Proxmark3 community

my_fair_cats_sick

Contributor

Registered: 2016-03-15

Posts: 81

How to identify a hardnested vulnerable card?

Ok - so does anyone know what proxmark shold return for hf 14a read on a card that is vulnerable to hard nested but not dark side?

Does that mean I need to have a card which works with 12 byte keys and old Mifare classic readers AND have a set of AES keys for another application within the same card?  Or one or the other?

I have SL1 Mifare Plus cards and reader software to change security levels.  I am a bit confused though, does a vulnerable Mifare Plus have two apps, both classic 12 byte keys and AES keys for a second app?  Or are the Mifare plus cards PRNG in the card itself the only thing that is stopping the original attacks?

iceman

Administrator

Registered: 2013-04-25

Posts: 9,501

Website

Re: How to identify a hardnested vulnerable card?

You should run the "hf mf mifare" darkside attack.  It will tell you if the card is vuln to it.  if not, then you can try the hardnested but you still need one known key.

my_fair_cats_sick

Contributor

Registered: 2016-03-15

Posts: 81

Re: How to identify a hardnested vulnerable card?

Well, yes that makes sense.  More specifically - I'm wondering if its possible to order these cards?  I have tried explaining that I want a card which works with 12 byte keys old Mifare classic readers AND have a set of AES keys for another application within the same card?  Or one or the other?

Someone else said that Mifare plus using AES in SL1 is vulnerable to hardnested, but that doesn't make sense to me either because the values passed to hard nested are 12 bytes long.

Still confused a bit here (or a just can't find a manufacturer that understands me).