Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2020-12-12 15:35:25
- Nexus
- Contributor
- Registered: 2020-12-08
- Posts: 3
[solved] Retrieve mifare classic key
Hello people.
Because i`m a noob in proxmark and RF-Things, i have some questions about retrieve a single key from a mifare classic card.
Let my show you what i do
in first place, i run command hf search
UID : 46 26 36 bb
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected
Prng detection: WEAK
Valid ISO14443A Tag Found - Quiting Search
Then, i run command hf 14a snoop and i put my phone to read card with valid key`s. After some seconds, i recive:
#db# COMMAND FINISHED
#db# maxDataLen=2, Uart.state=0, Uart.len=9
#db# traceLen=39288, Uart.output[0]=00000093
i run command: hf list 14a and a very long data was captured, but, in all data i thing i have the handshake:
119752624 | 119763088 | Rdr | 93 70 46 26 36 bb ed b5 55 | ok | SELECT_UID
119764356 | 119767876 | Tag | 08 b6 dd | |
119848768 | 119853536 | Rdr | 60 04 d1 3d | ok | AUTH-A(4)
119855508 | 119860180 | Tag | c4 71 03 d8 | |
119866944 | 119876256 | Rdr | 7b a7 87! a7! 3f dc 05! be | !crc| ?
119936736 | 119941504 | Rdr | 50 00 57 cd | ok | HALT
120022336 | 120023328 | Rdr | 52' | | WUPA
120024596 | 120026964 | Tag | 04 00 | |
120045716 | 120049236 | Tag | 08 b6 dd | |
120133716 | 120138452 | Tag | c1 be 5f 5b | |
120227040 | 120231808 | Rdr | 50 00 57 cd | ok | HALT
120316656 | 120317648 | Rdr | 52' | | WUPA
120318916 | 120321284 | Tag | 04 00 | |
120340036 | 120343556 | Tag | 08 b6 dd | |
120439312 | 120444080 | Rdr | 60 08 bd f7 | ok | AUTH-A(8)
120446036 | 120450772 | Tag | 1b 84 be 01 | |
120457488 | 120466864 | Rdr | c8 fe 2e e0! 3d 9a! 89! 1a | !crc| ?
120539888 | 120544656 | Rdr | 50 00 57 cd | ok | HALT
120635472 | 120636464 | Rdr | 52' | | WUPA
120637716 | 120640084 | Tag | 04 00 | |
120658836 | 120662356 | Tag | 08 b6 dd | |
120763600 | 120768304 | Rdr | 61 08 65 ee | ok | AUTH-B(8)
120770324 | 120774996 | Tag | f0 06 a5 cf | |
with mfkey64 i try to retrive one key but seems is not working right
462636bb is UID
c47103d8 is NT
7ba787a7 is NR
3fdc05be is AR
c1be5f5b is AT
well...
./mfkey64 462636bb c47103d8 7ba787a7 3fdc05be c1be5f5b
MIFARE Classic key recovery - based on 64 bits of keystream
Recover key from only one complete authentication!
Recovering key for:
uid: 462636bb
nt: c47103d8
{nr}: 7ba787a7
{ar}: 3fdc05be
{at}: c1be5f5b
LFSR successors of the tag challenge:
nt' : 02cf5af3
nt'': 7ddede44
Time spent in lfsr_recovery64(): 0.85 seconds
Keystream used to generate {ar} and {at}:
ks2: 3d135f4d
ks3: bc60811f
Found Key: [74568adcbe73]
But given key is not the right one..
What i doing wrong?
i have all keys for this classic mifare and given key is not in my list.
Thank you, Nexus.
Last edited by Nexus (2020-12-14 00:22:57)
Offline
#2 2020-12-12 18:39:41
- Nexus
- Contributor
- Registered: 2020-12-08
- Posts: 3
Re: [solved] Retrieve mifare classic key
well. after some try, my eyes see the good handshake 
129524020 | 129528756 | Tag | 9f 7a bf b0 | |
129535472 | 129544784 | Rdr | 48! 3a! 04! e2 1f f1! 0d! 1f! | !crc| ?
129546036 | 129550772 | Tag | 01 7d e6 e9
Can you close the post now
Thank you, Nexus
Offline
Pages: 1