Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2018-02-28 11:49:56

FrenchKey
Contributor
Registered: 2018-02-28
Posts: 2

RNG generating polynomial 16 effective bits, unexpected behaviour

Hello,

I'm playing with my proxmark for some days already, managed to crack some tags (mifare 1K mostly), but one is not willing to work as expected. The strange thing is that it has be cracked by using ACR122U and MFOC some time ago (so I even have the full content), but the command "hf mf mifare" is giving this result after a few seconds :

proxmark3> hf mf mifare
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.....Card is not vulnerable to Darkside attack (its random number generator seems to be based on the wellknown          
generating polynomial with 16 effective bits only, but shows unexpected behaviour.

I did compile, and flash with latest firmware/client (I believe so at least) :

proxmark3> hw version
[[[ Cached information ]]]

Prox/RFID mark3 RFID instrument
bootrom: /-suspect 2018-02-27 13:33:06
os: /-suspect 2018-02-27 13:34:38
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/10/27 at 08:30:59

uC: AT91SAM7S512 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 196975 bytes (38%). Free: 327313 bytes (62%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory

for some reason, the version number does not appear ?

Some keys are default, but how to know and exploit it (if I don't already have a dump) ?

thanks for your help

Offline

#2 2018-03-01 19:54:13

nightime
Contributor
Registered: 2017-03-09
Posts: 3

Re: RNG generating polynomial 16 effective bits, unexpected behaviour

You need to use the hardnested command instead.
It seems to be using the LFSR that only uses the lower 16 bits but the response isn't as expected. If you have trouble after trying hf mf hardnested then you'll need to do some further exploring.

Offline

#3 2018-03-03 04:32:38

yaowang
Contributor
Registered: 2017-01-11
Posts: 15

Re: RNG generating polynomial 16 effective bits, unexpected behaviour

you should sniff a key first

Offline

Board footer

Powered by FluxBB