Can't find any keys in Mifare card

lohcm88 · 2016-03-19 06:57:18

Dear Iceman, I came across a Mifare card whereby the keys cannot be found. Does that mean this Mifare card cannot be duplicated?

proxmark3> hf 14a reader
UID : 70 30 d0 08
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
Answers to chinese magic backdoor commands: NO
proxmark3>

Darkside Attack

proxmark3> hf mf mifare
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average :-)
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.
Card is not vulnerable to Darkside attack (its random number generator is not predictable)

Test Block Key

proxmark3> hf mf chk * ?
No key specified, trying default keys
chk default key[ 0] ffffffffffff
chk default key[ 1] 000000000000
chk default key[ 2] a0a1a2a3a4a5
chk default key[ 3] b0b1b2b3b4b5
chk default key[ 4] aabbccddeeff
chk default key[ 5] 4d3a99c351dd
chk default key[ 6] 1a982c7e459a
chk default key[ 7] d3f7d3f7d3f7
chk default key[ 8] 714c5c886e97
chk default key[ 9] 587ee5f9350f
chk default key[10] a0478cc39091
chk default key[11] 533cb6c723f6
chk default key[12] 8fd0a4f256e9
--sector: 0, block: 3, key type:A, key count:13
--sector: 1, block: 7, key type:A, key count:13
--sector: 2, block: 11, key type:A, key count:13
--sector: 3, block: 15, key type:A, key count:13
--sector: 4, block: 19, key type:A, key count:13
--sector: 5, block: 23, key type:A, key count:13
--sector: 6, block: 27, key type:A, key count:13
--sector: 7, block: 31, key type:A, key count:13
--sector: 8, block: 35, key type:A, key count:13
--sector: 9, block: 39, key type:A, key count:13
--sector:10, block: 43, key type:A, key count:13
--sector:11, block: 47, key type:A, key count:13
--sector:12, block: 51, key type:A, key count:13
--sector:13, block: 55, key type:A, key count:13
--sector:14, block: 59, key type:A, key count:13
--sector:15, block: 63, key type:A, key count:13
--sector: 0, block: 3, key type:B, key count:13
--sector: 1, block: 7, key type:B, key count:13
--sector: 2, block: 11, key type:B, key count:13
--sector: 3, block: 15, key type:B, key count:13
--sector: 4, block: 19, key type:B, key count:13
--sector: 5, block: 23, key type:B, key count:13
--sector: 6, block: 27, key type:B, key count:13
--sector: 7, block: 31, key type:B, key count:13
--sector: 8, block: 35, key type:B, key count:13
--sector: 9, block: 39, key type:B, key count:13
--sector:10, block: 43, key type:B, key count:13
--sector:11, block: 47, key type:B, key count:13
--sector:12, block: 51, key type:B, key count:13
--sector:13, block: 55, key type:B, key count:13
--sector:14, block: 59, key type:B, key count:13
--sector:15, block: 63, key type:B, key count:13

iceman · 2016-03-20 19:01:01

The "hardnested" attack will find a key for you.

marshmellow · 2016-03-20 20:46:56

actually hardnested still requires one known key.
you could try one of the key dictionaries or other common keys. other than that you are out of luck.

iceman · 2016-03-20 20:51:08

if access to reader, s/he also can sniff traffic.. if we are talking possibilities

lohcm88 · 2016-03-21 02:08:05

Thanks guys for the inputs... otherwise I will be a headless chicken running around... I need to read up more about hardnested...

iceman · 2016-04-27 20:23:05

In my fork I have a large set of default keys file. It has 189keys, you should try it out.

lohcm88 · 2016-04-28 00:51:49

But i have error compiling your fork due to outdated GCC. Any shortcut to copy the 189 default keys and paste to the C file like what you help me did to solve my viking problem? Appreciate your help iceman!

iceman · 2016-04-28 06:53:12

Its just a normal text file. A .dic file, I suggest you read up on the help text for "hf mf chk"

lohcm88 · 2016-04-28 07:52:15

I found a dictionary file name "default_keys.dic" file in your fork..

so i guess the command to use is "hf mf chk * ? default_keys.dic" ?

Last edited by lohcm88 (2016-04-28 07:52:34)

iceman · 2016-04-28 08:05:39

Not quite right but close, *1 is the size of card (1k), not only a star.

hf mf chk *1 ? default_keys.dic

however I have noticed that since the input options for that command is complex, I need to write it like

hf mf chk *1 ? d default_keys.dic

Its a pity that you can't compile my fork on this one, you miss out on the speedups.

lohcm88 · 2016-04-28 08:31:53

thanks for the heads up iceman! Is setting up ubuntu OS the easiest way to compile your fork?

iceman · 2016-04-28 08:46:44

This is not the right thread to talk about that subject.

I use a virtual vmware image, just download and run in vmware player (free too), so you don't need to do much. Works out-of-the-box.
Ref:
http://www.trendsigma.net/vmware/ubuntu1404t.html Ubuntu 14.04
http://www.momotrade.com/tool/vm/lubuntu1510t.html Ubuntu 15.10

lohcm88 · 2016-04-28 08:55:45

thank you will update this thread on the results if i manage to get my hands on that card again..

my_fair_cats_sick · 2016-05-05 13:38:22

when running the key check with iceman's branch, what does it mean when I get:

....Sending bytes to proxmark failed
....Sending bytes to proxmark failed
....Sending bytes to proxmark failed

iceman · 2016-05-05 17:02:45

if running a virtual env, as a suggestion, but how about you attach the device to your virtual environment?

if not, do please add more information about your setup and procedure.

osys · 2016-05-05 18:24:07

Per my personal experience, nothing works as expected except original hardware running linux and using USB 2.0.
No Virtual stuff!

iceman · 2016-05-05 18:46:35

I've been running a virtual setup for 2 years. Always works, however usb transfer speeds is slower, noticable.

my_fair_cats_sick · 2016-05-06 13:51:14

I am running MAC OS X El Capitan, no virtualization, iceman's branch.

I may try iceman's docker container for other reasons as well - I was trying to avoid any virtualization but it sounds like its pretty stable.

check key[194] <..snip..>
.........Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
....Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.....Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
....Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
....Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.....Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
....Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
....Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.....Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
....Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
....Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
.Sending bytes to proxmark failed
....
Time in checkkeys: 1403831 ticks 213 seconds

testing to read key B...
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| ffffffffffff | 0 | ffffffffffff | 0 |
|001| ffffffffffff | 0 | ffffffffffff | 0 |
|002| ffffffffffff | 0 | ffffffffffff | 0 |
|003| ffffffffffff | 0 | ffffffffffff | 0 |
|004| ffffffffffff | 0 | ffffffffffff | 0 |
|005| ffffffffffff | 0 | ffffffffffff | 0 |
|006| ffffffffffff | 0 | ffffffffffff | 0 |
|007| ffffffffffff | 0 | ffffffffffff | 0 |
|008| ffffffffffff | 0 | ffffffffffff | 0 |
|009| ffffffffffff | 0 | ffffffffffff | 0 |
|010| ffffffffffff | 0 | ffffffffffff | 0 |
|011| ffffffffffff | 0 | ffffffffffff | 0 |
|012| ffffffffffff | 0 | ffffffffffff | 0 |
|013| ffffffffffff | 0 | ffffffffffff | 0 |
|014| ffffffffffff | 0 | ffffffffffff | 0 |
|015| ffffffffffff | 0 | ffffffffffff | 0 |
|---|----------------|---|----------------|---|

Last edited by my_fair_cats_sick (2016-05-06 13:51:42)

my_fair_cats_sick · 2016-05-06 13:54:14

However on a different card (which I think is a plain Classic 1k) it seems to work fine - seems to be a card type issue?

Output for Classic 1k:

Time in checkkeys: 29418 ticks 3 seconds

testing to read key B...
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| ffffffffffff | 1 | ffffffffffff | 1 |
|001| ffffffffffff | 1 | ffffffffffff | 1 |
|002| ffffffffffff | 1 | ffffffffffff | 1 |
|003| ffffffffffff | 1 | ffffffffffff | 1 |
|004| ffffffffffff | 1 | ffffffffffff | 1 |
|005| ffffffffffff | 1 | ffffffffffff | 1 |
|006| ffffffffffff | 1 | ffffffffffff | 1 |
|007| ffffffffffff | 1 | ffffffffffff | 1 |
|008| ffffffffffff | 1 | ffffffffffff | 1 |
|009| ffffffffffff | 1 | ffffffffffff | 1 |
|010| ffffffffffff | 1 | ffffffffffff | 1 |
|011| ffffffffffff | 1 | ffffffffffff | 1 |
|012| ffffffffffff | 1 | ffffffffffff | 1 |
|013| ffffffffffff | 1 | ffffffffffff | 1 |
|014| ffffffffffff | 1 | ffffffffffff | 1 |
|015| ffffffffffff | 1 | ffffffffffff | 1 |
|---|----------------|---|----------------|---|

osys · 2016-05-06 13:55:55

On linux I always do killall ModemManager as it interfere with pm client. Might be something similar on mac?

my_fair_cats_sick · 2016-05-06 13:57:46

It seems to be based on card type, which is a bit confusing at the moment. Works fine repeatedly on a Mifare Classic 1k.

iceman · 2016-05-06 16:05:40

failing to send bytes to the proxmark message suggests that it takes too long time.
You will need to have a distance between tag and antenna, 1-2cm, try to find the right position too.

Did you connect it to the docker virtualbox as usb2.0 ?

my_fair_cats_sick · 2016-05-06 21:14:57

right now it's native to Mac, USB 2.0. I rest a little plastic pill cap on top of the antenna and then the card, which is exactly 1.6 cm.

I will try the docker container eventually - normal Mifare Classic 1k works just fine though so its a bit odd.

genexis · 2017-02-04 04:19:03

Did you manage to get this to work? I'm facing the exact same problem ... Tried using the Docker build as well as a MACOSX one. Tried moving my tag around the HF antenna to get a "Stronger signal", but all doesn't seem to work.

Proxmark3 community

Announcement

#1 2016-03-19 06:57:18

Can't find any keys in Mifare card

#2 2016-03-20 19:01:01

Re: Can't find any keys in Mifare card

#3 2016-03-20 20:46:56

Re: Can't find any keys in Mifare card

#4 2016-03-20 20:51:08

Re: Can't find any keys in Mifare card

#5 2016-03-21 02:08:05

Re: Can't find any keys in Mifare card

#6 2016-04-27 20:23:05

Re: Can't find any keys in Mifare card

#7 2016-04-28 00:51:49

Re: Can't find any keys in Mifare card

#8 2016-04-28 06:53:12

Re: Can't find any keys in Mifare card

#9 2016-04-28 07:52:15

Re: Can't find any keys in Mifare card

#10 2016-04-28 08:05:39

Re: Can't find any keys in Mifare card

#11 2016-04-28 08:31:53

Re: Can't find any keys in Mifare card

#12 2016-04-28 08:46:44

Re: Can't find any keys in Mifare card

#13 2016-04-28 08:55:45

Re: Can't find any keys in Mifare card

#14 2016-05-05 13:38:22

Re: Can't find any keys in Mifare card

#15 2016-05-05 17:02:45

Re: Can't find any keys in Mifare card

#16 2016-05-05 18:24:07

Re: Can't find any keys in Mifare card

#17 2016-05-05 18:46:35

Re: Can't find any keys in Mifare card

#18 2016-05-06 13:51:14

Re: Can't find any keys in Mifare card

#19 2016-05-06 13:54:14

Re: Can't find any keys in Mifare card

#20 2016-05-06 13:55:55

Re: Can't find any keys in Mifare card

#21 2016-05-06 13:57:46

Re: Can't find any keys in Mifare card

#22 2016-05-06 16:05:40

Re: Can't find any keys in Mifare card

#23 2016-05-06 21:14:57

Re: Can't find any keys in Mifare card

#24 2017-02-04 04:19:03

Re: Can't find any keys in Mifare card

Board footer