Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
read and got this:
UID : Ax xx xx xx
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1 | 1k Ev1
[=] proprietary non iso14443-4 card found, RATS not supported
[=] Answers to magic commands: NO
[+] Prng detection: HARD
[+] Valid ISO14443-A Tag Found
==================================
then chk dictionary as following:
testing to read key B...
Reading block 11
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| ------------ | 0 | ffffffffffff | 1 |
|001| 2a2c13cc242a | 1 | ffffffffffff | 1 |
|002| a0a1a2a3a4a5 | 1 | ------------ | 0 |
|003| ------------ | 0 | ffffffffffff | 1 |
|004| ------------ | 0 | ffffffffffff | 1 |
|005| ------------ | 0 | ffffffffffff | 1 |
|006| ------------ | 0 | ffffffffffff | 1 |
|007| ------------ | 0 | ffffffffffff | 1 |
|008| ------------ | 0 | ffffffffffff | 1 |
|009| ------------ | 0 | ffffffffffff | 1 |
|010| ------------ | 0 | ffffffffffff | 1 |
|011| ------------ | 0 | ffffffffffff | 1 |
|012| ------------ | 0 | ffffffffffff | 1 |
|013| ------------ | 0 | ffffffffffff | 1 |
|014| ------------ | 0 | ffffffffffff | 1 |
|015| ------------ | 0 | ffffffffffff | 1 |
|---|----------------|---|----------------|---|
==================================
Then use nested as following:
pm3 --> hf mf nested 1 0 b FFFFFFFFFFFF d
[+] Testing known keys. Sector count=16
..
[-] Chunk: 5.8s | found 16/32 keys (21)
[+] Time to check 20 known keys: 6 seconds
[+] enter nested attack
[-] Tag isn't vulnerable to Nested Attack (PRNG is not predictable).
pm3 --> hf mf nested 1 1 b FFFFFFFFFFFF d
[+] Testing known keys. Sector count=16
..
[-] Chunk: 5.8s | found 16/32 keys (21)
[+] Time to check 20 known keys: 6 seconds
[+] enter nested attack
[-] Tag isn't vulnerable to Nested Attack (PRNG is not predictable).
================================================================
anyone got any idea? LOL so funny this card is....
Offline
There is nothing special or funny with this card. It simply has a fixed Random Number Generator ("[+] Prng detection: HARD"). Attacks which are based on the broken PRNG of the older Mifare chips (hf mf mifare, hf mf nested) don't work.
Offline
There is nothing special or funny with this card. It simply has a fixed Random Number Generator ("[+] Prng detection: HARD"). Attacks which are based on the broken PRNG of the older Mifare chips (hf mf mifare, hf mf nested) don't work.
hi piwi
anything can we do with it? hardnested?sniff?or throw it away and forget abt it?:::lol
Offline
Search the forum. Lol.
Offline
I also have this problem, how did you solve it?
Offline
@sher96
@yukihama
Do a series of hf mf hardnested commands like:
mf hardnested 0 B ffffffffffff 0 A
mf hardnested 0 B ffffffffffff 3 A
mf hardnested 0 B ffffffffffff 6 A
... etc to find all the missing A and B keys. You're feeding a known key (for example 0 block B key is ffffffffffff) and lots of processing power and math to crack the algorithm's weakness into revealing other keys, (like block 0 A key).
You have to find all the keys. They're usually in order, and blocks 0-2 have the same key, 3-5 have the same key, etc. Often there will only be ~5 keys total, like a different A and B key for block 3-5, then ffffffffffff for first and last blocks, and a unique key for all the middle blocks both A and B.
Then save all the keys in a text file (I save it like name_of_key.keys) with keys on each line like
ffffffffffff
2a2c13cc242a
a0a1a2a3a4a5
etc.
Then do read from original card with the keyfile, and copy with the keyfile too. You can use Ikarus's MiFare Classic Tool android app, I feel it saves time with the actual cloning. But AFAIK you have to do the hardnested attacks with a proxmark.
Offline