Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2014-06-25 11:18:35

Neuer_User
Contributor
Registered: 2013-03-26
Posts: 88

Uncrackable Mifare Classic ?

Hi I stumbled upon a card which looks like a Mifare Classic, but withstands the typical attacks implented in mfoc or in proxmark3 (mifare_autopwn).

proxmark3> hf 14a reader
ATQA : 44 00         
UID : 04 a9 93 72 cf 2b 80           
SAK : 08 [2]         
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1         
proprietary non iso14443a-4 card found, RATS not supported         

The card can be read by typical android apps as the first 5 sectors are non-encrypted (FFFFFFFFFF).

Anybody knows what type of card this is?

Thanks

Michael

Offline

#2 2014-06-30 17:34:12

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: Uncrackable Mifare Classic ?

Its probably a Mifare Plus.

see http://www.proxmark.org/forum/viewtopic.php?id=1202 why hf mf mifare and hf mf nested doesn't work with these cards.

Distinguishing Mifare Classic and Mifare Plus in SL1 (Security Level 1 - Mifare Classic Compatibility Mode) seems to become a common topic. Give me a day or two to modify hf 14a reader ...

Offline

#3 2014-06-30 20:36:20

Neuer_User
Contributor
Registered: 2013-03-26
Posts: 88

Re: Uncrackable Mifare Classic ?

Thanks piwi.

Yeah, it sounds like a plus card then. That means it is pretty secure, then.

Would really be good to be able to identify such cards easily.

Offline

#4 2014-07-01 20:10:45

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: Uncrackable Mifare Classic ?

committed new version to github master.

Can you please try hf 14a reader again and post the results?

Offline

#5 2014-07-02 07:18:30

Neuer_User
Contributor
Registered: 2013-03-26
Posts: 88

Re: Uncrackable Mifare Classic ?

Hi piwi

Just pulled the latest rev (c7324bef2894b8515a71f28cc948fa6bea9ccbaf), compiled and flashed. Result is, however, pretty similar:

proxmark3> hw version
#db# Prox/RFID mark3 RFID instrument                 
#db# bootrom: master/v1.0.0-27-g6c0f60c-suspect 2014-06-29 09:33:14                 
#db# os: master/v1.0.0-32-gc7324be-suspect 2014-07-02 05:59:34                 
#db# HF FPGA image built on 2014/ 6/19 at 21:26: 2                 

proxmark3> hf 14a reader
ATQA : 00 44          
 UID : 04 a9 93 72 cf 2b 80           
 SAK : 08 [2]          
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1          
proprietary non iso14443-4 card found, RATS not supported          

I don't have any confirmed Plus cards here (only the suspected one), so can't do a positive check to see if it is working.

If you want me to test other patches to find out what type of card this is, you can also just post them here. (No need to commit test patches to git :-) ).

Thanks a lot

Michael

Offline

#6 2014-07-02 07:32:05

Neuer_User
Contributor
Registered: 2013-03-26
Posts: 88

Re: Uncrackable Mifare Classic ?

Hmm, I did a bit of reading about RATS and found a link on libnfc.org that allows to force using RATS with nfc-anticol -f. Interestingly, the result is the same, meaning also libnfc cannot get the ATS.

I then found an old Desfire I had and tested it with nfc-anticol and piwis commits for proxmark3:

proxmark3> hf 14a reader
ATQA : 03 44          
 UID : 04 61 49 f2 54 1f 80           
 SAK : 20 [1]          
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41          
SAK incorrectly claims that card doesn't support RATS          
 ATS : 06 75 77 81 02 80 02 f0           
       -  TL : length is 6 bytes          
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 5          
       - TA1 : different divisors are supported, DR: [2, 4, 8], DS: [2, 4, 8]          
       - TB1 : SFGI = 0, FWI = 8          
       - TC1 : NAD is NOT supported, CID is supported          
       -  HB : 80           

So, piwis code seems to work. Which would imply that my uncrackable Mifare card is NOT a plus card, but something else. Hmmm....

Offline

#7 2014-07-02 10:19:44

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: Uncrackable Mifare Classic ?

So we can rule out Mifare plus. Which leaves Mifare Classic NG as most probable possibility.

Offline

#8 2014-07-02 11:48:29

Neuer_User
Contributor
Registered: 2013-03-26
Posts: 88

Re: Uncrackable Mifare Classic ?

Never heard of Mifare Classic NG. Is that a normal Mifare Classic with fixed RND generator and 7 bit UID? Or anything other special?

Is it a completely secure card or are working attacks known?

Offline

#9 2014-07-02 16:53:22

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: Uncrackable Mifare Classic ?

Well, its really hardly mentioned (it is in AN10927, referring to MF1SyyyyX chips). In contrast to the old ones (without the X) , these can have 7Bytes UIDs. I couldn't find documentation on the RNG being fixed. This can be assumed because they came to market after the Mifare hack.

Offline

Board footer

Powered by FluxBB