MIFARE Classic Emulator Authentication Problem

roflcopter · 2013-06-10 06:20:03

Hi all!

I have been trying to get the MIFARE Classic emulator to work, but I ran into some problems.

I'm working with a Windows 7 64bit and a Kubuntu 12.04 32bit machine, I checked out r731, compiled and flashed the proxmark3 (boot, fpga and os). I'm using the standard HF antenna that shipped with the proxmark3 and I"m getting moderate antenna readings (9V without tag). Sniffing ISO 14443A communication works, so does reading a standard MIFARE Classic card. I'm using ACR 122U and Micropross MP300 as readers.

However, when it comes to the emulator, the authentication does not work. I tested the default emulation ('hf mf eclr' and 'hf mf sim e68487f3' or 'hf mf sim') and I also copied a standard MIFARE Classic card ('hf mf nested 1 0 a FFFFFFFFFFFF t', 'hf mf ecfill a FFFFFFFFFFFF', 'hf mf sim'). The selection of the card works fine, also the authentication command (60h, 61h), the card answers with the hard coded nonce (01h 02h 03h 04h), the reader responds with the encrypted nonces back, proxmark detects a nonce mismatch (after decryption) and aborts.

This happens in armsrc/iso14443a.c around line 2147. I extended the code to also print the used key:

if (MF_DBGLEVEL >= 4)	Dbprintf("AUTH FAILED. cardRr=%08x, succ=%08x key=%016x", cardRr, prng_successor(nonce, 64), emlGetKey(cardAUTHSC, cardAUTHKEY));

And despite having always set the very default key FFFFFFFFFFFFh (also the emulator memory says so, checked with 'hf mf eget' and 'hf mf ekeyprn'), in my debug message I got keys like 0000FFFFFFFFh and even 00000000FFFFh. Setting those keys at the reader side does not make a difference, authentication still fails.

Firstly, any ideas what's going wrong? Secondly, is there any svn version of bootrom/fpga/os that is known to have a working emulator, so I can verify whether the problem is just at my side?

Thanks and Regards

roflcopter · 2013-06-11 06:28:41

Update:

The wrong key is simply a print issue, so there is nothing wrong with the emulator memory or the loading of the key. If you split the key variable into two 32 bit chunks, printing just works fine.

However, authentication is still not working. Has anybody tried emulating a MIFARE Classic with r731 or any other version and maybe tested it with ACR 122U?

Regards

moebius · 2013-06-11 14:45:08

Hey Roflcopter! I came across the same issue, with other releases too... The other weird thing is that is possible to read the emulated memory without the previous auth.. try that and you'll see... so the problem is with the auth part of the code.. I'm trying to fix it with no luck for now..

ikarus · 2013-06-11 15:17:26

Same issue here. Posted some time ago on the same topic: http://www.proxmark.org/forum/viewtopic.php?id=1525
The print issue was also an issue in this thread, but it should be fixed:

------------------------------------------------------------------------
r662 | roel@libnfc.org | 2013-02-28 23:49:34 +0100 (Do, 28. Feb 2013) | 1 Zeile

fixed stupid 64-bit formatting for x86/amd64 and unix/windows - part4
------------------------------------------------------------------------
r661 | roel@libnfc.org | 2013-02-28 23:46:49 +0100 (Do, 28. Feb 2013) | 1 Zeile

fixed stupid 64-bit formatting for x86/amd64 and unix/windows - part3
------------------------------------------------------------------------
r660 | roel@libnfc.org | 2013-02-28 23:33:31 +0100 (Do, 28. Feb 2013) | 1 Zeile

fixed stupid 64-bit formatting for x86/amd64 and unix/windows - part2
------------------------------------------------------------------------
r659 | roel@libnfc.org | 2013-02-28 23:22:24 +0100 (Do, 28. Feb 2013) | 1 Zeile

fixed stupid 64-bit formatting for x86/amd64 and unix/windows
------------------------------------------------------------------------

However the auth problem still remains.
But thank you for investigating this issue one more time!!!

moebius · 2013-07-08 20:49:44

I'll try to do some "revival" on this topic.. I'll read the code and try to fix it. If someone is also interested, just shoot a comment here

moebius · 2013-07-10 01:14:08

Hey... I'm trying to understand what's going on here... while doing the auth:

proxmark3> #db# AUTH FAILED. cardRr=3cfab9af, succ=20f8ed56

the succ is always the same but the cardRr changes every auth try. The problem here is that they should be the same to get an auth OK...

still trying...

jonor · 2013-09-29 17:03:51

I have the same problem.
I think we should use the Reader Nonce for calculate the encrypted reply from reader.
I don't know very well Mifare authentication, I will try to understand better as it works and I will try to develope a patch.
@moebius Have you news for it?

moebius · 2013-09-30 15:11:44

Nope nothing yet.. if you are able to discover something, just post it here... I'll try to do some effort this weekend thanks for your coop.!

jonor · 2013-09-30 15:21:29

I solved the problem. I can authenticate with my nfc reader and default password. I need to test better, but I think this issue is solved.

moebius · 2013-09-30 15:33:14

You're awesome! Please, commit the change and comment it so we can learn what you've done.

Great news @jonor!

jonor · 2013-09-30 19:26:21

I have done more test and I have a problem. I have loaded a real mifare with keys, I tried to dump with nfc-mfclassic from SCL3711 and works without problem, I have dumped all card without problems and no difference with original. I tried to autheticate with MultiISO (AGC Reader) I have authentication failed. PM3 tell me AUTHENTICATION COMPLETE but on MultiISO the login is failed.
Before submit the patch I would like test better.
I attach here so you can try it:

Index: iso14443a.c
===================================================================
--- iso14443a.c (revision 786)
+++ iso14443a.c (working copy)
@@ -2111,9 +2114,9 @@
        static uint8_t rSAK[] = {0x08, 0xb6, 0xdd};
        static uint8_t rSAK1[] = {0x04, 0xda, 0x17};

-       static uint8_t rAUTH_NT[] = {0x01, 0x02, 0x03, 0x04};
+       uint8_t rAUTH_NT[] = {0x01, 0x02, 0x03, 0x04};
 //     static uint8_t rAUTH_NT[] = {0x1a, 0xac, 0xff, 0x4f};
-       static uint8_t rAUTH_AT[] = {0x00, 0x00, 0x00, 0x00};
+       uint8_t rAUTH_AT[] = {0x00, 0x00, 0x00, 0x00};

        // clear trace
        traceLen = 0;
@@ -2270,12 +2273,11 @@
                        case MFEMUL_AUTH1:{
                                if (len == 8) {
                                        // --- crypto
-                                       //rn_enc = bytes_to_num(receivedCmd, 4);
-                                       //cardRn = rn_enc ^ crypto1_word(pcs, rn_enc , 1);
+                                       crypto1_word(pcs, bytes_to_num(receivedCmd, 4), 1);
                                        cardRr = bytes_to_num(&receivedCmd[4], 4) ^ crypto1_word(pcs, 0, 0);
                                        // test if auth OK
                                        if (cardRr != prng_successor(nonce, 64)){
-                                               if (MF_DBGLEVEL >= 4)   Dbprintf("AUTH FAILED. cardRr=%08x, succ=%08x", cardRr, prng_successor(nonce, 64));
+                                               if (MF_DBGLEVEL >= 4)   Dbprintf("AUTH FAILED. nonce=%08X, cardRr=%08x, succ=%08x",nonce, cardRr, prng_successor(nonce, 64));
                                                cardSTATE_TO_IDLE();
                                                break;
                                        }
@@ -2308,7 +2310,7 @@

                                                // --- crypto
                                                crypto1_create(pcs, emlGetKey(cardAUTHSC, cardAUTHKEY));
-                                               ans = nonce ^ crypto1_word(pcs, cuid ^ nonce, 0);
+                                               crypto1_word(pcs, cuid ^ nonce, 0);
                                                num_to_bytes(nonce, 4, rAUTH_AT);
                                                EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));
                                                // --- crypto

My patch is simple was missing a crypto1_word.
I followed the authentication code of mifare reader in PM3.

moebius · 2013-09-30 19:42:18

Great. I'll check this tonite. I've got an SCL3711 and an ACR122U, so I'll check with both readers.

moebius · 2013-10-01 01:49:13

Hey! With the crypto1_word and by removing the "ans = nonce.." line... it's "kinda working"...

I tested it with the ACR122U and now I can authenticate and then read. But when I do several auths to different sectors without "removing" the antena from the reader, It failed, the same for some reading attempts.

Using the SCL3711 I was able to read it too.. but I haven't tried what I mentioned above.

We're really close!

Thanks!

jonor · 2013-10-01 15:59:39

I think the problem is the speed in reply. I tried many times with MultiISO and sometime the login is correct. So now algorithm is correct, but need to improve it.
Authentication when the UID has 7byte is not yet implemented.

Proxmark3 community

Announcement

#1 2013-06-10 06:20:03

MIFARE Classic Emulator Authentication Problem

#2 2013-06-11 06:28:41

Re: MIFARE Classic Emulator Authentication Problem

#3 2013-06-11 14:45:08

Re: MIFARE Classic Emulator Authentication Problem

#4 2013-06-11 15:17:26

Re: MIFARE Classic Emulator Authentication Problem

#5 2013-07-08 20:49:44

Re: MIFARE Classic Emulator Authentication Problem

#6 2013-07-10 01:14:08

Re: MIFARE Classic Emulator Authentication Problem

#7 2013-09-29 17:03:51

Re: MIFARE Classic Emulator Authentication Problem

#8 2013-09-30 15:11:44

Re: MIFARE Classic Emulator Authentication Problem

#9 2013-09-30 15:21:29

Re: MIFARE Classic Emulator Authentication Problem

#10 2013-09-30 15:33:14

Re: MIFARE Classic Emulator Authentication Problem

#11 2013-09-30 19:26:21

Re: MIFARE Classic Emulator Authentication Problem

#12 2013-09-30 19:42:18

Re: MIFARE Classic Emulator Authentication Problem

#13 2013-10-01 01:49:13

Re: MIFARE Classic Emulator Authentication Problem

#14 2013-10-01 15:59:39

Re: MIFARE Classic Emulator Authentication Problem

Board footer