Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2016-10-13 18:20:28

earlneo
Contributor
Registered: 2016-10-01
Posts: 36

Key diversification algo for Mifare Plus

Hi Iceman & All,

I have extracted keys from 14 Mifare Plus Card. Differences on Sector 0 and 15.

Is there any tool available for me to try to decode the master key similar to what your team did for UL card?

I can send all the keys if you interested. Thanks

Offline

#2 2016-10-13 20:07:52

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: Key diversification algo for Mifare Plus

No idea actually, 
how about you post a file with your findings, and lets see if @marshmellow and @asper is up for it?

Offline

#3 2016-10-13 20:32:24

earlneo
Contributor
Registered: 2016-10-01
Posts: 36

Re: Key diversification algo for Mifare Plus

All codes removed as per privacy request. Please contact me for the codes. Thanks

Last edited by earlneo (2016-10-19 14:23:04)

Offline

#4 2016-10-15 10:50:18

cjbrigato
Contributor
Registered: 2016-09-04
Posts: 52

Re: Key diversification algo for Mifare Plus

Earlneo, as a last call with kindness,

Would you _PLEASE_ pursue your experiment by sharing these very set of key IN PRIVATE
_PRIVATE_ please, as these keys which yes, i confirm are of known derivation scheme but don't have to be made such publicity, alongside with their SAK* behavior, UID's etc etc ? thx

Last edited by cjbrigato (2016-10-15 11:48:14)

Offline

#5 2016-10-15 11:24:51

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: Key diversification algo for Mifare Plus

A list with the following columns is prefered.
UID | key type (A/B) | sector | key

Offline

#6 2016-10-15 11:38:08

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: Key diversification algo for Mifare Plus

I wouldn't bother disturbing @marshmellow or @asper if you haven't spoken with them before.  So ignore @cjbrigato's suggestion about that.  If they are interested and want to be contacted, they will let it be known here in the thread.

Offline

#7 2016-10-15 11:47:54

cjbrigato
Contributor
Registered: 2016-09-04
Posts: 52

Re: Key diversification algo for Mifare Plus

Iceman, I was re-iterating your name-dropping just to enforce a _PRIVATE_ communication on these keys. /EDIT : NOT encouraging any unwanted hassle.

And if I don't, someone else will.

Last edited by cjbrigato (2016-10-15 12:09:06)

Offline

#8 2016-10-15 11:51:48

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: Key diversification algo for Mifare Plus

As I mentioned in my previous post, these guys doesnt want to be bothered with private emails from ppl they don't know.
If they want to be contacted, they will make it clear here.

My name-dropping was to see if they were following this thread and were interested.

Offline

#9 2016-10-15 12:08:06

cjbrigato
Contributor
Registered: 2016-09-04
Posts: 52

Re: Key diversification algo for Mifare Plus

Iceman, I understand without any discussion your meaning since the first occurence. I'm not discussing it and this is why if you would have checked you would have see the ambigous part already edited.
This was no discussion either after that, my only point is the privacy of this scheme. No problem for it to be researched upon but _is_ a problem to be so easyly packed _and_ correlated in public area such as this one. If you want to know anymore on this case, mail. If not, then this is over.

Offline

#10 2016-10-17 18:16:43

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Key diversification algo for Mifare Plus

the algo appears to be quite easy.  my question though, being that i do not know what these cards are used for is, what is your intent? or what is the application of these cards?

Offline

#11 2016-10-19 15:11:50

earlneo
Contributor
Registered: 2016-10-01
Posts: 36

Re: Key diversification algo for Mifare Plus

my company have multiple sites. each site have deployed different card system. mifare classic, mifare plus, proximity em4x, legic 256, and etc.
we deployed years ago based on the available budget. yeah, we did failed big time in security audit due to too many systems handling it.
too many suppliers as well.

for 2017, we plan consolidate these system into 1 centralized building system.

i'm analyzing all the current system and to check either the current readers, wiring, and setup still be able to use or we have to scrap all and install a new one. also it always comes to to the budget. shall we go all the way to latest and greatest or mifare desfire ev1 would be enough for us.
if cost too high, we might need to do it in 2018. at least i have done the internal audit for all the current systems deployed.

as usual for any building management system, the keys are already embedded into the system by the vendor and locked by a master key.
as buyer, we can only order pre-encoded cards from them.

the problem we have now, the vendor which supply this system have closed their business last year.
we have no more support and only have few unused cards left.

Offline

#12 2016-10-21 08:38:59

earlneo
Contributor
Registered: 2016-10-01
Posts: 36

Re: Key diversification algo for Mifare Plus

cjbrigato wrote:

Earlneo, as a last call with kindness,

Would you _PLEASE_ pursue your experiment by sharing these very set of key IN PRIVATE
_PRIVATE_ please, as these keys which yes, i confirm are of known derivation scheme but don't have to be made such publicity, alongside with their SAK* behavior, UID's etc etc ? thx

Hi cjbrigato, this forum doesn't support private message function. Too bad.

Do you mind to share with me your findings on known derivation scheme? Thanks

Offline

Board footer

Powered by FluxBB