Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2019-06-05 17:24:02
- 3dmann
- Contributor
- From: BRD- Deutschland
- Registered: 2019-05-18
- Posts: 43
I recorded with the sniff command
I recorded with the sniff command the communication swichen chip and the transmitter
and also the program crapto1gui.exe version 1.1 to calculate for Kay but the kay does not work is not the version too old or why can it be?
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
Answers to chinese magic backdoor commands: NO
received trace len: 481 packages: 1
tag select uid:19 2B 33 14 atqa:0x0004 sak:0x08
RDR(0):60 00 f5 7b
TAG(1):58 a9 d4 e1
RDR(2):9b dc 51 b2 1f d9 56 d2
TAG(3):70 45 86 44
RDR(4):66 9a 12 f3
TAG(5):d0 d8 5b 51 19 2B 33 14b5 31 19 2B 33 14 24 3f 16
RDR(6):9c 73 4d ef
TAG(7):20 f4 09 14 66 01 f8 74 14 a1 87 9f 3d 08 cb 85 d4 18
RDR(8):87 03 fc 4b
tag select uid:19 2B 33 14 atqa:0x0004 sak:0x08
RDR(9):60 04 d1 3d
TAG(10):14 cc 13 3b
RDR(11):dd 21 d8 26 40 73 f8 e7
TAG(12):a1 38 38 e0
RDR(13):dc fc a3 75
TAG(14):4d 2f 15 c8 86 51 bd 9c e3 18 30 db fa 02 07 53 63 eb
RDR(15):8a a0 6f c9
TAG(16):a8 72 0f 40 40 19 2B 33 14 20 7e b1 c3 ac f6 a9 65
RDR(17):f5 3f ff 3c
TAG(18):e8 af 7f 74 d6 34 5c 19 2B 33 14 06 d1 07 89 cb 6c
RDR(19):f7 41 3b 66
TAG(20):0c ce a9 d6
RDR(21):59 f9 10 bd ba 49 68 99
TAG(22):2e d9 56 6a
RDR(23):bf 31 05 53
TAG(24):32 5b 35 b7 dd 73 94 8f 14 19 2B 33 14 14 85 8f e5 82
kay:9DDDFD8226EC = crapto1gui.exe Last edited by 3dmann (2019-06-23 11:51:46)
Offline
#2 2019-06-06 07:32:00
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: I recorded with the sniff command
Looks like you are on a old proxmark3 client/firmware version. Try latest official.
Then when you sniff, try hf list mifare, it will be easier 
Offline
#3 2019-06-06 18:35:56
- 3dmann
- Contributor
- From: BRD- Deutschland
- Registered: 2019-05-18
- Posts: 43
Re: I recorded with the sniff command
Thank you you had right the old version on it ...
Now I have the latest news
[ CLIENT ]
client: iceman build for RDV40 with flashmem; smartcard;
[ ARM ]
bootrom: iceman/master/ice_v3.1.0-1087-gf55a5725 2019-05-29 21:04:34
os: iceman/master/ice_v3.1.0-1087-gf55a5725 2019-05-29 21:04:38
[ FPGA ]
LF image built for 2s30vq100 on 2017/10/25 at 19:50:50
HF image built for 2s30vq100 on 2018/ 9/ 3 at 21:40:23
[ Hardware ]
--= uC: AT91SAM7S512 Rev B
--= Embedded Processor: ARM7TDMI
--= Nonvolatile Program Memory Size: 512K bytes, Used: 117349 bytes (45%) Free: 286939 bytes (55%)
--= Second Nonvolatile Program Memory Size: None
--= Internal SRAM Size: 64K bytes
--= Architecture Identifier: AT91SAM7Sxx Series
--= Nonvolatile Program Memory Type: Embedded Flash Memory
now I have the communication with the version recorded only because I last day only 6 characters and no 8
and so I get no kay in crapto1gui.exe
pm3 --> hf list mf
Recorded Activity (TraceLen = 77 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
Start | End | Src | Data (! denotes parity error) | CRC | Annotation
------------+------------+-----+-------------------------------------------------------------------------+-----+--------------------
0 | 992 | Rdr |52 | | WUPA
2228 | 4596 | Tag |04 00 | |
7040 | 9504 | Rdr |93 20 | | ANTICOLL
10676 | 16500 | Tag |32 bf da 7a 2d | |
19456 | 29920 | Rdr |93 70 19 2B 33 14 86 c3 | ok | SELECT_UID
31156 | 34676 | Tag |08 b6 dd | |
and in the program PM3 Universal GUI.exe I can not find any crapt or kay generated Last edited by 3dmann (2019-06-23 11:52:39)
Offline
#4 2019-06-06 20:28:10
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: I recorded with the sniff command
You should even try latest offical repo or RRG repo in order to get the functions I am thinking of.
Offline
#5 2019-06-06 21:15:20
- 3dmann
- Contributor
- From: BRD- Deutschland
- Registered: 2019-05-18
- Posts: 43
Re: I recorded with the sniff command
you do not mean the version of the firmware but the ELECHOUSE Proxmark3 V2 DEV is too old and I should buy Proxmark3 4.0 RFID?
or what is RRG repo?
Offline
#6 2019-06-07 14:41:03
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: I recorded with the sniff command
No, your RDV2 is still a good one. Just put latest source on it and life will be better.
Latest sourcecode on Offical pm3 repo. (also a link on top of the forumpages)
https://github.com/Proxmark/proxmark3/
RRG repo, can be compiled for any pm3 device nowdays.
https://github.com/RfidResearchGroup/proxmark3
Offline
#7 2019-06-07 20:03:13
- 3dmann
- Contributor
- From: BRD- Deutschland
- Registered: 2019-05-18
- Posts: 43
Re: I recorded with the sniff command
Thank you for your help !!! i'm a freshman as you see.
I've already looked at some things and tried out such as. Gator96100 / ProxSpace but because not so because I do not know exactly what I have to do exactly to install offical repo in windows 7 / 64bit there is a tutorial tutorial or something in the kind for beginners.
Offline
#8 2019-06-07 20:13:16
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: I recorded with the sniff command
there is a lot of documentation... read the wiki, read the installation documents..
Offline
#9 2019-06-09 19:14:29
- 3dmann
- Contributor
- From: BRD- Deutschland
- Registered: 2019-05-18
- Posts: 43
Re: I recorded with the sniff command
OK :-)
Now I want the program PM3UniversalGUI.exe
integrate
but how would that work?
======. ===. ===. ====. ...iceman fork
==...==.====. ====. ..=. ...dedicated to RDV40
======..==.====.==. ====..
==..... ==..==..==. ..=. iceman@icesql.net
==. ==. ... ==. ====.. https://github.com/rfidresearchgroup/proxmark3/
... ... ... ..... pre-release v4.0
Support iceman on patreon, https://www.patreon.com/iceman1001/
[=] Using UART port com15
[=] Communicating with PM3 over USB-CDC
[ Proxmark3 RFID instrument ]
[ CLIENT ]
client: RRG/Iceman
[ PROXMARK RDV4 ]
external flash: absent
smartcard reader: absent
[ PROXMARK RDV4 Extras ]
FPC USART for BT add-on support: absent
[ ARM ]
bootrom: RRG/Iceman/master/7afc4b7b-dirty-unclean 2019-06-09 19:58:25
os: RRG/Iceman/master/7afc4b7b-dirty-unclean 2019-06-09 19:59:46
[ FPGA ]
LF image built for 2s30vq100 on 2019/ 4/18 at 9:35:32
HF image built for 2s30vq100 on 2018/ 9/ 3 at 21:40:23
[ Hardware ]
--= uC: AT91SAM7S512 Rev B
--= Embedded Processor: ARM7TDMI
--= Nonvolatile Program Memory Size: 512K bytes, Used: 339433 bytes (48%) Free
: 274855 bytes (52%)
--= Second Nonvolatile Program Memory Size: None
--= Internal SRAM Size: 64K bytes
--= Architecture Identifier: AT91SAM7Sxx Series
--= Nonvolatile Program Memory Type: Embedded Flash Memory
[usb] pm3 -->Last edited by 3dmann (2019-06-23 11:53:22)
Offline
#10 2019-06-09 21:43:35
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: I recorded with the sniff command
make sure you set the right target in the Makefile.platform file.
If you don't have a platform file, use the supplied sample file and follow the guide.
pm3 ~$ cp Makefile.platform.sample Makefile.platform
pm3 ~$ cat Makefile.platform.sample
# If you want to use it, copy this file as Makefile.platform and adjust it to your needs
PLATFORM=PM3RDV4
#PLATFORM_EXTRAS=BTADDON
#STANDALONE=LF_SAMYRUNOffline
#11 2019-06-09 21:44:40
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: I recorded with the sniff command
anyway this is all sidetracked from original post. Time to get back to topic.
Offline
#12 2019-06-10 12:12:52
- 3dmann
- Contributor
- From: BRD- Deutschland
- Registered: 2019-05-18
- Posts: 43
Re: I recorded with the sniff command
Now I'll continue.
only see that? is there something wrong?
or is the good?[/b]
[b][usb] pm3 --> hf 14a sniff
#db# Starting to sniff[/b]
[b][usb] pm3 --> hf list mf
[+] Recorded Activity (TraceLen = 467 bytes)
[=]
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)[/b]
[b] Start | End | Src | Data (! denotes parity error) | CRC | Annotation
------------+------------+-----+-------------------------------------------------------------------------+-----+--------------------
0 | 0 | Rdr |00 | |
16843008 | 16843265 | Rdr |01 01 01 01 01 01 01 01 01 01 01 01 01 01 00 01 01 01 | |
| | |01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 | |
| | |01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 | |
| | |01 01 01 01 00 01 01 01 01 01 01 01 01 01 01 01 01 01 | |
| | |01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 | |
| | |01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 | |
| | |01 01 01 01 00 01 01 01 01 01 01 01 01 01 01 01 01 01 | |
| | |01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 | |
| | |01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 | |
| | |01 01 01 01 01 01 01 01 00 01 01 00 01 01 00 01 00 01 | |
| | |01 00 01 01 00 01 01 01 01 01 00 01 00 01 01 00 00 01 | |
| | |00 01 01 01 01 01 00 01 00 01 01 00 01 01 00 01 00 00 | |
| | |01 00 00 01 00 01 01 00 01 01 00 01 00 00 01 00 00 01 | |
| | |00 01 01 00 01 01 00 01 01 01 01 00 01 01 00 01 01 00 | |
| | |01 01 00 01 00 | |
[usb] pm3 -->[/b]
[b]b# Starting to sniff
b# maxDataLen=3, Uart.state=0, Uart.len=0
b# traceLen=618 , Uart.output[0]=000000e6
sb] pm3 --> hf list mf
] Recorded Activity (TraceLen = 618 bytes)
]
art = Start of Start Bit, End = End of last modulation. Src = Source of Transfe
o14443a - All times are in carrier periods (1/13.56Mhz)[/b]
[b]better now[/b]
[b] Start | End | Src | Data (! denotes parity error)
----------+------------+-----+-------------------------------------------------
0 | 992 | Rdr |52
10169952 | 10170944 | Rdr |52
10172196 | 10174564 | Tag |04 00
10220112 | 10222576 | Rdr |93 20
10223748 | 10229572 | Tag |19 2B 33 14
10282944 | 10293408 | Rdr |93 70 32 bf da 7a 2d 86 c3
10294644 | 10298164 | Tag |08 b6 dd
10344736 | 10349440 | Rdr |60 00 f5 7b
10354292 | 10356596 | Tag |aa 69!
10360368 | 10369744 | Rdr |65 a8 8e aa d0 0d 75 50
10370916 | 10374500 | Tag |5e! 91! f4
10399648 | 10404416 | Rdr |a7 9f dc d9
10405588 | 10410708 | Tag |19 2B 33 14 01
10411236 | 10411748 | Tag |00!
10412516 | 10419684 | Tag |5e 21 74! 9b 01 69 00!
10421540 | 10421860 | Tag |03!
10483456 | 10488224 | Rdr |2d 10 a4 0d
10489428 | 10491988 | Tag |5f! fd! 00!
10493460 | 10493908 | Tag |07
10567664 | 10572432 | Rdr |88 7f 90 69
10625392 | 10626448 | Rdr |26
10672352 | 10673344 | Rdr |52
10674612 | 10674996 | Tag |00!
10722512 | 10724976 | Rdr |93 20
10726180 | 10727460 | Tag |32
10785232 | 10795696 | Rdr |93 70 19 2B 33 14 2d 86 c3
10796948 | 10799636 | Tag |08 b6 01
10940960 | 10945728 | Rdr |60 04 d1 3d
10950516 | 10953844 | Tag |29 c2 02
10956576 | 10965952 | Rdr |b2 7a e3 e9 d3 88 dd 80
10967156 | 10971636 | Tag |43! ad 2f 0a!
10995984 | 11000688 | Rdr |18 0a b3 5d
11001956 | 11007588 | Tag |9f 96 c0 e4! 3d
11010788 | 11011300 | Tag |01
11018468 | 11018852 | Tag |00!
11079552 | 11084320 | Rdr |59 cc f7 e8
11085508 | 11088836 | Tag |cd 6d 0b
11090580 | 11090772 | Tag |01
11162352 | 11167120 | Rdr |4f df 79 d1
11168308 | 11170484 | Tag |4b! 3f!
11408464 | 11413168 | Rdr |ae 79 56 31
11418004 | 11418644 | Tag |07
11419540 | 11419796 | Tag |00!
11424080 | 11433456 | Rdr |cd 4c b7 97 68 b4 07 a6
11437652 | 11437844 | Tag |01
11438756 | 11439332 | Tag |0c!
11462080 | 11466784 | Rdr |e6 1b eb 56
11468036 | 11469060 | Tag |03!
11474980 | 11477156 | Tag |8c 04
11478788 | 11479044 | Tag |00!
11481684 | 11482004 | Tag |03!
sb] pm3 -->[/b]
[b][usb] pm3 --> hf 14a sniff c
#db# Starting to sniff
#db# maxDataLen=4, Uart.state=0, Uart.len=0
#db# traceLen=604 , Uart.output[0]=0000001b
[usb] pm3 --> hf list mf
[+] Recorded Activity (TraceLen = 604 bytes)
[=]
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)[/b]
[b] Start | End | Src | Data (! denotes parity error) | CRC | Annotation
------------+------------+-----+-------------------------------------------------------------------------+-----+--------------------
0 | 2368 | Tag |04 00 | |
38983420 | 38984412 | Rdr |52 | | WUPA
38985680 | 38988048 | Tag |04 00 | |
39033580 | 39036044 | Rdr |93 20 | | ANTICOLL
39037248 | 39037888 | Tag |02 | |
39096300 | 39106764 | Rdr |93 70 19 2B 33 14 2d 86 c3 | ok | SELECT_UID
39108000 | 39111520 | Tag |08 b6 dd | |
39158220 | 39162924 | Rdr |60 00 f5 7b | ok | AUTH-A(0)
39167760 | 39172432 | Tag |50 7e 70 6f | | AUTH: nt
39173836 | 39183148 | Rdr |76 30 19 2B 33 14 1f 68 | | AUTH: nr ar (enc)
39184416 | 39189152 | Tag |c9! 7e 2c! cc! | | AUTH: at (enc)
39213116 | 39217820 | Rdr |b3 b7 0d 3f | |
| | * | key a0a1a2a3a4a5 prng HARD | |
| | * |30 01 8B B9 | ok | READBLOCK(1)
39219088 | 39239888 | Tag |54! f5! c9 19 2B 33 14 1f! ee! 57! d6! d8! 43! 1c d3! f8! 1a da! | |
| | * |6F 01 51 90 51 90 00 00 00 00 00 00 00 00 00 00 0A 6D | ok |
39296940 | 39301708 | Rdr |39 cb 25 71 | |
| | * |30 02 10 8B | ok | READBLOCK(2)
39302896 | 39323760 | Tag |c3 f2! a0 2a! 64 67! fe 0b 13! 50 a6! bf 67! ee d2 48! 82! 51 | |
| | * |00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 49 | ok |
39381148 | 39385916 | Rdr |56 5c 6b 6a | |
| | * |50 00 57 CD | ok | HALT
39438860 | 39439916 | Rdr |26 | | REQA
39485836 | 39486828 | Rdr |52 | | WUPA
39488080 | 39490448 | Tag |04 00 | |
39535996 | 39538460 | Rdr |93 20 | | ANTICOLL
39539648 | 39545472 | Tag |19 2B 33 14 | |
39598700 | 39609164 | Rdr |93 70 19 2B 33 14 86 c3 | ok | SELECT_UID
39610416 | 39613936 | Tag |08 b6 dd | |
39754444 | 39759212 | Rdr |60 04 d1 3d | ok | AUTH-A(4)
39763968 | 39768704 | Tag |6a 17 35 51 | | AUTH: nt
39770060 | 39779372 | Rdr |7b 0b e6 19 2B 33 14 53 | | AUTH: nr ar (enc)
39780624 | 39785360 | Tag |ed! e4 0a! 7e! | | AUTH: at (enc)
39809468 | 39814236 | Rdr |9a ce c3 89 | |
| | * | key aa172DDD3967 prng HARD | |
| | * |30 07 BD DC | ok | READBLOCK(7)
39815408 | 39836208 | Tag |fa! 5f 78! 3f 19 2B 33 14 19 86! bf 5f e6 0b! 24 14! 02 29! | |
| | * |00 00 00 00 00 00 78 77 88 01 00 00 00 00 00 00 25 71 | ok |
39893036 | 39897804 | Rdr |e6 00 c1 71 | |
| | * |30 05 AF FF | ok | READBLOCK(5)
39898992 | 39919792 | Tag |09 00! 8f! 6b! 9a 27 b5! ab 43! bd! 1f c2 c4 83 e0 d7 1f 60 | |
| | * |88 00 16 0A 5C F7 F4 5E 0B 0C A4 FA EF D1 4B 48 1B F7 | ok |
39975820 | 39980524 | Rdr |d3 44 34 42 | |
| | * |30 04 26 EE | ok | READBLOCK(4)
39981792 | 40002656 | Tag |fa! e9! 2a!19 2B 33 14 96 b7! 2c! 36 72 38 ce 2d 06 a0 2c | |
| | * |B2 8A AB AB 8A 1E C4 E3 44 7D 86 91 EF 9A CE 91 13 E1 | ok |
40221932 | 40226700 | Rdr |7c 43 99 c2 | |
| | * |61 08 65 EE | ok | AUTH-B(8)
40231456 | 40236192 | Tag |19 2B 33 14 | | AUTH: nt (enc)
40237548 | 40246924 | Rdr |12 11 f8 ce 19 2B 33 14 | | AUTH: nr ar (enc)
40248112 | 40252848 | Tag |6d 81 7e! 6a! | | AUTH: at (enc)
40275676 | 40280444 | Rdr |1b 68 13 2f | |
hardnested not implemented. uid:19 2B 33 14 nt:19 2B 33 14 ar_enc:7f423560 at_enc:6d19 2B 33 14[/b]
[b] 40281648 | 40302512 | Tag |56 5a! d7 ee! 0f 319 2B 33 14 3b! 1c! b8 5a 36 ee! 13 a0 d0 | |
[usb] pm3 -->Last edited by 3dmann (2019-06-23 11:57:52)
Offline
#13 2019-06-10 16:11:54
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: I recorded with the sniff command
that output was better, don't you think?
I also suggest you use BBCode for formatting code. Or use a pastebin, for longer outputs. Doesn't mess up the forum flow.
Offline
#14 2019-06-10 16:26:11
- 3dmann
- Contributor
- From: BRD- Deutschland
- Registered: 2019-05-18
- Posts: 43
Re: I recorded with the sniff command
OK I do that thanks for the tip
2 key
key ffff293e1167
key A0A1A2A3A4A5
Do not have to be Kay anymore?
Last edited by 3dmann (2019-06-23 11:58:15)
Offline
#15 2019-06-10 17:23:04
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: I recorded with the sniff command
Now you have enough to get the rest of the keys and do a proper dump of your card. From there, well that is up to you.
Offline
#16 2019-06-11 01:31:10
- 3dmann
- Contributor
- From: BRD- Deutschland
- Registered: 2019-05-18
- Posts: 43
Re: I recorded with the sniff command
could you give me a little advice to get the remaining key
What would you do now?
Offline
#17 2019-06-12 09:27:58
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: I recorded with the sniff command
You need to figure out what it is that you want to do. Your first post is about sniffing and getting a key, which you now solved. Time to read more about Mifare classic. Datasheets, youtube videos, blogposts, https://github.com/Proxmark/proxmark3/wiki/Mifare-HowTo the already mentioned wiki has information.
Offline
#18 2019-06-12 10:53:47
- 3dmann
- Contributor
- From: BRD- Deutschland
- Registered: 2019-05-18
- Posts: 43
Re: I recorded with the sniff command
Thanks iceman
I read a lot yesterday and now I have 30 of 32 key
Now only the last 2 key is missing
is that right that I need all 32 key?
or are there cards with 30 key?
ide last 2 kay are B
key where only ------------ stands
30 von 32 key
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| a0a1a2a3a4a5 | 1 | 0d333390296 | 1 |
|001| fff7293e1117 | 1 | ------------ | 0 | last 2 kay are B key where only ------------ stands ?
|002| a0a1a2a3a4a5 | 1 | ------------ | 0 |
|003| ffffffffffff | 1 | ffffffffffff | 1 |
|004| ffffffffffff | 1 | ffffffffffff | 1 |
|005| eeb420209d0c | 1 | eeb420ff9d0c | 1 |
|006| 911e52fd7ce4 | 1 | 911e52fd7ce4 | 1 |
|007| 752fbb5b7b45 | 1 | 752fbb5b7b45 | 1 |
|008| 66b03aca6ee9 | 1 | 66b03aca6ee9 | 1 |
|009| 48734389edc3 | 1 | 48734389edc3 | 1 |
|010| 17193709adf4 | 1 | 17193709adf4 | 1 |
|011| 1acc3189578c | 1 | 1acc3189578c | 1 |
|012| c2b7ec7d4eb1 | 1 | c2b7ec7d4eb1 | 1 |
|013| 369a4663acd2 | 1 | 369a4663acd2 | 1 |
|014| ffffffffffff | 1 | ffffffffffff | 1 |
|015| ffffffffffff | 1 | ffffffffffff | 1 |
|---|----------------|---|----------------|---|[+] Printing keys to binary file hf-mf-19 2B 33 14-key.bin ...
-mf-19 2B 33 14-data.json
"Created": "proxmark3",
"FileType": "mfcard",
"blocks": {
"0": "19 2B 33 142D880400C823002000000018",
"1": "9F033390119000000000000000000000",
"2": "00000000000000000000000000000000",
"3": "A0A1A2A3A4A5787788C10D258FE90296",
"4": "B28AABAB8A1EC4E3447D8691EF9ACE91",
"5": "8800100A5CFffffffffffB0CA4FAEFD14B48",
"6": "F53553F04E3232B5DEE85647839900CA",
"7": "CA172ffff96778778801000000000000",
"8": "00000000000000000000000000000000",
"9": "00000000000000000000000000000000",
"10": "00000000000000000000000000000000",
"11": "A0A1A2A3A4A578778805000000000000",
"12": "00000000000000000000000000000000",
"13": "00000000000000000000000000000000",
"14": "00000000000000000000000000000000",
"15": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
"16": "00000000000000000000000000000000",
"17": "00000000000000000000000000000000",
"18": "00000000000000000000000000000000",
"19": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
"20": "00000000000000000000000000000000",
"21": "00000000000000000000000000000000",
"22": "00000000000000000000000000000000",
"23": "EEB420209D0C78778800EEB420209D0C",
"24": "00000000000000000000000000000000",
"25": "00000000000000000000000000000000",
"26": "00000000000000000000000000000000",
"27": "911E52FD7CE478778800911E52FD7CE4",
"28": "00000000000000000000000000000000",
"29": "00000000000000000000000000000000",
"30": "00000000000000000000000000000000",
"31": "752FBB5B7B4578778800752FBB5B7B45",
"32": "00000000000000000000000000000000",
"33": "00000000000000000000000000000000",
"34": "00000000000000000000000000000000",
"35": "66B03ACA6EE97877880066B03ACA6EE9",
"36": "00000000000000000000000000000000",
"37": "00000000000000000000000000000000",
"38": "00000000000000000000000000000000",
"39": "48734389EDC37877880048734389EDC3",
"40": "00000000000000000000000000000000",
"41": "00000000000000000000000000000000",
"42": "00000000000000000000000000000000",
"43": "17193709ADF47877880017193709ADF4",
"44": "00000000000000000000000000000000",
"45": "00000000000000000000000000000000",
"46": "00000000000000000000000000000000",
"47": "1ACC3189578C787788001ACC3189578C",
"48": "00000000000000000000000000000000",
"49": "00000000000000000000000000000000",
"50": "00000000000000000000000000000000",
"51": "C2B7EC7D4EB178778800C2B7EC7D4EB1",
"52": "00000000000000000000000000000000",
"53": "00000000000000000000000000000000",
"54": "00000000000000000000000000000000",
"55": "369A4663ACD278778800369A4663ACD2",
"56": "00000000000000000000000000000000",
"57": "00000000000000000000000000000000",
"58": "00000000000000000000000000000000",
"59": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
"60": "00000000000000000000000000000000",
"61": "00000000000000000000000000000000",
"62": "00000000000000000000000000000000",
"63": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF"
},
"Card": {
"UID": "33232333",
"SAK": "88",
"ATQA": "0400"
},
"Last edited by 3dmann (2019-06-23 12:01:48)
Offline
#19 2019-06-12 11:47:41
- mwalker
- Moderator
- Registered: 2019-05-11
- Posts: 318
Re: I recorded with the sniff command
In short, if you want the card to be a 100% clone you need everything 100% the same.
Quick high level overview.
Mifare classic cards come in a few sizes. depending on the size they will have X sectors (the tech sheets will tell you)
For each sector there are 2 keys, A and B as well as some data blocks and some permissions.
Now, we need to think about what the card is used for and how they do it. This will be 100% up to the system designers.
For example.
I could write an access system that could work as follows.
User walks up to a door access reader. Places the card on the reader and the card ID is read and sent to the back end.
The back end looks up the ID and makes a quick call (UID exists so continue or UID does not exist, so don't open the door)
If we continue, the back end then instructs the reader to read the data from block Y with key A.
The data is sent to the back end, and checked... Yes the data was correct.
The back end could then tell the reader to update the card with some new data and save back to block Y and write with Key B
(i.e. the permissions were set such that A could read and B could write)
Why would they do this... simple, by writing new data on every use, then a clone will only work once unless its re-cloned. and the original will fail if the clone is the new one, so it would need updating.
Do they do that ? thats up to the system developers.
So know that we know what they could do, it is up to you to find out what you need to know and how your system works.
e.g. Read the entire card. Use the card, re-read the card and compare to the first read. Did anything change ?
Next, if you think you have enough data/keys, then try it.
Offline
#20 2019-06-12 17:21:50
- 3dmann
- Contributor
- From: BRD- Deutschland
- Registered: 2019-05-18
- Posts: 43
Re: I recorded with the sniff command
thanks mwalker
I have tried to read a lot of times but it always stays with
The access system is self-sufficient, it was programmed on-site there is a baterie included
So I have here 6 different chips for one and the same zutriets system and all Chip fählt the same B Key does not exist.
Is it because 2 B Key is not default_keys?
Are there any bigger key lists? I already have iceman from rdv40 + official + of course
Last edited by 3dmann (2019-06-12 17:25:37)
Offline
#21 2019-06-12 18:36:50
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: I recorded with the sniff command
try running nested or hardnest attacks against the missing keys.
Offline
#22 2019-06-12 20:43:31
- 3dmann
- Contributor
- From: BRD- Deutschland
- Registered: 2019-05-18
- Posts: 43
Re: I recorded with the sniff command
Thanks iceman with the hardnest attacks + nonces did it work now i have all the key now i want to write another chip with for data.
My main concern is that I can open the 3 doors with 1 chip to not always have to have all three chips
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| a0a1a2a3a4a5 | 1 | 0d258fe90296 | 1 |
|001| dd172fff3967 | 1 | abd42aa32e37 | 1 |
|002| a0a1a2a3a4a5 | 1 | abd42aa32e37 | 1 |
|003| ffffffffffff | 1 | ffffffffffff | 1 |
|004| ffffffffffff | 1 | ffffffffffff | 1 |
|005| eeb420209d0c | 1 | eeb420209d0c | 1 |
|006| 911e52fd7ce4 | 1 | 911e52fd7ce4 | 1 |
|007| 752fbb5b7b45 | 1 | 752fbb5b7b45 | 1 |
|008| 66b03aca6ee9 | 1 | 66b03aca6ee9 | 1 |
|009| 48734389edc3 | 1 | 48734389edc3 | 1 |
|010| 17193709adf4 | 1 | 17193709adf4 | 1 |
|011| 1acc3189578c | 1 | 1acc3189578c | 1 |
|012| c2b7ec7d4eb1 | 1 | c2b7ec7d4eb1 | 1 |
|013| 369a4663acd2 | 1 | 369a4663acd2 | 1 |
|014| ffffffffffff | 1 | ffffffffffff | 1 |
|015| ffffffffffff | 1 | ffffffffffff | 1 |
|---|----------------|---|----------------|---|Last edited by 3dmann (2019-06-23 12:02:58)
Offline
#23 2019-06-12 22:49:23
- 3dmann
- Contributor
- From: BRD- Deutschland
- Registered: 2019-05-18
- Posts: 43
Re: I recorded with the sniff command
restore function does not work with the chip as soon as I enter the correct UID with csetuid he writes only with errors, but with the wrong UID he writes correctly
What is this mistake?
[usb] pm3 --> hf sea
[=] Checking for known tags...
UID : 399 AA DA 9A
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1 | 1k Ev1
[=] proprietary non iso14443-4 card found, RATS not supported
[=] Answers to magic commands: NO maybe that's why, how can I change that?or do I have to buy other chips
[+] Prng detection: HARD
[+] Valid ISO14443-A tag found
[usb] pm3 --> hf sea
[=] Checking for known tags...
UID : 399 AA DA 9A
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1 | 1k Ev1
[=] proprietary non iso14443-4 card found, RATS not supported
[+] Answers to magic commands (GEN 1a): YES maybe that's why, how can I change that?or do I have to buy other chips
[+] Prng detection: WEAK
[+] Valid ISO14443-A tag found
Last edited by 3dmann (2019-06-23 12:03:45)
Offline
#24 2019-06-12 23:49:17
- mwalker
- Moderator
- Registered: 2019-05-11
- Posts: 318
Re: I recorded with the sniff command
"...My main concern is that I can open the 3 doors with 1 chip to not always have to have all three chips..."
Are you saying you have three different mifare classic cards and want one to do the job of all three ?
this may or may not work.
On an original mifare card the UID (in block 0) is not changeable, and was intended to be different for every card (and they are moving to 7 or 10 byte UID over the old 4 byte UID).
So assuming your cards are all 4 byte mifare classic, I would expect them all to have different UIDs.
and while I don't know how your access system works, I would expect the UID will play a part in that.
(e.g. some systems only use the uid, others are more secure).
If the system uses the UID then it may not work. On the other hand, if it simply uses the UID for card selection and uses the data in the blocks/sectors for access control (i.e. UID is not validated) then as long as each access card stores data in different sectors, it could work.
You need to work on a plan to turn the unknown into knows.
e.g. Work with each card one by one. make a clone of card A and check that it works (this will ensure you have everything needed for card A), then repeat for Card B and C. If all goes well you will then know you have all the bits for a single card copy.
Next, check if all three cards use different sectors to store the data, if they overlap, is it the same data and keys (and permissions).
Then create a card with all the different sectors and one of the UIDs and see if it works.
Key Note: The UID is not meant to be changeable. the csetuid (and other c commands) are for the magic cards and not normal mifare cards. Iceman posted about the different types of cards and the functions.
Offline
#25 2019-06-13 00:38:04
- 3dmann
- Contributor
- From: BRD- Deutschland
- Registered: 2019-05-18
- Posts: 43
Re: I recorded with the sniff command
There is a mastercard in the house with access to all rooms, so it can not be alone from the UID.
however, the command restore only works as long as it was the first time.
the second repeated times the on the same card I get errors and
the door does not open
although the data are identical except for the UID
Are there other options ?
the programmer was connected to the lock of the door with a cable and there were 3 chips per room
The locks for the door were newly installed only 3 months ago
Last edited by 3dmann (2019-06-13 01:15:03)
Offline
#26 2019-06-13 01:11:21
- mwalker
- Moderator
- Registered: 2019-05-11
- Posts: 318
Re: I recorded with the sniff command
My comment was more around how the security system works. e.g. the back end could say
UID 12345678 can access door 1,2 and 3 <- All based on the UID and a back end database
UID aabbccdd can access door 1
UID 11223344 can access door 2
UID 55667788 can access door 3
if that is the case, then you would need the back end to allow the single UID to access all 3 doors, as IF it is based on UID then you cant make 1 card have 3 UID (but one UID could access more then one door)
if everything is 100% the same BUT the UID then it is linked to the UID (in part at least)
[=] Answers to magic commands: NO : This means the card does not appear to be a gen1/magic card, so the csetuid wont work.
Answers to magic commands (GEN 1a): YES : This means the card does work with csetuid.
There are many types of cards. if its not a magic card then the csetuid wont work.
If its a CUID then it may allow block 0 to be change via the normal block write command.
if its a FUID then it may allow block 0 to be changed BUT ONLY ONCE
For the card you say only allowed the UID to be changed once. Can you re-run the hf search and post.
Offline
#27 2019-06-13 01:55:25
- 3dmann
- Contributor
- From: BRD- Deutschland
- Registered: 2019-05-18
- Posts: 43
Re: I recorded with the sniff command
Original chip
[usb] pm3 --> hf sea
[=] Checking for known tags...
UID : 399 AA DA 9A
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Pl
[=] proprietary non iso14443-4 ca
[=] Answers to magic commands: NO
[+] Prng detection: HARD
[+] Valid ISO14443-A tag found
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| a0a1a2a3a4a5 | 1 | 0d258fe90296 | 1 |
|001| daddd93e1117 | 1 | abd333350e11 | 1 |
|002| a0a1a2a3a4a5 | 1 | abd333350e11 | 1 |
|003| ffffffffffff | 1 | ffffffffffff | 1 |
|004| ffffffffffff | 1 | ffffffffffff | 1 |
|005| eeb420209d0c | 1 | eeb420209d0c | 1 |
|006| 911e52fd7ce4 | 1 | 911e52fd7ce4 | 1 |
|007| 752fbb5b7b45 | 1 | 752fbb5b7b45 | 1 |
|008| 66b03aca6ee9 | 1 | 66b03aca6ee9 | 1 |
|009| 48734389edc3 | 1 | 48734389edc3 | 1 |
|010| 17193709adf4 | 1 | 17193709adf4 | 1 |
|011| 1acc3189578c | 1 | 1acc3189578c | 1 |
|012| c2b7ec7d4eb1 | 1 | c2b7ec7d4eb1 | 1 |
|013| 369a4663acd2 | 1 | 369a4663acd2 | 1 |
|014| ffffffffffff | 1 | ffffffffffff | 1 |
|015| ffffffffffff | 1 | ffffffffffff | 1 |
|---|----------------|---|----------------|---|
hf-mf-399 AA DA 9A-data.json
{
"Created": "proxmark3",
"FileType": "mfcard",
"blocks": {
"0": "399AADA9A2D880400C823002000000018",
"1": "9F01DDDD519000000000000000000000",
"2": "00000000000000000000000000000000",
"3": "A0A1A2A3A4A5787788C10D2aaaa90296",
"4": "B28AABAB8A1EC4E3447D863245ACE91",
"5": "8800162342F7F45E0B0CA4FAEFD14B48",
"6": "F53553F04E542BB5DEE85fffff0000CA",
"7": "CA17293E396778778801ABD4aaaa0E37",
"8": "00000000000000000000000000000000",
"9": "00000000000000000000000000000000",
"10": "00000000000000000000000000000000",
"11": "A0A1A2A3A4A578778805ABD42DD50E37",
"12": "00000000000000000000000000000000",
"13": "00000000000000000000000000000000",
"14": "00000000000000000000000000000000",
"15": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
"16": "00000000000000000000000000000000",
"17": "00000000000000000000000000000000",
"18": "00000000000000000000000000000000",
"19": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
"20": "00000000000000000000000000000000",
"21": "00000000000000000000000000000000",
"22": "00000000000000000000000000000000",
"23": "EEB420209D0C78778800EEB420209D0C",
"24": "00000000000000000000000000000000",
"25": "00000000000000000000000000000000",
"26": "00000000000000000000000000000000",
"27": "911E52FD7CE478778800911E52FD7CE4",
"28": "00000000000000000000000000000000",
"29": "00000000000000000000000000000000",
"30": "00000000000000000000000000000000",
"31": "752FBB5B7B4578778800752FBB5B7B45",
"32": "00000000000000000000000000000000",
"33": "00000000000000000000000000000000",
"34": "00000000000000000000000000000000",
"35": "66B03ACA6EE97877880066B03ACA6EE9",
"36": "00000000000000000000000000000000",
"37": "00000000000000000000000000000000",
"38": "00000000000000000000000000000000",
"39": "48734389EDC37877880048734389EDC3",
"40": "00000000000000000000000000000000",
"41": "00000000000000000000000000000000",
"42": "00000000000000000000000000000000",
"43": "17193709ADF47877880017193709ADF4",
"44": "00000000000000000000000000000000",
"45": "00000000000000000000000000000000",
"46": "00000000000000000000000000000000",
"47": "1ACC3189578C787788001ACC3189578C",
"48": "00000000000000000000000000000000",
"49": "00000000000000000000000000000000",
"50": "00000000000000000000000000000000",
"51": "C2B7EC7D4EB178778800C2B7EC7D4EB1",
"52": "00000000000000000000000000000000",
"53": "00000000000000000000000000000000",
"54": "00000000000000000000000000000000",
"55": "369A4663ACD278778800369A4663ACD2",
"56": "00000000000000000000000000000000",
"57": "00000000000000000000000000000000",
"58": "00000000000000000000000000000000",
"59": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF",
"60": "00000000000000000000000000000000",
"61": "00000000000000000000000000000000",
"62": "00000000000000000000000000000000",
"63": "FFFFFFFFFFFFFF078069FFFFFFFFFFFF"
},
"Card": {
"UID": "399AADA9",
"SAK": "88",
"ATQA": "0400"
},
"SectorKeys": {
"0": {
"KeyA": "A0A1A2A3A4A5",
"KeyB": "0D258ffff299",
"AccessConditions": "787788C1",
"AccessConditionsText": {
"block0": "rdAB wrB",
"block1": "rdAB wrB",
"block2": "rdAB wrB",
"block3": "wrAbyB rdCbyAB wrCbyB wrBbyB",
"UserData": "C1"
}
Copy chip
[usb] pm3 --> hf sea
[=] Checking for known tags...
UID : 399AADA9
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1 | 1k Ev1
[=] proprietary non iso14443-4 card found, RATS not supported
[=] Answers to magic commands: NO
[+] Prng detection: WEAK
[+] Valid ISO14443-A tag found
I have to buy reasonable chips can you recommend me on ebay?
Last edited by 3dmann (2019-06-23 12:07:35)
Offline
#28 2019-06-13 02:13:27
- 3dmann
- Contributor
- From: BRD- Deutschland
- Registered: 2019-05-18
- Posts: 43
Re: I recorded with the sniff command
[usb] pm3 --> hf sea
[=] Checking for known tags...
UID : A1 41 A7 55
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1 | 1k Ev1
[=] proprietary non iso14443-4 card found, RATS not supported
[=] Answers to magic commands: NO
[+] Prng detection: WEAK
[+] Valid ISO14443-A tag found
[usb] pm3 --> hf mf fchk 1 default_keys.dic
[+] Loaded 779 keys from default_keys.dic
[+] Running strategy 1
#db# Cmd Error: 04
#db# Cmd Error: 04
#db# Cmd Error: 04
#db# Cmd Error: 04
#db# Cmd Error: 04
#db# Cmd Error: 04
#db# Cmd Error: 04
#db# Cmd Error: 04
#db# Cmd Error: 04
#db# Cmd Error: 04
....
[+] Chunk: 10.0s | found 13/32 keys (85)
[+] Chunk: 0.7s | found 13/32 keys (85)
#db# Cmd Error: 04
#db# Cmd Error: 04
#db# Cmd Error: 04
#db# Cmd Error: 04
#db# Cmd Error: 04
#db# Cmd Error: 04
#db# Cmd Error: 04
#db# Cmd Error: 04
#db# Cmd Error: 04
[+] Chunk: 5.6s | found 32/32 keys (85)
[+] Time in checkkeys (fast): 16.3s
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| a0a1a2a3a4a5 | 1 | 0d258fe90296 | 1 |
|001| ca1432342967 | 1 | abdfffd50e37 | 1 |
|002| a0a1a2a3a4a5 | 1 | abdfffd50e37 | 1 |
|003| ffffffffffff | 1 | ffffffffffff | 1 |
|004| ffffffffffff | 1 | ffffffffffff | 1 |
|005| eeb420209d0c | 1 | eeb420209d0c | 1 |
|006| 911e52fd7ce4 | 1 | 911e52fd7ce4 | 1 |
|007| 752fbb5b7b45 | 1 | 752fbb5b7b45 | 1 |
|008| 66b03aca6ee9 | 1 | 66b03aca6ee9 | 1 |
|009| 48734389edc3 | 1 | 48734389edc3 | 1 |
|010| 17193709adf4 | 1 | 17193709adf4 | 1 |
|011| 1acc3189578c | 1 | 1acc3189578c | 1 |
|012| c2b7ec7d4eb1 | 1 | c2b7ec7d4eb1 | 1 |
|013| 369a4663acd2 | 1 | 369a4663acd2 | 1 |
|014| ffffffffffff | 1 | ffffffffffff | 1 |
|015| ffffffffffff | 1 | ffffffffffff | 1 |
|---|----------------|---|----------------|---|
[usb] pm3 -->
hf mf dump
#db# Cmd Error: 04
#db# Read block error
#db# Cmd Error: 04
#db# Read block error
#db# Cmd Error: 04
#db# Read block error
#db# Cmd Error: 04
#db# Read block error
#db# Cmd Error: 04
#db# Read block error
#db# Cmd Error: 04
#db# Read block error
#db# Cmd Error: 04
#db# Read block error
#db# Cmd Error: 04
#db# Read block error
#db# Cmd Error: 04
#db# Read block error
[-] could not read block 0 of sector 14
#db# Cmd Error: 04
#db# Read block error
#db# Cmd Error: 04
#db# Read block error
#db# Cmd Error: 04
#db# Read block error
#db# Cmd Error: 04
#db# Read block error
#db# Cmd Error: 04
#db# Read block error
#db# Cmd Error: 04
#db# Read block error
#db# Cmd Error: 04
#db# Read block error
#db# Cmd Error: 04
#db# Read block error
#db# Cmd Error: 04
#db# Read block error
#db# Cmd Error: 04
#db# Read block error
[-] could not read block 0 of sector 15
[+] time: 67 seconds
[+] Succeded in dumping all blocks
[+] saved 1024 bytes to binary file hf-mf-A1 41 A7 55-data-2.bin
[+] saved 64 blocks to text file hf-mf-A1 41 A7 55-data-2.eml
[+] saved to json file hf-mf-A1 41 A7 55-data-2.json
[usb] pm3 -->chip ist fehlerhaft
I've ordered the first time now see if the are good?
https://www.ebay.de/itm/4-x-NFC-Tag-mit-MIFARE-Classic-Chip-Schlüsselanhänger-Android-NFC-1k/331810678718?ssPageName=STRK%3AMEBIDX%3AIT&_trksid=p2060353.m2749.l2649
Last edited by 3dmann (2019-06-23 12:09:38)
Offline
#29 2019-06-13 23:25:34
- 3dmann
- Contributor
- From: BRD- Deutschland
- Registered: 2019-05-18
- Posts: 43
Re: I recorded with the sniff command
Have learned a lot from you thanks for that
first card works perfectly
Now I would like to expand the access to my 2 rooms
I have now compared the file
Now I compare room 1 to room 2 for comparison in the data.json
and see what's different
"Created": "proxmark3",
"FileType": "mfcard",
"blocks": {
"0": "E3447D862D880400C823002000000018",
"1": "63232190229000000000000000000000",
"2": "00000000000000000000000000000000",
"3": "A0A1A2A3A4A5787788C10D258FE90296",
"4": "B28AABAB8A1EC4f35d127991EF9ACE91",
"5": "880016125CF7F45E0B0CA4FAEFD14B48",
"6": "F53553F04E542BDDDDD5647830000CA",
"7": "CA17293E396778778801ABD42DD50E37",
"8": "00000000000000000000000000000000",
"9": "00000000000000000000000000000000",
"10": "00000000000000000000000000000000",
"11": "A0A1A2A3A4A578778805ABD42DD50E37",
--------------------------------------------------------------
"Created": "proxmark3",
"FileType": "mfcard",
"blocks": {
"0": "E3447D8AFC880400C823002000000018",
"1": "9F000000519000000000000000000000",
"2": "00000000000000000000000000000000",
"3": "A0A1A2A3A4A5787788C10D258FE90296",
"4": "47949CB2A4A0968F3AEDffffff0991DF",
"5": "1500160A5CF7F45E0B0CA4FAEFD14B48",
"6": "F53553F04E542E3447D86E856470000CA",
"7": "98F73A04432978778801E8D6223ACB49",
"8": "00000000000000000000000000000000",
"9": "00000000000000000000000000000000",
"10": "00000000000000000000000000000000",
"11": "A0A1A2A3A4A578778805E8D6223ACB49", Last edited by 3dmann (2019-06-23 12:12:01)
Offline
Pages: 1