Problem Authentification MF Classic 4k

NeiJPass · 2014-05-14 20:53:21

I need your help.
I have a Mifare Classic 4K card that I can not read it. Just let me read the UID anything else but get the following message:

I tried to snoop and not completely reads the tags

please!

proxmark3> hf 14a read
ATQA : 02 00
UID : 12 4f b8 a2 00 00 00 00 00 01 00 00
SAK : 18 [2]
SAK : NXP MIFARE Classic 4k | Plus 4k
proprietary non-iso14443a card found, RATS not supported

Connected units:
1. SN: ChangeMe [bus-0/\\.\libusb0-0001--0x9
proxmark3> hf mf chk *4 ? t
No key specified,try default keys
chk default key[0] ffffffffffff
chk default key[1] 000000000000
chk default key[2] a0a1a2a3a4a5
chk default key[3] b0b1b2b3b4b5
chk default key[4] aabbccddeeff
chk default key[5] 4d3a99c351dd
chk default key[6] 1a982c7e459a
chk default key[7] d3f7d3f7d3f7
chk default key[8] 714c5c886e97
chk default key[9] 587ee5f9350f
chk default key[10] a0478cc39091
chk default key[11] 533cb6c723f6
chk default key[12] 8fd0a4f256e9
--SectorsCnt:0 block no:0x03 key type:A key count:13
#db# Can't select card
#db# Can't select card
--SectorsCnt:1 block no:0x07 key type:A key count:13
#db# Can't select card
#db# Can't select card
--SectorsCnt:2 block no:0x0b key type:A key count:13
#db# Can't select card
#db# Can't select card

iceman · 2014-05-14 21:10:53

tried the "hf mf mifare" ?

NeiJPass · 2014-05-14 21:17:39

I've tried but it takes more than 30 minutes. that's good?

iceman · 2014-05-14 21:55:54

nop

NeiJPass · 2014-05-15 14:56:34

proxmark3> hf mf mifare
-------------------------------------------------------------------------
Executing command. It may take up to 30 min.
Press the key on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
.....................................................
aborted via keyboard!
proxmark3> hw version
#db# Prox/RFID mark3 RFID instrument
#db# bootrom: svn 651 2013-01-31 14:52:23
#db# os: svn 651 2013-01-31 14:52:31
#db# FPGA image built on 2012/ 1/ 6 at 15:27:56

the flashing red stop at 42 minutes
the bootrom version has to do?
someone who has been passed with a 4K and MIFARE CLASSIC has managed to read it, can explain as has removed the authentication card

NeiJPass · 2014-05-15 18:06:46

There is some brute force method?

app_o1 · 2014-05-16 04:31:48

You obviously are not using a recent revision.
I had similar issues on old revision.

Can you try with latest rev and let us know if it works better.

Also, do you know at least one Key ?
you could skip "hf mf mifare" and try :
"hf mf nested 4 0 A a0a1a2a3a4a5 d"
Replace a0a1a2a3a4a5 by whatever your Key is.

NeiJPass · 2014-05-16 14:13:52

Thank you very much for your help. I will change to the new version. The truth is you're asking authentification in all blocks. I will comment on results

NeiJPass · 2014-05-16 20:49:36

change:

proxmark3> hw version
#db# Prox/RFID mark3 RFID instrument
#db# bootrom: svn 756 2013-07-13 08:11:47
#db# os: svn 756 2013-07-13 08:11:52
#db# FPGA image built on 2012/ 1/ 6 at 15:27:56

Problems:

"hf mf mifare"
Led red and orange fixed +40 Minutes and keep getting points without giving any Somedays it works

"hf mf nested 4 0 A a0a1a2a3a4a5 d"

Message:
proxmark3> hf mf nested 4 0 A a0a1a2a3a4a5 d
--block no:00 key type:00 key:a0 a1 a2 a3 a4 a5 etrans:0
Block shift=0
Testing known keys. Sector count=64
#db# Can't select card
#db# Can't select card
#db# Can't select card
#db# Can't select card
#db# Can't select card
#db# Can't select card
#db# Can't select card
#db# Can't select card
#db# Can't select card
#db# Can't select card
.
#db# Can't select card
nested...

.#db# Can't select card
......

+15 minutes LED: red green orange fixed ...... if this reading is not going brute force .... I leave that decis me all night? thanks for your replies.

iceman · 2014-05-16 21:39:19

the "can't select card" makes me wonder if your antenna does work? or is it really a 4k mifare s70 card?

thefkboss · 2014-05-17 10:01:27

this happen because the card is the new mifare card.
the only way to crak is sniffing

NeiJPass · 2014-05-17 10:06:09

Thanks TheFKBoss
I thought so
Is there any method, for example sniffe sticker and record the data in its memory and then read the sticker? data when the card is recharged?

app_o1 · 2014-05-17 14:01:02

That also happens on recent rev when the card is too close to the antenna. Try to keep 1.0 cm ~ 1.5 cm distance between the antenna and the card.

By the way, in my case, the nested attack on mifare 4k starts, works for 2 min but never finishes. It always freeze and I have to unplug/plug the proxmark otherwise it is not responding.
With that particular card, I get 49 "Found valid key:xxxxxxxxxxxx" and then it freezes.

NeiJPass · 2014-05-18 10:21:43

mmmmmmmmmmm
Hello updating pm3 bin I read with "HF MF URDCARD" and what is my surprise:

ULTRALIGHT you think that is rather than Classic?

proxmark3> hf mf urdcard
Attempting to Read Ultralight...
#db# Cmd Error: 04
#db# Read block 0 error
#db# READ CARD FINISHED
isOk:01
Block 00:00 00 00 00
Block 01:00 00 00 00
Block 02:24 02 00 00
Block 03:00 00 00 00 [0]
Block 04:ff ff ff ff [0]
Block 05:bc ee 11 00 [0]
Block 06:00 00 00 00 [0]
Block 07:00 00 00 00 [0]
Block 08:a2 b8 4f 12 [0] ----> CARD Nº SERIE
Block 09:11 11 11 11 [0]
Block 0a:a2 b8 4f 12 [0]
Block 0b:44 44 44 44 [0]
Block 0c:50 00 20 00 [0]
Block 0d:01 0b 00 00 [0]
Block 0e:01 00 00 00 [0]
Block 0f:00 02 00 00 [0]

proxmark3> hf mf uwrbl 4 12121212
--block no:04
--data: 12 12 12 12
#db# Authentication failed. Card timeout.
#db# Cmd Send Error: 04 2
#db# Write block error
#db# WRITE BLOCK FINISHED
isOk:00

iceman · 2014-05-18 10:31:39

the "HF MF URD*" commands is for ultralight cards..

or are you trying to use it to read your 4k card?

NeiJPass · 2014-05-18 10:45:07

If put that card not recognized thought it was another type of card. ultralight and reads blocks not read with Classic 4k

Last edited by NeiJPass (2014-05-18 10:47:43)

NeiJPass · 2014-05-18 10:47:00

NeiJPass wrote:

If put that card not recognized thought it was another type of card. ultralight and reads blocks not read with Classic 4k

NeiJPass · 2014-05-23 15:31:06

No more ways to crack the authentication? Brute force is very difficult?

thanks

pusinato · 2014-06-02 10:56:38

I have tried the new 0.0.2, 0.0.1 and a lot of the other revision, it halts when hf mf nested 4kb cards
the card is mifare classic 4k
can someone write a few commands so i can succed to pull out the keys

app_o1 · 2014-06-02 15:37:01

You don't get any result after you start the nested attack ?
It does not even "work" for a few seconds ?

Proxmark3 community

Announcement

#1 2014-05-14 20:53:21

Problem Authentification MF Classic 4k

#2 2014-05-14 21:10:53

Re: Problem Authentification MF Classic 4k

#3 2014-05-14 21:17:39

Re: Problem Authentification MF Classic 4k

#4 2014-05-14 21:55:54

Re: Problem Authentification MF Classic 4k

#5 2014-05-15 14:56:34

Re: Problem Authentification MF Classic 4k

#6 2014-05-15 18:06:46

Re: Problem Authentification MF Classic 4k

#7 2014-05-16 04:31:48

Re: Problem Authentification MF Classic 4k

#8 2014-05-16 14:13:52

Re: Problem Authentification MF Classic 4k

#9 2014-05-16 20:49:36

Re: Problem Authentification MF Classic 4k

#10 2014-05-16 21:39:19

Re: Problem Authentification MF Classic 4k

#11 2014-05-17 10:01:27

Re: Problem Authentification MF Classic 4k

#12 2014-05-17 10:06:09

Re: Problem Authentification MF Classic 4k

#13 2014-05-17 14:01:02

Re: Problem Authentification MF Classic 4k

#14 2014-05-18 10:21:43

Re: Problem Authentification MF Classic 4k

#15 2014-05-18 10:31:39

Re: Problem Authentification MF Classic 4k

#16 2014-05-18 10:45:07

Re: Problem Authentification MF Classic 4k

#17 2014-05-18 10:47:00

Re: Problem Authentification MF Classic 4k

#18 2014-05-23 15:31:06

Re: Problem Authentification MF Classic 4k

#19 2014-06-02 10:56:38

Re: Problem Authentification MF Classic 4k

#20 2014-06-02 15:37:01

Re: Problem Authentification MF Classic 4k

Board footer