Proxmark3 developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2016-03-08 03:37:24

greatone76
Contributor
Registered: 2016-02-24
Posts: 41

AUTH Code Algorithm

Looking for any help with what the algorithm is or could be.  On the left is the 7 byte UID of the NFC tag and on the right is an AUTH value that is checked internally by the machine.  These are a list I've accumulated.  Because it is just on the card I can see what it is after I use the password, but I can't figure out how the machine checks the number.  Does it look like anything to anyone?  Of particular interest are the 2nd and 3rd tag.  They have the same AUTH and very similar UID's.  Any help would be greatly appreciated.

Last edited by greatone76 (2016-04-01 03:32:46)

Offline

#2 2016-03-08 05:05:38

iceman
Administrator
Registered: 2013-04-25
Posts: 6,173
Website

Re: AUTH Code Algorithm

What type of tag?


Can you sniff the traffic between reader and tag to get the pwd & pack?


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#3 2016-03-08 05:13:12

greatone76
Contributor
Registered: 2016-02-24
Posts: 41

Re: AUTH Code Algorithm

yes.  Those are the PACKs.  I can add pwd's but based on the 2nd and 3rd numbers it looks like it works off UID.  Would it help to have the PWD's anyway? 

I want to make cards from blanks.  I can input the tag and sniff the password, but I have no way of getting a correct PACK for the blank tag, so I'm trying to manually figure out the algorithm.  Any help on an alternative plan would be great as well.

Offline

#4 2016-03-08 05:20:38

greatone76
Contributor
Registered: 2016-02-24
Posts: 41

Re: AUTH Code Algorithm

NTAG213

Offline

#5 2016-03-08 05:42:20

iceman
Administrator
Registered: 2013-04-25
Posts: 6,173
Website

Re: AUTH Code Algorithm

If you want to figure out the pwdgen, you will need to gather all possible data. 
So uid|pwd|pack is bare minimium.   

You'll need to gather a large sample size as well,  if you have access to reader, you can use the sim possibilty to test different ranges of uid and gather pwd&pack with it.   

I'm assuming you have a pm3.


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#6 2016-03-08 05:54:17

greatone76
Contributor
Registered: 2016-02-24
Posts: 41

Re: AUTH Code Algorithm

I can input any UID and get back the password, so I can input simple UIDs, but I have no way of getting PACKs except getting people passwords and asking them to provide it back so I don't have the ability to get a large set or a simplistic set of PACK data.  I can sniff the PACK but it is just whatever I put in the emulator.

Offline

#7 2016-03-08 07:07:02

iceman
Administrator
Registered: 2013-04-25
Posts: 6,173
Website

Re: AUTH Code Algorithm

Indeed correct,  however you seem to forget that without a proper password the tag will not send the correct pack. Meaning your clone fails. Usually when talking about clone, it means making a byte-for-byte copy.  In NTAG213 world you will need the password to be able to dump all data. Well, it depends on locking bits aswell.. 

So without figuring out the correct pwdgen you will not be able to do anything more then copy known uid/pwd/pack tags.

The PACK is only 0xFFFF long so that is bruteforceable if you don't figure out how its generated.  Given access to a reader and it doesn't have a lock-tag mechanism in place.


If you are able to make a "hf mfu info" output and "hf mfu dump" here, together with known pwd / pack,  then we have something to go with.

And gather more uid/pwd with sim.   
And gather more uid/pwd/pack with asking your friends,  which has the same system as you are targeting.


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#8 2016-03-09 14:42:25

greatone76
Contributor
Registered: 2016-02-24
Posts: 41

Re: AUTH Code Algorithm

The short term goal is to get a new blank tag working.  I can put the blank tag in the machine and sniff the pwd it sends.  So that part of a new blank tag is under control.  What I need is to figure out the PACK algorithm for my short term goal. I can't really get much larger of a list of PACKS and even if I do it would be a huge success to double the number to 40. 

What is the best way to reverse engineer the PACK algorithm?  Is there a good process or a piece of software to use that can look into rotations, shift, XORs etc based on the known inputs and outputs?

Offline

#9 2016-03-09 14:48:09

iceman
Administrator
Registered: 2013-04-25
Posts: 6,173
Website

Re: AUTH Code Algorithm

from the different ones I've seen the pack was hardcoded or based on the pwd...

You do the hash/ encryptions / xors, additions, subtraction, nibble xor/swap,  bit swap / patterns  / crc / parity etc by hand or excel or you develop a script/proggy that makes parts of it.  There are ways of finding out wheater or not the bytes are crc:ed.


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#10 2016-03-10 02:37:44

greatone76
Contributor
Registered: 2016-02-24
Posts: 41

Re: AUTH Code Algorithm

Is there anywhere someone has laid out a good order to start such as a method to eliminate crc?  Or is there a good source who could point me in the right direction of what I'm looking at to better attack it?

Offline

#11 2016-03-28 12:29:48

greatone76
Contributor
Registered: 2016-02-24
Posts: 41

Re: AUTH Code Algorithm

I'm convinced that it is CRC - 16 using the UID as the Input.  I've found calculators on-line that run CRC with various polynomials.  Is there any "calculator" or program out there that will use the input and output to get me the CRC polynomial?  I'm assuming there is also an initial inout value and possibly a final XOR value.  Anyone with any advice on how to work through cracking the CRC information would be greatly appreciated.

Offline

#12 2016-03-28 13:42:24

iceman
Administrator
Registered: 2013-04-25
Posts: 6,173
Website

Re: AUTH Code Algorithm

you have the "reveng" tool.


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#13 2016-03-29 01:20:08

greatone76
Contributor
Registered: 2016-02-24
Posts: 41

Re: AUTH Code Algorithm

I feel like I'm missing something simple.  I download the zip, but when I open the .exe a window flashes up for a second.  Any advise?

Offline

#14 2016-03-31 00:52:55

greatone76
Contributor
Registered: 2016-02-24
Posts: 41

Re: AUTH Code Algorithm

Alright I have reveng up and running.  When I input -w 16 -s _____Hex_____(456D) in () being the crc it instantly returns no models found.  Do I have some formatting wrong or something else.  It seems to no being doing calcs, but just doing that because of an error check.  Any advice?

Offline

#15 2016-04-02 23:26:26

greatone76
Contributor
Registered: 2016-02-24
Posts: 41

Re: AUTH Code Algorithm

I got reveng up and running and feel like I'm just behind too many possibilities. Not knowing the poly, initial, xor, checksum or anything else.  I ran a bunch of options through through reveng and got absolutely nowhere. 

I'm considering getting a proxmark3.  If I do, my plan would be to emulate an NTAG213 with password known.  Then set up to brute force attack the machine with all the possibilities of 2 bytes to figure out the PACK.

I'm guessing there is no issue setting up the NTAG213 emulation and getting the PM3 to cycle through the different PACK values.  My questions is can it bet set up to know that the reader has accepted the PACK?

If it were the password there would be no issue because it would get the ACK response back and that after the first one of those it would stop, but being it is the PACK, the machine is going to get passed the PACK automatically and not particularly say ACK OR NACK cause the check is done inside the machine.  It will just react by reading Line 12 or not reading anything further.  Will I be able to detect that and program it to cycle to next or stop based on the reaction at a certain point? 

Also, just looking for some idea of how difficult this type of programing is with PM3 getting it cycling through a series of numbers and possibly logging the results.

Offline

#16 2016-04-03 18:34:17

iceman
Administrator
Registered: 2013-04-25
Posts: 6,173
Website

Re: AUTH Code Algorithm

you need to read up on how to use the reveng tool,  since you are calling it without proper arguments.

If you would to script a bruteforce PACK, against a reader,  you would start with getting a trace from a valid tag / reader  and a trace from a sim/tag/ w faulty pwd and reader  to  see how it differs.  The differens is your decision point in your script for FAIL/PASSED test,  when to quit. 

You can script it with lua or code in C,  but it will take some time to understand how things works in the PM3 world.
Good luck!


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#17 2016-04-04 02:17:01

greatone76
Contributor
Registered: 2016-02-24
Posts: 41

Re: AUTH Code Algorithm

@iceman - Thanks for your information.

As for reveng - Know I can call out more things like an initial value, or final XOR or poly, but I don't know any of these.  Is there another perimeter I might have or could guess that would help rev eng.  Do I have to input LSB or HSB or something else to get the results I want.  Basically I could put in one data point and a guess at a poly and it would return a result.  So, I started going through random polys.  My inputs are the same length, so I know from the read that it assumes no final XOR.  I just feel like having the guess at initials and XORS as wells as what order the bytes of my input go in seems futile.  I see how Reveng works I just don't feel like I have enough info about what I'm attacking to do anything by make guess after guess endlessly. 

As for the PM3 - I officially ordered one.  So basically there is no "macro" system I can put over the existing card emulation to run my brute force.  I'm going to have to program from scratch a brute force that includes the NTAG213 emulation inside of it?

Offline

#18 2016-04-04 06:52:07

iceman
Administrator
Registered: 2013-04-25
Posts: 6,173
Website

Re: AUTH Code Algorithm

reveng: look into listing which known crc presets and how you call them.
and read the tips on internet how to use it.

pm3,  u can sim a ntag already,  what u need to figure out is how to process the answers from the reader in a automatic way


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#19 2016-04-04 16:18:25

greatone76
Contributor
Registered: 2016-02-24
Posts: 41

Re: AUTH Code Algorithm

I'm not finding much for info on reveng. You have any links or forums with discussions?

Offline

#20 2016-04-04 22:30:07

marshmellow
Moderator
From: US
Registered: 2013-06-10
Posts: 2,299

Re: AUTH Code Algorithm

i added a few common use examples at the bottom of my integration of it and the pm3 https://github.com/marshmellow42/proxma … veng/cli.c  otherwise just use reveng -? to learn more...

Last edited by marshmellow (2016-04-04 22:31:21)

Offline

Board footer

Powered by FluxBB