[solved] Unable to authenticate with key.

nulldev · 2019-04-03 13:43:53

Trying to to do a nested on a Mifare Classic 1K. I have a sector 15 A and B keys

proxmark3> hf mf chk *1 A t default_keys.dic

|---|----------------|---|----------------|---|          
|sec|key A           |res|key B           |res|          
|---|----------------|---|----------------|---|          
|000|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|001|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|002|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|003|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|004|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|005|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|006|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|007|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|008|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|009|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|010|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|011|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|012|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|013|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|014|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|015|  xxxxxxxxxxxx  | 1 |  ffffffffffff  | 0 |          
|---|----------------|---|----------------|---|          

proxmark3> hf mf chk *1 B t default_keys.dic

|---|----------------|---|----------------|---|          
|sec|key A           |res|key B           |res|          
|---|----------------|---|----------------|---|          
|000|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|001|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|002|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|003|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|004|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|005|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|006|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|007|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|008|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|009|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|010|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|011|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|012|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|013|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|014|  ffffffffffff  | 0 |  ffffffffffff  | 0 |          
|015|  ffffffffffff  | 0 |  xxxxxxxxxxxx  | 1 |          
|---|----------------|---|----------------|---|

but when trying to do a nested I've got this:

proxmark3> hf mf nested 1 15 A xxxxxxxxxxxx
Can't authenticate to block: 15 key type:A key:xx xx xx xx xx xx
proxmark3> hf mf nested 1 15 B xxxxxxxxxxxx
Can't authenticate to block: 15 key type:B key:xx xx xx xx xx xx

What could I do? Card is:

ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected
Prng detection: WEAK

Weird thing is that MCT is able to read sector 15, but not the pm3

proxmark3> hf mf rdbl 15 B xxxxxxxxxxxx
--block no:15, key type:B, key:xx xx xx xx xx xx           
#db# Authentication failed. Card timeout.          
#db# Auth error          
#db# READ BLOCK FINISHED          
isOk:00          
proxmark3> hf mf rdbl 15 A xxxxxxxxxxxx
--block no:15, key type:A, key:xx xx xx xx xx xx            
#db# Authentication failed. Card timeout.          
#db# Auth error          
#db# READ BLOCK FINISHED          
isOk:00

Thanx!

Last edited by nulldev (2019-04-04 17:13:30)

app_o1 · 2019-04-03 14:40:16

Try again. Different angles/distances from tag-antenna.
Check that it works with default keys on tags you know work on default keys.

nulldev · 2019-04-03 14:45:35

It works with other cards. Not with just this one.

nulldev · 2019-04-03 22:01:48

I've managed to start a nested attack with mfcuk and obtained few keys from there. Then stopped and did a successful nested with the pm3 and obtained all keys targeting 0/A. Still it looks like that I can get authorized only on sector 0 with key A. Maybe another sector too, haven't tested them all, but most of keys doesn't work with pm3.
Then decided to test the card with the MCT and it did a full card dump of all sectors and then restored the dump back on card. Weird...
Any ideas?
Thank you!

piwi · 2019-04-04 08:22:01

Sectors and blocks are different things...

nulldev · 2019-04-04 14:40:31

Yes. Card has 16 sectors and 64 blocks. English is not my native and it's a matter of incorrect translation, not misunderstanding if I've swapped meanigs somewhere.

piwi · 2019-04-04 16:49:19

It is not about language or translation. You are trying to read block 15 using the key for sector 15.

nulldev · 2019-04-04 17:07:58

+1 I've got the point. I had to target the specific block, containing the key, instead of the sector it authorizes.
Thank you!

Proxmark3 community

Announcement

#1 2019-04-03 13:43:53

[solved] Unable to authenticate with key.

#2 2019-04-03 14:40:16

Re: [solved] Unable to authenticate with key.

#3 2019-04-03 14:45:35

Re: [solved] Unable to authenticate with key.

#4 2019-04-03 22:01:48

Re: [solved] Unable to authenticate with key.

#5 2019-04-04 08:22:01

Re: [solved] Unable to authenticate with key.

#6 2019-04-04 14:40:31

Re: [solved] Unable to authenticate with key.

#7 2019-04-04 16:49:19

Re: [solved] Unable to authenticate with key.

#8 2019-04-04 17:07:58

Re: [solved] Unable to authenticate with key.

Board footer