffff | 1 | ffffffffffff | 1 |
|032| ffffffffffff | 1 | ffffffffffff | 1 |
|033| ffffffffffff | 1 | ffffffffffff | 1 |
|034| ffffffffffff | 1 | ffffffffffff | 1 |
|035| ffffffffffff | 0 | ffffffffffff | 0 |
|036| ffffffffffff | 0 | ffffffffffff | 0 |
|037| ffffffffffff | 0 | ffffffffffff | 0 |
|038| ffffffffffff | 0 | ffffffffffff | 0 |
|039| ffffffffffff | 0 | ffffffffffff | 0 |
|---|----------------|---|----------------|---|
Found keys have been dumped to file dumpkeys.bin. 0xffffffffffff has been inse
ed for unknown keys.

proxmark3> hf mf hard 9 a ffffffffffff 3 b
--target block no: 3, target key type:B, known target key: 0x000000000000 (no
set), file action: none, Slow: No, Tests: 0
Using SSE2 SIMD core.

time | #nonces | Activity |
xpected to brute force
| | |
states | time
------------------------------------------------------------------------------
----------------------
0 | 0 | Start using 2 threads and SSE2 SIMD core |
|
0 | 0 | Brute force benchmark: 125 million (2^26.9) keys/s |
40737488355328 | 13d
10 | 0 | Using 235 precalculated bitflip state tables |
40737488355328 | 13d
#db# AcquireNonces: Auth1 error
411 | 112 | Apply bit flip properties |
40737488355328 | 13d
435 | 223 | Apply bit flip properties |
11957188952064 | 27h
445 | 335 | Apply bit flip properties |
11957188952064 | 27h
462 | 447 | Apply bit flip properties |
11957188952064 | 27h
471 | 558 | Apply bit flip properties |
11957188952064 | 27h
486 | 668 | Apply bit flip properties |
2717707665408 | 6h
506 | 778 | Apply bit flip properties |
2099232374784 | 5h
522 | 889 | Apply bit flip properties |
2099232374784 | 5h
614 | 999 | Apply bit flip properties |
1139091570688 | 3h
621 | 1109 | Apply bit flip properties |
1139091570688 | 3h
626 | 1220 | Apply bit flip properties |
1139091570688 | 3h
1155 | 1330 | Apply Sum property. Sum(a0) = 112 |
67588837376 | 9min
1162 | 1439 | Apply bit flip properties |
67588837376 | 9min
1183 | 1549 | Apply bit flip properties |
67588837376 | 9min
1295 | 1657 | Apply bit flip properties |
55897157632 | 7min
1485 | 1767 | Apply bit flip properties |
56909197312 | 8min
1524 | 1875 | Apply bit flip properties |
39257219072 | 5min
1535 | 1984 | Apply bit flip properties |
39257219072 | 5min
1538 | 2094 | Apply bit flip properties |
24393037824 | 3min
1540 | 2204 | Apply bit flip properties |
21700608000 | 3min
1632 | 2312 | Apply bit flip properties |
20237891584 | 3min
1642 | 2422 | Apply bit flip properties |
20237891584 | 3min
1648 | 2531 | Apply bit flip properties |
14477250560 | 2min
1661 | 2638 | Apply bit flip properties |
24001992704 | 3min
1670 | 2744 | Apply bit flip properties |
24001992704 | 3min
1675 | 2852 | Apply bit flip properties |
21680533504 | 3min
1682 | 2954 | Apply bit flip properties |
17718157312 | 2min
1741 | 3056 | Apply bit flip properties |
12211090432 | 2min
1749 | 3162 | Apply bit flip properties |
8033277952 | 64s
1756 | 3266 | Apply bit flip properties |
8033277952 | 64s
1765 | 3370 | Apply bit flip properties |
8033277952 | 64s
1768 | 3476 | Apply bit flip properties |
6593866752 | 53s
1784 | 3579 | Apply bit flip properties |
6593866752 | 53s
1791 | 3681 | Apply bit flip properties |
6593866752 | 53s
1824 | 3788 | Apply bit flip properties |
3881113344 | 31s
1836 | 3892 | Apply bit flip properties |
3881113344 | 31s
1846 | 4003 | Apply bit flip properties |
3881113344 | 31s
1850 | 4111 | Apply bit flip properties |
3881113344 | 31s
1865 | 4111 | (Ignoring Sum(a8) properties) |
3881113344 | 31s
2175 | 4111 | Starting brute force... |
3881113344 | 31s
2212 | 4111 | Brute force phase completed. Key found: 34aed43006e1 |
0 | 0s
proxmark3> hf mf chk *4 ? d 34aed43006e1
chk key[ 0] 34aed43006e1

To cancel this operation press the button on the proxmark...
--o
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| ffffffffffff | 0 | 34aed43006e1 | 1 |
|001| ffffffffffff | 0 | ffffffffffff | 0 |
|002| ffffffffffff | 0 | ffffffffffff | 0 |
|003| ffffffffffff | 0 | ffffffffffff | 0 |
|004| ffffffffffff | 0 | ffffffffffff | 0 |
|005| ffffffffffff | 0 | ffffffffffff | 0 |
|006| ffffffffffff | 0 | ffffffffffff | 0 |
|007| ffffffffffff | 0 | ffffffffffff | 0 |
|008| ffffffffffff | 0 | ffffffffffff | 0 |
|009| ffffffffffff | 0 | ffffffffffff | 0 |
|010| ffffffffffff | 0 | ffffffffffff | 0 |
|011| ffffffffffff | 0 | ffffffffffff | 0 |
|012| ffffffffffff | 0 | ffffffffffff | 0 |
|013| ffffffffffff | 0 | ffffffffffff | 0 |
|014| ffffffffffff | 0 | ffffffffffff | 0 |
|015| ffffffffffff | 0 | ffffffffffff | 0 |
|016| ffffffffffff | 0 | ffffffffffff | 0 |
|017| ffffffffffff | 0 | ffffffffffff | 0 |
|018| ffffffffffff | 0 | ffffffffffff | 0 |
|019| ffffffffffff | 0 | ffffffffffff | 0 |
|020| ffffffffffff | 0 | ffffffffffff | 0 |
|021| ffffffffffff | 0 | ffffffffffff | 0 |
|022| ffffffffffff | 0 | ffffffffffff | 0 |
|023| ffffffffffff | 0 | ffffffffffff | 0 |
|024| ffffffffffff | 0 | ffffffffffff | 0 |
|025| ffffffffffff | 0 | ffffffffffff | 0 |
|026| ffffffffffff | 0 | ffffffffffff | 0 |
|027| ffffffffffff | 0 | ffffffffffff | 0 |
|028| ffffffffffff | 0 | ffffffffffff | 0 |
|029| ffffffffffff | 0 | ffffffffffff | 0 |
|030| ffffffffffff | 0 | ffffffffffff | 0 |
|031| ffffffffffff | 0 | ffffffffffff | 0 |
|032| ffffffffffff | 0 | ffffffffffff | 0 |
|033| ffffffffffff | 0 | ffffffffffff | 0 |
|034| ffffffffffff | 0 | ffffffffffff | 0 |
|035| ffffffffffff | 0 | ffffffffffff | 0 |
|036| ffffffffffff | 0 | ffffffffffff | 0 |
|037| ffffffffffff | 0 | ffffffffffff | 0 |
|038| ffffffffffff | 0 | ffffffffffff | 0 |
|039| ffffffffffff | 0 | ffffffffffff | 0 |
|---|----------------|---|----------------|---|
Found keys have been dumped to file dumpkeys.bin. 0xffffffffffff has been inse
ed for unknown keys.

proxmark3> for one key which I got it from hardnested,I need some advice from this point to proceed....

app_o1 · 2019-03-01 13:31:42

hf mf hard 9 a ffffffffffff 3 b

Great, it worked, it found one key + the one you already had.
What Key was found? And for where that Key is used? If you can answer that, then you do not need our help.

seanedu · 2019-03-01 14:40:00

Hi,@app_o1,not quite success yet,I got 2 keys from hardnested which is 98669f3dc004 and 34aed43006e1,with these keys,I tried to get all the keys out using fchk and chk keys,but I won't work though,@app_o1,can you please advice me what to do next,I struggling for almost 7 days...

seanedu · 2019-03-01 21:13:05

Hi,@app_o1,little more closer,I did fchk with default_keys.dic,I found more keys now,but still miss three keys from sector 0 b and sector 1 a and b,can you advise me how to get rest of keys,thank in advance..

pm3 --> hf mf fchk 4 default_keys.dic d
[+] Loaded 507 keys from default_keys.dic
[+] Running strategy 1
........
[-] Chunk: 18.0s | found 67/80 keys (85)

[-] Chunk: 1.5s | found 67/80 keys (85)

[-] Chunk: 1.5s | found 67/80 keys (82)
[+] Running strategy 2
........
[-] Chunk: 18.0s | found 67/80 keys (85)
........
[-] Chunk: 17.4s | found 67/80 keys (85)
........
[-] Chunk: 17.4s | found 67/80 keys (85)
..
[-] Chunk: 4.9s | found 77/80 keys (85)
..
[-] Chunk: 4.2s | found 77/80 keys (85)
..
[-] Chunk: 4.0s | found 77/80 keys (82)
[+] Time in checkkeys (fast): 91.4s

|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| ffffffffffff | 1 | ------------ | 0 |
|001| ------------ | 0 | ------------ | 0 |
|002| ffffffffffff | 1 | ffffffffffff | 1 |
|003| ffffffffffff | 1 | ffffffffffff | 1 |
|004| ffffffffffff | 1 | ffffffffffff | 1 |
|005| ffffffffffff | 1 | ffffffffffff | 1 |
|006| ffffffffffff | 1 | ffffffffffff | 1 |
|007| ffffffffffff | 1 | ffffffffffff | 1 |
|008| ffffffffffff | 1 | ffffffffffff | 1 |
|009| ffffffffffff | 1 | ffffffffffff | 1 |
|010| ffffffffffff | 1 | ffffffffffff | 1 |
|011| ffffffffffff | 1 | ffffffffffff | 1 |
|012| ffffffffffff | 1 | ffffffffffff | 1 |
|013| ffffffffffff | 1 | ffffffffffff | 1 |
|014| ffffffffffff | 1 | ffffffffffff | 1 |
|015| ffffffffffff | 1 | ffffffffffff | 1 |
|016| ffffffffffff | 1 | ffffffffffff | 1 |
|017| ffffffffffff | 1 | ffffffffffff | 1 |
|018| ffffffffffff | 1 | ffffffffffff | 1 |
|019| ffffffffffff | 1 | ffffffffffff | 1 |
|020| ffffffffffff | 1 | ffffffffffff | 1 |
|021| ffffffffffff | 1 | ffffffffffff | 1 |
|022| ffffffffffff | 1 | ffffffffffff | 1 |
|023| ffffffffffff | 1 | ffffffffffff | 1 |
|024| ffffffffffff | 1 | ffffffffffff | 1 |
|025| ffffffffffff | 1 | ffffffffffff | 1 |
|026| ffffffffffff | 1 | ffffffffffff | 1 |
|027| ffffffffffff | 1 | ffffffffffff | 1 |
|028| ffffffffffff | 1 | ffffffffffff | 1 |
|029| ffffffffffff | 1 | ffffffffffff | 1 |
|030| ffffffffffff | 1 | ffffffffffff | 1 |
|031| ffffffffffff | 1 | ffffffffffff | 1 |
|032| ffffffffffff | 1 | ffffffffffff | 1 |
|033| ffffffffffff | 1 | ffffffffffff | 1 |
|034| ffffffffffff | 1 | ffffffffffff | 1 |
|035| 6a1987c40a21 | 1 | 7f33625bc129 | 1 |
|036| 000000000000 | 1 | 000000000000 | 1 |
|037| 000000000000 | 1 | 000000000000 | 1 |
|038| 000000000000 | 1 | 000000000000 | 1 |
|039| 6a1987c40a21 | 1 | 7f33625bc129 | 1 |
|---|----------------|---|----------------|---|
Printing keys to binary file default_keys.dic...
Found keys have been dumped to file default_keys.dic. 0xffffffffffff has been in
serted for unknown keys.

seanedu · 2019-03-02 01:26:45

Hi,I finally found sector 1 a key=98669f3dc004,and sector 0 a=34aed43006e1,I only need to find one more key,i will post again,if i find one more key...

seanedu · 2019-03-02 21:22:49

Hi,life is good and I really enjoy seaching on the forum,I finally suceeded to find all the keys and dumped to bin file and all I am gonna do is order blank card to arrive and I am all set,check below to see the result I've got....
pm3 --> hf mf dump 4
|-----------------------------------------|
|------ Reading sector access bits...-----|
|-----------------------------------------|
|-----------------------------------------|
|----- Dumping all blocks to file... -----|
|-----------------------------------------|
[+] successfully read block 0 of sector 0.
[+] successfully read block 1 of sector 0.
[+] successfully read block 2 of sector 0.
[+] successfully read block 3 of sector 0.
[+] successfully read block 0 of sector 1.
[+] successfully read block 1 of sector 1.
[+] successfully read block 2 of sector 1.
[+] successfully read block 3 of sector 1.
[+] successfully read block 0 of sector 2.
[+] successfully read block 1 of sector 2.
[+] successfully read block 2 of sector 2.
[+] successfully read block 3 of sector 2.
[+] successfully read block 0 of sector 3.
[+] successfully read block 1 of sector 3.
[+] successfully read block 2 of sector 3.
[+] successfully read block 3 of sector 3.
[+] successfully read block 0 of sector 4.
[+] successfully read block 1 of sector 4.
[+] successfully read block 2 of sector 4.
[+] successfully read block 3 of sector 4.
[+] successfully read block 0 of sector 5.
[+] successfully read block 1 of sector 5.
[+] successfully read block 2 of sector 5.
[+] successfully read block 3 of sector 5.
[+] successfully read block 0 of sector 6.
[+] successfully read block 1 of sector 6.
[+] successfully read block 2 of sector 6.
[+] successfully read block 3 of sector 6.
[+] successfully read block 0 of sector 7.
[+] successfully read block 1 of sector 7.
[+] successfully read block 2 of sector 7.
[+] successfully read block 3 of sector 7.
[+] successfully read block 0 of sector 8.
[+] successfully read block 1 of sector 8.
[+] successfully read block 2 of sector 8.
[+] successfully read block 3 of sector 8.
[+] successfully read block 0 of sector 9.
[+] successfully read block 1 of sector 9.
[+] successfully read block 2 of sector 9.
[+] successfully read block 3 of sector 9.
[+] successfully read block 0 of sector 10.
[+] successfully read block 1 of sector 10.
[+] successfully read block 2 of sector 10.
[+] successfully read block 3 of sector 10.
[+] successfully read block 0 of sector 11.
[+] successfully read block 1 of sector 11.
[+] successfully read block 2 of sector 11.
[+] successfully read block 3 of sector 11.
[+] successfully read block 0 of sector 12.
[+] successfully read block 1 of sector 12.
[+] successfully read block 2 of sector 12.
[+] successfully read block 3 of sector 12.
[+] successfully read block 0 of sector 13.
[+] successfully read block 1 of sector 13.
[+] successfully read block 2 of sector 13.
[+] successfully read block 3 of sector 13.
[+] successfully read block 0 of sector 14.
[+] successfully read block 1 of sector 14.
[+] successfully read block 2 of sector 14.
[+] successfully read block 3 of sector 14.
[+] successfully read block 0 of sector 15.
[+] successfully read block 1 of sector 15.
[+] successfully read block 2 of sector 15.
[+] successfully read block 3 of sector 15.
[+] successfully read block 0 of sector 16.
[+] successfully read block 1 of sector 16.
[+] successfully read block 2 of sector 16.
[+] successfully read block 3 of sector 16.
[+] successfully read block 0 of sector 17.
[+] successfully read block 1 of sector 17.
[+] successfully read block 2 of sector 17.
[+] successfully read block 3 of sector 17.
[+] successfully read block 0 of sector 18.
[+] successfully read block 1 of sector 18.
[+] successfully read block 2 of sector 18.
[+] successfully read block 3 of sector 18.
[+] successfully read block 0 of sector 19.
[+] successfully read block 1 of sector 19.
[+] successfully read block 2 of sector 19.
[+] successfully read block 3 of sector 19.
[+] successfully read block 0 of sector 20.
[+] successfully read block 1 of sector 20.
[+] successfully read block 2 of sector 20.
[+] successfully read block 3 of sector 20.
[+] successfully read block 0 of sector 21.
[+] successfully read block 1 of sector 21.
[+] successfully read block 2 of sector 21.
[+] successfully read block 3 of sector 21.
[+] successfully read block 0 of sector 22.
[+] successfully read block 1 of sector 22.
[+] successfully read block 2 of sector 22.
[+] successfully read block 3 of sector 22.
[+] successfully read block 0 of sector 23.
[+] successfully read block 1 of sector 23.
[+] successfully read block 2 of sector 23.
[+] successfully read block 3 of sector 23.
[+] successfully read block 0 of sector 24.
[+] successfully read block 1 of sector 24.
[+] successfully read block 2 of sector 24.
[+] successfully read block 3 of sector 24.
[+] successfully read block 0 of sector 25.
[+] successfully read block 1 of sector 25.
[+] successfully read block 2 of sector 25.
[+] successfully read block 3 of sector 25.
[+] successfully read block 0 of sector 26.
[+] successfully read block 1 of sector 26.
[+] successfully read block 2 of sector 26.
[+] successfully read block 3 of sector 26.
[+] successfully read block 0 of sector 27.
[+] successfully read block 1 of sector 27.
[+] successfully read block 2 of sector 27.
[+] successfully read block 3 of sector 27.
[+] successfully read block 0 of sector 28.
[+] successfully read block 1 of sector 28.
[+] successfully read block 2 of sector 28.
[+] successfully read block 3 of sector 28.
[+] successfully read block 0 of sector 29.
[+] successfully read block 1 of sector 29.
[+] successfully read block 2 of sector 29.
[+] successfully read block 3 of sector 29.
[+] successfully read block 0 of sector 30.
[+] successfully read block 1 of sector 30.
[+] successfully read block 2 of sector 30.
[+] successfully read block 3 of sector 30.
[+] successfully read block 0 of sector 31.
[+] successfully read block 1 of sector 31.
[+] successfully read block 2 of sector 31.
[+] successfully read block 3 of sector 31.
[+] successfully read block 0 of sector 32.
[+] successfully read block 1 of sector 32.
[+] successfully read block 2 of sector 32.
[+] successfully read block 3 of sector 32.
[+] successfully read block 4 of sector 32.
[+] successfully read block 5 of sector 32.
[+] successfully read block 6 of sector 32.
[+] successfully read block 7 of sector 32.
[+] successfully read block 8 of sector 32.
[+] successfully read block 9 of sector 32.
[+] successfully read block 10 of sector 32.
[+] successfully read block 11 of sector 32.
[+] successfully read block 12 of sector 32.
[+] successfully read block 13 of sector 32.
[+] successfully read block 14 of sector 32.
[+] successfully read block 15 of sector 32.
[+] successfully read block 0 of sector 33.
[+] successfully read block 1 of sector 33.
[+] successfully read block 2 of sector 33.
[+] successfully read block 3 of sector 33.
[+] successfully read block 4 of sector 33.
[+] successfully read block 5 of sector 33.
[+] successfully read block 6 of sector 33.
[+] successfully read block 7 of sector 33.
[+] successfully read block 8 of sector 33.
[+] successfully read block 9 of sector 33.
[+] successfully read block 10 of sector 33.
[+] successfully read block 11 of sector 33.
[+] successfully read block 12 of sector 33.
[+] successfully read block 13 of sector 33.
[+] successfully read block 14 of sector 33.
[+] successfully read block 15 of sector 33.
[+] successfully read block 0 of sector 34.
[+] successfully read block 1 of sector 34.
[+] successfully read block 2 of sector 34.
[+] successfully read block 3 of sector 34.
[+] successfully read block 4 of sector 34.
[+] successfully read block 5 of sector 34.
[+] successfully read block 6 of sector 34.
[+] successfully read block 7 of sector 34.
[+] successfully read block 8 of sector 34.
[+] successfully read block 9 of sector 34.
[+] successfully read block 10 of sector 34.
[+] successfully read block 11 of sector 34.
[+] successfully read block 12 of sector 34.
[+] successfully read block 13 of sector 34.
[+] successfully read block 14 of sector 34.
[+] successfully read block 15 of sector 34.
[+] successfully read block 0 of sector 35.
[+] successfully read block 1 of sector 35.
[+] successfully read block 2 of sector 35.
[+] successfully read block 3 of sector 35.
[+] successfully read block 4 of sector 35.
[+] successfully read block 5 of sector 35.
[+] successfully read block 6 of sector 35.
[+] successfully read block 7 of sector 35.
[+] successfully read block 8 of sector 35.
[+] successfully read block 9 of sector 35.
[+] successfully read block 10 of sector 35.
[+] successfully read block 11 of sector 35.
[+] successfully read block 12 of sector 35.
[+] successfully read block 13 of sector 35.
[+] successfully read block 14 of sector 35.
[+] successfully read block 15 of sector 35.
[+] successfully read block 0 of sector 36.
[+] successfully read block 1 of sector 36.
[+] successfully read block 2 of sector 36.
[+] successfully read block 3 of sector 36.
[+] successfully read block 4 of sector 36.
[+] successfully read block 5 of sector 36.
[+] successfully read block 6 of sector 36.
[+] successfully read block 7 of sector 36.
[+] successfully read block 8 of sector 36.
[+] successfully read block 9 of sector 36.
[+] successfully read block 10 of sector 36.
[+] successfully read block 11 of sector 36.
[+] successfully read block 12 of sector 36.
[+] successfully read block 13 of sector 36.
[+] successfully read block 14 of sector 36.
[+] successfully read block 15 of sector 36.
[+] successfully read block 0 of sector 37.
[+] successfully read block 1 of sector 37.
[+] successfully read block 2 of sector 37.
[+] successfully read block 3 of sector 37.
[+] successfully read block 4 of sector 37.
[+] successfully read block 5 of sector 37.
[+] successfully read block 6 of sector 37.
[+] successfully read block 7 of sector 37.
[+] successfully read block 8 of sector 37.
[+] successfully read block 9 of sector 37.
[+] successfully read block 10 of sector 37.
[+] successfully read block 11 of sector 37.
[+] successfully read block 12 of sector 37.
[+] successfully read block 13 of sector 37.
[+] successfully read block 14 of sector 37.
[+] successfully read block 15 of sector 37.
[+] successfully read block 0 of sector 38.
[+] successfully read block 1 of sector 38.
[+] successfully read block 2 of sector 38.
[+] successfully read block 3 of sector 38.
[+] successfully read block 4 of sector 38.
[+] successfully read block 5 of sector 38.
[+] successfully read block 6 of sector 38.
[+] successfully read block 7 of sector 38.
[+] successfully read block 8 of sector 38.
[+] successfully read block 9 of sector 38.
[+] successfully read block 10 of sector 38.
[+] successfully read block 11 of sector 38.
[+] successfully read block 12 of sector 38.
[+] successfully read block 13 of sector 38.
[+] successfully read block 14 of sector 38.
[+] successfully read block 15 of sector 38.
[+] successfully read block 0 of sector 39.
[+] successfully read block 1 of sector 39.
[+] successfully read block 2 of sector 39.
[+] successfully read block 3 of sector 39.
[+] successfully read block 4 of sector 39.
[+] successfully read block 5 of sector 39.
[+] successfully read block 6 of sector 39.
[+] successfully read block 7 of sector 39.
[+] successfully read block 8 of sector 39.
[+] successfully read block 9 of sector 39.
[+] successfully read block 10 of sector 39.
[+] successfully read block 11 of sector 39.
[+] successfully read block 12 of sector 39.
[+] successfully read block 13 of sector 39.
[+] successfully read block 14 of sector 39.
[+] successfully read block 15 of sector 39.
[+] dumped 256 blocks (4096 bytes) to file hf-mf-AD603D92-data.bin
pm3 --> script run dumptoemul -i hf-mf-ad603d92-data.bin -o sean.eml
[+] Executing: dumptoemul.lua, args '-i hf-mf-ad603d92-data.bin -o sean.eml'

Wrote an emulator-dump to the file sean.eml

[+] Finished

pm3 -->

Proxmark3 community

Announcement

#1 2019-02-23 18:46:07

[solved] Need help to clone mifare classic 4k

#2 2019-02-23 20:49:35

Re: [solved] Need help to clone mifare classic 4k

#3 2019-02-24 01:23:00

Re: [solved] Need help to clone mifare classic 4k

#4 2019-02-24 16:13:07

Re: [solved] Need help to clone mifare classic 4k

#5 2019-02-28 15:35:17

Re: [solved] Need help to clone mifare classic 4k

#6 2019-03-01 13:31:42

Re: [solved] Need help to clone mifare classic 4k

#7 2019-03-01 14:40:00

Re: [solved] Need help to clone mifare classic 4k

#8 2019-03-01 21:13:05

Re: [solved] Need help to clone mifare classic 4k

#9 2019-03-02 01:26:45

Re: [solved] Need help to clone mifare classic 4k

#10 2019-03-02 21:22:49

Re: [solved] Need help to clone mifare classic 4k

Board footer