Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
#1 2020-10-05 01:30:05
- Elsin10
- Contributor
- Registered: 2018-02-27
- Posts: 41
Having trouble cracking a Mifare card
I'm trying to crack a fare card but the card is protected. Can't do the hardnested attack
This is the card info
UID : 48 b2 4d 09
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
SAK incorrectly claims that card doesn't support RATS
ATS : 0c 75 77 80 02 c1 05 2f 0f
- TL : length is 12 bytes
ATS may be corrupted. Length of ATS (9 bytes incl. 2 Bytes CRC) doesn't match TL
- T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 5 (FSC = 64)
- TA1 : different divisors are supported, DR: [2, 4, 8], DS: [2, 4, 8]
- TB1 : SFGI = 0 (SFGT = (not needed) 0/fc), FWI = 8 (FWT = 1048576/fc)
- TC1 : NAD is NOT supported, CID is supported
- HB : c1 05 2f 0f 00 00 00
c1 -> Mifare or (multiple) virtual cards of various type
05 -> Length is 5 bytes
2x -> MIFARE Plus
0x -> Engineering sample
x0 -> Only VCSL supported
No chinese magic backdoor command detected
Prng detection: HARDENED (hardnested)
Valid ISO14443A Tag Found - Quiting SearchI tried to use the hf mf mifare but i got this
proxmark3> hf mf mifare
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.Sending bytes to proxmark failed
..........#db# Canceled by button.
#db# COMMAND FINISHED.
Parity is all zero. Most likely this card sends NACK on every failed authentication.
#db# maxDataLen=2, Uart.state=0, Uart.len=0
Key not found (lfsr_common_prefix list is null). Nt=00000000
This is expected to happen in 25% of all cases. Trying again with a different reader nonce...
.Sending bytes to proxmark failed
Card is not vulnerable to Darkside attack (its random number generator is not predictable).
#db# Mifare: Can't select card
proxmark3> hf mf mifare
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.Sending bytes to proxmark failed
...............................................................................................................................................................................................................................................................................................Button pressed. Aborted.---------------------------------
If is use hf mf hardnested 0 A FFFFFFFFFFFF 4 A w
i get
#db# Authentication failed. Card timeout.
#db# AcquireNonces: Auth1 error
Is there a way to crack this ?
Thanks
Offline
#2 2020-10-05 07:30:28
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: Having trouble cracking a Mifare card
In order for hardnested to work you need to have one working key. You can get that from either sniffing traffic between card and reader or try the hf mf chk command to look for known default keys
Offline
#3 2020-10-07 21:23:28
- Elsin10
- Contributor
- Registered: 2018-02-27
- Posts: 41
Re: Having trouble cracking a Mifare card
Thanks! I will try that.
Offline