Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hi,
when i run
hf mf nested 4 0 a a0a1a2a3a4a5
on a Mifare Classic 4K card with A0A1A2A3A4A5 as key A for sector 0/block 0,
the command freezes after a while, causing a CPU load of 100%
First the key recovering just works fine and super fast due to piwis improvements.
But then it freezes. This freeze occurs after a "random-like" number of keys were recovered.
Anyone experience the same issue?
Any hints?
Thanks!
Offline
Well, I didn't have the freeze, but something simular. the PM3 couldn't find the card, and sometimes it took forever (freeze?). I figured out that the firmware changes the detection algo so I tried to hold the card 1cm above the antenna. Which works like it should. I didnt have this problem before either, I could just place the card direct on the antenna and it worked but not anymore.
It could be something like this for you aswell?
Offline
I placed a book between the antenna and the card. The results are somehow different but still
the command freezes. An interesting thing though: if I grep the output for keys and use
Mifare Classic Tool (Android app) to map the keys to the sectors, they are all there. So the proxmark
did recover all the keys...
But after all, this could be a lucky coincidence. However, I got the keys now and I'm happy
Offline
I've also noticed freezes sometimes on nested. I believe it is caused by two threads that are started by the crapto-recovery thingy. The two threads both go into spin-loops to find possible states. For some reason, it appears that sometimes these threads are not stopped correctly, to the effect that we have one or two threads which just spin within a very tight loop. I can't say for 100% though, but this is my prime suspect in mifarehost.c:
// wrapper function for multi-threaded lfsr_recovery32
void* nested_worker_thread(void *arg)
{
struct Crypto1State *p1;
StateList_t *statelist = arg;
statelist->head.slhead = lfsr_recovery32(statelist->ks1, statelist->nt ^ statelist->uid);
for (p1 = statelist->head.slhead; *(uint64_t *)p1 != 0; p1++);
Offline
Pages: 1