Proxmark3 community

ajikfan

Contributor

Registered: 2023-07-28

Posts: 6

Unable to read Mifare Classic 1K

Hello everyone.

I've already done a lot of searching and testing on my badge and I can't read it at all. By this I mean that even the simple key FFFFFFFFFF remains invisible.
Here's an extract from my console

[usb] pm3 --> hf mf autopwn
[!] no known key was supplied, key recovery might fail
[+] loaded 56 keys from hardcoded default array
[=] running strategy 1
[=] Chunk 0.7s | found 0/32 keys (56)
[=] running strategy 2
[=] ....
[=] Chunk 9.2s | found 0/32 keys (56)
[=] Expected execution time is about 25seconds on average
[=] Press pm3-button to abort

[=] Running darkside ...........
[-] Card is not vulnerable to Darkside attack (doesn't send NACK on authentication requests).

[-] No usable key was found!

Or again

[usb] pm3 --> hf mf chk
[=] Start check for keys...
[=] .................................
[=] time in checkkeys 14 seconds

[=] testing to read key B...

[+] found keys:

[+] -----+-----+--------------+---+--------------+----
[+]  Sec | Blk | key A        |res| key B        |res
[+] -----+-----+--------------+---+--------------+----
[+]  000 | 003 | ------------ | 0 | ------------ | 0
[+]  001 | 007 | ------------ | 0 | ------------ | 0
[+]  002 | 011 | ------------ | 0 | ------------ | 0
[+]  003 | 015 | ------------ | 0 | ------------ | 0
[+]  004 | 019 | ------------ | 0 | ------------ | 0
[+]  005 | 023 | ------------ | 0 | ------------ | 0
[+]  006 | 027 | ------------ | 0 | ------------ | 0
[+]  007 | 031 | ------------ | 0 | ------------ | 0
[+]  008 | 035 | ------------ | 0 | ------------ | 0
[+]  009 | 039 | ------------ | 0 | ------------ | 0
[+]  010 | 043 | ------------ | 0 | ------------ | 0
[+]  011 | 047 | ------------ | 0 | ------------ | 0
[+]  012 | 051 | ------------ | 0 | ------------ | 0
[+]  013 | 055 | ------------ | 0 | ------------ | 0
[+]  014 | 059 | ------------ | 0 | ------------ | 0
[+]  015 | 063 | ------------ | 0 | ------------ | 0
[+] -----+-----+--------------+---+--------------+----
[+] ( 0:Failed / 1:Success )

And one more

[usb] pm3 --> hf mf hardnested --blk 0 -a -k ffffffffffff --tblk 4 --ta -w
[!] Key is wrong. Can't authenticate to block:   0  key type: A

Whatever I try, I fail.

Is my badge unreadable with my equipment ? I use a proxmark3 easy

pm3 ~$ proxmark3/pm3
[=] Session log D:\Documents\Github\ProxSpace-master\pm3/.proxmark3/logs/log_20230729.txt
[+] loaded from JSON file `D:\Documents\Github\ProxSpace-master\pm3/.proxmark3/preferences.json`
[=] Using UART port COM8
[=] Communicating with PM3 over USB-CDC


  8888888b.  888b     d888  .d8888b.
  888   Y88b 8888b   d8888 d88P  Y88b
  888    888 88888b.d88888      .d88P
  888   d88P 888Y88888P888     8888"
  8888888P"  888 Y888P 888      "Y8b.
  888        888  Y8P  888 888    888
  888        888   "   888 Y88b  d88P
  888        888       888  "Y8888P"    [  ]


  [ Proxmark3 RFID instrument ]

    MCU....... AT91SAM7S512 Rev A
    Memory.... 512 KB ( 60% used )

    Client.... Iceman/master/v4.16717-257-g97a1f9730 2023-07-29 00:16:49
    Bootrom... Iceman/master/v4.16717-257-g97a1f9730 2023-07-29 00:16:17
    OS........ Iceman/master/v4.16717-257-g97a1f9730 2023-07-29 00:16:33
    Target.... PM3 GENERIC

Thanks.

fazer

Contributor

Registered: 2019-03-02

Posts: 156

Re: Unable to read Mifare Classic 1K

Hello, try hf mf autopwn -h

ajikfan

Contributor

Registered: 2023-07-28

Posts: 6

Re: Unable to read Mifare Classic 1K

Thanks but this just spring the help

I also try this hf mf autopwn --1k -f mfc_default_keys but still no results.

[usb] pm3 --> hf mf autopwn --1k -f mfc_default_keys
[!] no known key was supplied, key recovery might fail
[+] loaded 1616 keys from dictionary file D:\Documents\Github\ProxSpace-master\pm3\proxmark3\client\
dictionaries/mfc_default_keys.dic
[=] running strategy 1
[=] Chunk 1.0s | found 0/32 keys (85)
[=] Chunk 1.0s | found 0/32 keys (85)
[=] Chunk 1.0s | found 0/32 keys (85)
[=] Chunk 1.0s | found 0/32 keys (85)
[=] Chunk 1.0s | found 0/32 keys (85)
[=] Chunk 1.0s | found 0/32 keys (85)
[=] Chunk 1.0s | found 0/32 keys (85)
[=] Chunk 1.0s | found 0/32 keys (85)
[=] Chunk 1.0s | found 0/32 keys (85)
[=] Chunk 1.0s | found 0/32 keys (85)
[=] Chunk 1.0s | found 0/32 keys (85)
[=] Chunk 1.0s | found 0/32 keys (85)
[=] Chunk 1.0s | found 0/32 keys (85)
[=] Chunk 1.0s | found 0/32 keys (85)
[=] Chunk 1.0s | found 0/32 keys (85)
[=] Chunk 1.0s | found 0/32 keys (85)
[=] Chunk 1.0s | found 0/32 keys (85)
[=] Chunk 1.0s | found 0/32 keys (85)
[=] Chunk 1.0s | found 0/32 keys (85)
[=] Chunk 0.2s | found 0/32 keys (1)
[=] running strategy 2
[=] ......
[=] Chunk 13.8s | found 0/32 keys (85)
[=] ......
[=] Chunk 13.9s | found 0/32 keys (85)
[=] ......
[=] Chunk 13.8s | found 0/32 keys (85)
[=] ......
[=] Chunk 13.8s | found 0/32 keys (85)
[=] ......
[=] Chunk 13.8s | found 0/32 keys (85)
[=] ......
[=] Chunk 13.8s | found 0/32 keys (85)
[=] ......
[=] Chunk 13.8s | found 0/32 keys (85)
[=] ......
[=] Chunk 13.8s | found 0/32 keys (85)
[=] ......
[=] Chunk 13.9s | found 0/32 keys (85)
[=] ......
[=] Chunk 13.8s | found 0/32 keys (85)
[=] ......
[=] Chunk 13.8s | found 0/32 keys (85)
[=] ......
[=] Chunk 13.8s | found 0/32 keys (85)
[=] ......
[=] Chunk 13.9s | found 0/32 keys (85)
[=] ......
[=] Chunk 13.8s | found 0/32 keys (85)
[=] ......
[=] Chunk 13.8s | found 0/32 keys (85)
[=] ......
[=] Chunk 13.8s | found 0/32 keys (85)
[=] ......
[=] Chunk 13.8s | found 0/32 keys (85)
[=] ......
[=] Chunk 13.8s | found 0/32 keys (85)
[=] ......
[=] Chunk 13.8s | found 0/32 keys (85)
[=] Chunk 0.3s | found 0/32 keys (1)
[=] Expected execution time is about 25seconds on average
[=] Press pm3-button to abort

[=] Running darkside ...........
[-] Card is not vulnerable to Darkside attack (doesn't send NACK on authentication requests).

[-] No usable key was found!

and also hf mf autopwn --1k -f mfc_default_keys -v -l

[usb] pm3 --> hf mf autopwn --1k -f mfc_default_keys -v -l
[=] ======================= SETTINGS =======================
[=]  card sectors .. 16
[=]  key supplied .. False
[=]  known sector .. 0
[=]  keytype ....... A
[=]  known key ..... 000000000000
[=]  card PRNG ..... WEAK
[=]  dictionary .... mfc_default_keys
[=]  legacy mode ... True
[=] ========================================================================
[!] no known key was supplied, key recovery might fail
[+] loaded 1616 keys from dictionary file D:\Documents\Github\ProxSpace-master\pm3\proxmark3\client\
dictionaries/mfc_default_keys.dic
[=] ======================= START DICTIONARY ATTACK =======================
[=] ................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
[...]
....................................................................................................
.................
[=] ======================= START DARKSIDE ATTACK =======================
[=] Expected execution time is about 25seconds on average
[=] Press pm3-button to abort

[=] Running darkside ...........
[-] Card is not vulnerable to Darkside attack (doesn't send NACK on authentication requests).

[-] No usable key was found!

fazer

Contributor

Registered: 2019-03-02

Posts: 156

Re: Unable to read Mifare Classic 1K

Hello, it doesn't matter now what type of mifare because there are scripts that can output the keys with uid .ex hf_mf_uidkeycalc_mizip.lua depending on whether it is this type of mifare.
Otherwise after sniffer reader/card.

ajikfan

Contributor

Registered: 2023-07-28

Posts: 6

Re: Unable to read Mifare Classic 1K

Hello.
Thank you for your answers, I'm still learning day by day and it seems that I have to go to the reader myself for try to catch the exchanges between both.
From what I understand, I need to use

hf 14a sniff -rc

Then I perform various operations on the target to create interactions between my key and its reader
Then I use

trace list -1 -t mf

To hope that at least one key will appear.
Sounds like a viable process.
Doesn't it?
Thanks !

fazer

Contributor

Registered: 2019-03-02

Posts: 156

Re: Unable to read Mifare Classic 1K

Good evening, yes I think that to sniffer is the best solution to obtain at least one key, because afterwards easier to obtain the rest.

ajikfan

Contributor

Registered: 2023-07-28

Posts: 6

Re: Unable to read Mifare Classic 1K

Good morning/good evening.
Unfortunately I'm not able to spy on any communication between my key and its reader. Maybe I did it wrong or maybe my hardware is not powerful enough. Is it possible that some sort of Faraday cage is protecting the device? That's just a guess.
I can't find exact information on the range of the HF antenna on the proxmark3 easy, sometimes I find 5cm, sometimes 12cm. I think it depends on the power supply.
Now that I've started trying to read this key, I want to get it right. There are two usb port on the PM3, can I plug an external battery in ? Can the Flipper Zero be used as a sniffer? Does it have a better range? Or should I go for a proxmark3 RDV4 in your opinion?
Sorry for all these stupid questions, I understand if you don't want to answer them.
Thanks for your time!

Last edited by ajikfan (2023-08-12 01:05:54)