[usb] pm3 --> hf mf autopwn h
Usage:
hf mf autopwn [k] <sector number> <key A|B> <key (12 hex symbols)>
[* <card memory>] [f <dictionary>[.dic]] [s] [i <simd type>] [l] [v]
Description:
This command automates the key recovery process on Mifare classic cards.
It uses the darkside, nested and hardnested attack to extract the keys and card content.
Options:
h this help
k <sector> <key A|B> <key> known key is supplied
f <dictionary>[.dic] key dictionary file
s slower acquisition for hardnested (required by some non standard cards)
v verbose output (statistics)
l legacy mode (use the slow 'mf chk' for the key enumeration)
* <card memory> all sectors based on card memory
* 0 = MINI(320 bytes)
* 1 = 1k (default)
* 2 = 2k
* 4 = 4k
i <simd type> set type of SIMD instructions for hardnested. Default: autodetection.
i 5 = AVX512
i 2 = AVX2
i a = AVX
i s = SSE2
i m = MMX
i n = none (use CPU regular instruction set)
Examples:
hf mf autopwn -- target Mifare classic card with default keys
hf mf autopwn * 1 f mfc_default_keys -- target Mifare classic card (size 1k) with default dictionary
hf mf autopwn k 0 A FFFFFFFFFFFF -- target Mifare classic card with Sector0 typeA with known key 'FFFFFFFFFFFF'
hf mf autopwn k 0 A FFFFFFFFFFFF * 1 f mfc_default_keys -- this command combines the two above (reduce the need for nested / hardnested attacks, by using a dictionary)
]]>