Hello, and my sincere thanks?

cantjie · 2023-08-01 12:39:36

Hello, I am from mainland China. I here want to express my sincere thanks to this forum. And thank you @Sentinel [I dont know how to notice him/her.]

I got in trouble when trying to clone my flat room card. I just googled one of the KeyAs of my IC card and find the only result: fid=4480. With the hint from Sentinel, I successfully got the KeyB of my card.

I just want to reply on the fid=4480 post, and I am glad to register to this forum. Thank you. Below is what i want to reply in post 4480:

Thank you very much Sentinel!

I meet the problem when trying to clone my flat door card.
1. I found my card's sector 1 encrypted with unknown keys. So firstly I tried to brute force the keys with PN532. And I successfully got the keyA. However, after about 0.7M attempts, I failed to find keyB.
2. Just as i was trying more attempts (actually, this may theorically cost thousands of years), I googled the keyA and found this post. I then knew that the KeyB is related to the UID.
3. Although I do not find my UID bytes in reply#21, I find that the lower 4 bits follow the rule: $x+y=5$, where x and y are the lower 4 bits of UID bytes and KeyB bytes.
4. So, this complexity come down to at most (2^(4*4) =)65536 attempts. For me, the KeyB is in this pattern: XAX3X1XF9595, where the X stands for unknow 4 bits.

Finally, after minutes of attempts with my PN532, I got my card's KeyB!

I'd really appreciate your post. Thank you!

iceman · 2023-08-02 18:22:44

Welcome and thank you for reading the introduction post http://www.proxmark.org/forum/viewtopic.php?id=1125.

Your access rights has been updated.

Proxmark3 community

Announcement

#1 2023-08-01 12:39:36

Hello, and my sincere thanks?

#2 2023-08-02 18:22:44

Re: Hello, and my sincere thanks?

Board footer