Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
#1 2013-06-22 04:10:44
- willdsmaster
- Member
- Registered: 2013-06-21
- Posts: 3
Snoop and Darkside not run in mifare classic with default/ keys!
Hello friends I am a novice in proxmark3 hardware, but I understand much of the operation_
I'm having problems with running SNOOP and DARKSIDE ATACK command. As example below is a card with the defaults keys, but the same happens with no dafault keys card.
The command NESTED the same card with a key defaults works fine.
I'm a few days studying the reasons I do not know what is happening.
I am tested on Windows 7, XP sp3 and BackTrack 5, but the error persists.
I appreciate the help. Sorry my English.
tks! Will
svn 745
***ERROR IN DARKSIDE ATACK (AND SNOOP) WITH MIFARE 1K CLASSIC WITH DEFAULT KEYS
-------------------------------------------------------------------------
Executing command. It may take up to 30 min.
Press the key on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.
isOk:01
uid(dbbe9740) nt(f276277e) par(0000000000000000) ks(020309080a090100)
|diff|{nr} |ks3|ks3^5|parity |
+----+--------+---+-----+---------------+
| 00 |00000000| 2 | 7 |0,0,0,0,0,0,0,0|
| 20 |00000020| 3 | 6 |0,0,0,0,0,0,0,0|
| 40 |00000040| 9 | c |0,0,0,0,0,0,0,0|
| 60 |00000060| 8 | d |0,0,0,0,0,0,0,0|
| 80 |00000080| a | f |0,0,0,0,0,0,0,0|
| a0 |000000a0| 9 | c |0,0,0,0,0,0,0,0|
| c0 |000000c0| 1 | 4 |0,0,0,0,0,0,0,0|
| e0 |000000e0| 0 | 5 |0,0,0,0,0,0,0,0|
Key not found (lfsr_common_prefix list is null). Nt=f276277e
-------------------------------------------------------------------------
Executing command. It may take up to 30 min.
Press the key on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
..
***************MY HARDWARE********************
proxmark3> hw ver
#db# Prox/RFID mark3 RFID instrument
#db# bootrom: svn 715 2013-05-10 07:59:22
#db# os: svn 0 2013-06-23 01:49:28
#db# FPGA image built on 2012/ 1/ 6 at 15:27:56
*****************MIFARE TAG******************
proxmark3> hf 14a reader
ATQA : 04 00
UID : db be 97 40
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k
proprietary non iso14443a-4 card found, RATS not supported
********* NESTED WORKS FINE IN SAME CARD WITH DEFAULT KEYS**************
proxmark3> hf mf nested 1 0 a ffffffffffff
--block no:00 key type:00 key:ff ff ff ff ff ff
Block shift=0
Testing known keys. Sector count=16
nested...
Iterations count: 0
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| ffffffffffff | 1 | ffffffffffff | 1 |
|001| ffffffffffff | 1 | ffffffffffff | 1 |
|002| ffffffffffff | 1 | ffffffffffff | 1 |
|003| ffffffffffff | 1 | ffffffffffff | 1 |
|004| ffffffffffff | 1 | ffffffffffff | 1 |
|005| ffffffffffff | 1 | ffffffffffff | 1 |
|006| ffffffffffff | 1 | ffffffffffff | 1 |
|007| ffffffffffff | 1 | ffffffffffff | 1 |
|008| ffffffffffff | 1 | ffffffffffff | 1 |
|009| ffffffffffff | 1 | ffffffffffff | 1 |
|010| ffffffffffff | 1 | ffffffffffff | 1 |
|011| ffffffffffff | 1 | ffffffffffff | 1 |
|012| ffffffffffff | 1 | ffffffffffff | 1 |
|013| ffffffffffff | 1 | ffffffffffff | 1 |
|014| ffffffffffff | 1 | ffffffffffff | 1 |
|015| ffffffffffff | 1 | ffffffffffff | 1 |
|---|----------------|---|----------------|---|
Offline
#2 2013-06-24 18:02:36
- C0Y0-Ck3r
- Contributor
- Registered: 2012-11-08
- Posts: 87
Re: Snoop and Darkside not run in mifare classic with default/ keys!
Well try with the last revision, I think there is a snoop problem with this new version. I'll be checking that when I can. Else you can check my tuts here for more help : http://youtube.com/C0Y0Ck3r
Offline
#3 2013-06-24 18:08:21
- willdsmaster
- Member
- Registered: 2013-06-21
- Posts: 3
Re: Snoop and Darkside not run in mifare classic with default/ keys!
nice video, what revision you use in this vídeo? tested other reviews and the problem persists. thanks for replying!
svn 715, 680, 630, 745....
Offline
#4 2013-06-24 18:15:01
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: Snoop and Darkside not run in mifare classic with default/ keys!
Actually, you would need the src from the branch /scripting r745 to make it work again.
Offline
#5 2013-06-24 19:17:15
- willdsmaster
- Member
- Registered: 2013-06-21
- Posts: 3
Re: Snoop and Darkside not run in mifare classic with default/ keys!
Thank you all for the help, I'm currently testing Rev 638, and apparently works well, post the final results of test later.
Offline
#6 2013-07-07 21:50:54
- holiman
- Contributor
- Registered: 2013-05-03
- Posts: 566
Re: Snoop and Darkside not run in mifare classic with default/ keys!
I *really* recommend:
1). Using r752 for classic attack "hf mf mifare"
2). Using scripting-branch, 'script run mfkeys.lua" to check default keys, instead of "hf mf check"
Offline
#7 2013-07-08 19:01:59
- piwi
- Contributor
- Registered: 2013-06-04
- Posts: 704
Re: Snoop and Darkside not run in mifare classic with default/ keys!
Just committed a new implementation of hf mf mifare with r754 (sorry holiman - I told you that I was working on it). It is damn fast now (25seconds on average) by avoiding wrong nonces.
Offline
#8 2013-07-08 19:14:42
- holiman
- Contributor
- Registered: 2013-05-03
- Posts: 566
Re: Snoop and Darkside not run in mifare classic with default/ keys!
Cool!
I haven't tested it yet, but it looks very clever. I kind of figured that no matter how precise you could make the timing, you still would need several states, but your solution to not turn off the power but just wait out the cycles is clever indeed, and probably lends itself to being a lot more exact than the old way to do it. Smart!
One thing: https://code.google.com/p/proxmark3/source/diff?spec=svn754&r=754&format=side&path=/branches/scripting/client/cmdmain.c
This commit went into the scripting-branch. Is that intended?
Offline
#9 2013-07-08 19:36:47
- holiman
- Contributor
- Registered: 2013-05-03
- Posts: 566
Re: Snoop and Darkside not run in mifare classic with default/ keys!
Ok, here are my results. I used my 'bitchiest' card (swedish SL-card) which had a timeout-value of 800ms.
1. Using old-old hf mf, it never got cracked.
2. Using my version (r752) it took 12m 32s (including tuning, 8 paralell states)
3. Your version: 18s.
...
Awesome work piwi!!!!
Offline
#10 2013-07-08 20:24:48
- piwi
- Contributor
- Registered: 2013-06-04
- Posts: 704
Re: Snoop and Darkside not run in mifare classic with default/ keys!
One thing: https://code.google.com/p/proxmark3/source/diff?spec=svn754&r=754&format=side&path=/branches/scripting/client/cmdmain.c
This commit went into the scripting-branch. Is that intended?
Ooops. No, that was not intended. I indeed had some struggles with svn during my first commit. I have no idea why cmdmain.c was from the scripting branch and how to correct that. It is unmodified from the trunk cmdmain.c, so this should be fine. But the scripting branch should be affected...
Last edited by piwi (2013-07-09 13:06:46)
Offline
#11 2013-07-09 08:40:29
- piwi
- Contributor
- Registered: 2013-06-04
- Posts: 704
Re: Snoop and Darkside not run in mifare classic with default/ keys!
Cool!
I haven't tested it yet, but it looks very clever. I kind of figured that no matter how precise you could make the timing, you still would need several states, but your solution to not turn off the power but just wait out the cycles is clever indeed, and probably lends itself to being a lot more exact than the old way to do it. Smart!
To be fair: the basics of the new stuff wasn't my own idea but inspired by
http://www.proxmark.org/files/Documents/13.56%20MHz%20-%20MIFARE%20Classic/Implementing_an_RFID_MIFARE_CLASSIC_Attack.pdf
Really new is only the timing based on the FPGA clock instead of the ARM internal clock - this eliminates problems with clock drifts between ARM and FPGA/card (after several seconds even crystal oscillators will be off by quite some cycles).
Offline
#12 2013-07-09 22:58:15
- moebius
- Contributor
- Registered: 2011-03-10
- Posts: 206
Re: Snoop and Darkside not run in mifare classic with default/ keys!
Awesome work piwi!
Using your implementation I was able to crack a card that was impossible by other means.
Right now, I'm running Nested, but It's not working... or nothing happens.. just a few lights at the beginning, and then, nothing else...
This is what I'm using:
proxmark3> #db# Prox/RFID mark3 RFID instrument
proxmark3> #db# bootrom: svn 754 2013-07-09 17:22:17
proxmark3> #db# os: svn 754 2013-07-09 17:22:22
proxmark3> #db# FPGA image built on 2012/ 1/ 6 at 15:27:56
Also, I really liked the way the other revision shows the current state of the DarkSide attack. Is it possible to include something like that?
Thanks!
Offline
#13 2013-07-18 19:51:33
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: Snoop and Darkside not run in mifare classic with default/ keys!
Piwi! Wrooooom, it cracks 'em fast now. Superb work! o great master of fgpa clocks
Offline
#14 2013-08-13 10:42:28
- merlok
- Contributor
- Registered: 2011-05-16
- Posts: 132
Re: Snoop and Darkside not run in mifare classic with default/ keys!
Hi,
OK, as I see we cant use attacks on Security Level 1 MIFARE Plus. I have tried it, but there is no bugs(
but)
You always can sniff card's traffic and get keys.
and you can use http://www.proxmark.org/forum/viewtopic.php?pid=7897#p7897 (moebius, thanks for description!)
Unfortunately, there is no luck to attack cards on Security Level 3 (. Because there is an AES authentication and crypto)
Offline