Proxmark3 community

RFlD

Member

Registered: 2009-03-13

Posts: 12

About multiple-sector authentication

UID:0xd4b48109
key:307E00DFD5D6 (00 01 02H)
       2A9E0E770EFF (08 09 0cH)

 +  43899:    :     60  02  e7 58     !crc
 +    184:   0: TAG f0  9b  ad  22    
 +   1574:    :     5f  0e  4b  91  c8  ac  50  7e      !crc
 +     64:   0: TAG 46  55! a0  a2!   
 +   1560:    :     a2  0a  ec  13      !crc
 +     72:   0: TAG e5  a9! 73  89! cc! 73! a6  1f  7c  a7! 77! a4  50  63! 03! 61! 62  21!     !crc
 +  46339:    :     8e  93  f4  b0      !crc
 +    113:   0: TAG f2  3b  6f  5a!   
 +   1407:    :     25  44  85  86  7e  de  ad  9a      !crc
 +     64:   0: TAG dd! 26! 35! 2a!   
 +   1432:    :     37  8e  77  c2      !crc
 +     72:   0: TAG 16! bd! fb  68  e1! ae! 39! d4  2b! 2b  e7! a9  1c  34! 94! 2f  32! 5b      !crc
 +   3456:    :     c8  ab  47  94      !crc
 +     72:   0: TAG bb  85! e8! b6  0b! 47  06  ce! b9! 38! eb  4f  53  79  22  31  83  59!     !crc
 +   3423:    :     c8  3c  4d  f7      !crc
 +     72:   0: TAG a7! 7d! 87  51! 34  be  61  74  cd  b3! 2f  db! 35! a8  55! 6c! ce! 33      !crc
 +   6414:    :     21  96  60  71      !crc
 +    112:   0: TAG a7  55! 44  73    
 +   1464:    :     d1  29  2d  81  4e  22  41  03      !crc
 +     64:   0: TAG 57  a9  03! 6b!   
 +   1672:    :     10  df  4a  30      !crc
 +     72:   0: TAG 49    
 +    192:   0: TAG 7d  a4  43  2c  31  02      !crc
 +    562:   0: TAG db  1e  70  e5  b6  02      !crc
 +    528:   0: TAG 01    
 +   2102:    :     c6  ce  9f  a2      !crc
 +     72:   0: TAG ba  54  35    
 +    320:   0: TAG 10    
 +     66:   0: TAG 05! 8a  75! 2e! 00! 00!     !crc
 +    428:   0: TAG 03!   
 +    148:   0: TAG ab  02  6d! 25    
 +    298:   0: TAG 03!  

I try to decrypt the data, as far as I know the reader first did "60 02"(as the plaintext shows), and then "30 02", next "60 08".
But I don't know how to decrypt the  multiple-sector authentication. ( Though I have known the key of several blocks, I really want to know that what happens in those steps above.)
Could anyone give me some idea?
BTW, the data I caught, using the proxmark, are from a real system!

joker

Contributor

Registered: 2008-11-17

Posts: 34

Re: About multiple-sector authentication

first of all, I wonder why you do not have the parity bit information from the reader.

When you have the key, just simulate what the reader or the tag would do. load the key, load the nonce ^ uid (but set the last argument to true, because it's encryped, read in the reader nonce, skip past the replies) And just like the tag/reader you should end up with the cipher state used to encrypt/decrypt.

rule

Member

Registered: 2008-05-21

Posts: 417

Re: About multiple-sector authentication

The multi-auth functionallity is automatically performed by the Reader Modulation IC (RC500, RC632, PN53x, etc.). Try to invoke your reader to do two authenticates without a deselect/halt/reselect/anti-collision (the field should stay on).

If you use a OMNIKEY 5121 you can just use the example application to make a multi-auth trace for you.

This example trace could help you test your understandings

rule

Member

Registered: 2008-05-21

Posts: 417

Re: About multiple-sector authentication

Well done JG, it stays a very interesting puzzle .
For those who still are struggling with this, I have updated this post.
You can now find an encrypted and decrypted multi-auth trace there.

Good luck!