Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2016-05-05 09:40:39

roman921
Contributor
Registered: 2015-06-21
Posts: 48

Hardnested attack with ACR122U

I learned on this forum that a new attack for hardnested emulated mifare classic.
Tell me how to perform this attack on acr22u
I want to compile this https://github.com/aczid/crypto1_bs tools libnfc_crypto1_crack for hacking mifare classic emulating.

I want to compile your program libnfc_crypto1_crack.
But i get error: not found #include < nfc/nfc.h >.
How this fixed and compile this project ?
Do I understand correctly that this program libnfc_crypto1_crack can without proksmarka, without sniffing, hack mifare classic emulated card?
I will appreciate if you send me a compiled program.

Last edited by roman921 (2016-05-05 15:18:28)

Offline

#2 2016-05-05 15:53:26

osys
Contributor
From: Nearby
Registered: 2016-03-28
Posts: 62

Re: Hardnested attack with ACR122U

Hi Roma! You need to gather nonces using the reader. The rest is done on PC side thanks to aczid bitslicing implementation.

Offline

#3 2016-05-05 17:03:28

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: Hardnested attack with ACR122U

@aczid has released a libnfc version,  check out it on his github

Offline

#4 2016-05-05 17:53:03

roman921
Contributor
Registered: 2015-06-21
Posts: 48

Re: Hardnested attack with ACR122U

iceman wrote:

@aczid has released a libnfc version,  check out it on his github

Iceman, i see this https://github.com/aczid/crypto1_bs in @aczid github, but this only project hardnested without libnfc.
Do you can me help to find link on libnfc and manual about install on Windows or Kali Linux.

Your advice Windows or Kali Linux uses better ?

Last edited by roman921 (2016-05-05 17:53:35)

Offline

#5 2016-05-05 17:58:08

osys
Contributor
From: Nearby
Registered: 2016-03-28
Posts: 62

Re: Hardnested attack with ACR122U

Hi Roma, again! First of all you should use Linux to achieve the best performance.

Offline

#6 2016-05-05 18:05:01

roman921
Contributor
Registered: 2015-06-21
Posts: 48

Re: Hardnested attack with ACR122U

osys wrote:

use Linux

I use Kali Linux with installed mfoc,mfuck.
I download this https://github.com/aczid/crypto1_bs
I try install this: make -f Makefile but i get errors.
Do you can me send to compile program about hardnested.
I want to compile libnfc_crypto1_crack.c

Last edited by roman921 (2016-05-05 18:05:27)

Offline

#7 2016-05-05 18:09:07

osys
Contributor
From: Nearby
Registered: 2016-03-28
Posts: 62

Re: Hardnested attack with ACR122U

Take a closer look at making libnfc_crypto1_crack.c in particular.

Offline

#8 2016-05-05 18:51:34

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: Hardnested attack with ACR122U

If you want support on that code, open a issue on github and hope for the best.

Offline

#9 2016-05-05 20:31:45

roman921
Contributor
Registered: 2015-06-21
Posts: 48

Re: Hardnested attack with ACR122U

iceman wrote:

If you want support on that code, open a issue on github and hope for the best.

Yes, support help me yet. I compile program on kali linux 32 bit but on this system program don't work. Support give me advise install 64 bit kali linux.

Can you send me log this program when your work succesfull and find key To compare me and understand that everything is going well

Offline

#10 2016-05-05 20:35:23

osys
Contributor
From: Nearby
Registered: 2016-03-28
Posts: 62

Re: Hardnested attack with ACR122U

Here is the proxmark3 device forum, therefore we don't have an ability to play around reader in particular.
If everything goes well, Roma, you will get the sector key wink

Offline

#11 2016-07-30 00:55:10

my_fair_cats_sick
Contributor
Registered: 2016-03-15
Posts: 81

Re: Hardnested attack with ACR122U

Is there a way to tell with LibNFC tools here that its a hardened Mifare Card and not vuln to MFOC/MFCUK, similar to how the proxmark can find that?  I didn't know if the proxmark started collected nonces first and analysed that to tell, or if it could tell simply from the SAK or anti-collision phase.

Offline

#12 2016-07-30 09:33:02

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: Hardnested attack with ACR122U

The detection of a hardend prng is inside the PM3's darkside attack,  as this can be one of the reasons for the darkside attack to fail.   It will print a message about it.   To have a general detection is not really needed, since we always try the darkside among the first things we do when researching a mifare classic tag.

Offline

#13 2016-07-31 12:45:33

my_fair_cats_sick
Contributor
Registered: 2016-03-15
Posts: 81

Re: Hardnested attack with ACR122U

Correct - I was simply hoping to avoid waiting for the full attack to run via LibNFC before attempting the hardnested.    I know it determines something based on the PRNG but was just curious how it did that, whether there is some info about that in the inital response bytes or it actually does some quick analysis on the data returned and can tell its not the predictable PRNG somehow.  I see that after looking at the code more closely its actually analyzing the returned nonces and making a determination that its not predictable in a way that they should be.  I would like to have this same capability with LibNFC tools and I might look into replicating that on that side - just wanted to make sure that doesn't already exist.

Last edited by my_fair_cats_sick (2016-07-31 13:06:36)

Offline

#14 2016-07-31 13:06:04

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: Hardnested attack with ACR122U

Since the prng is implemented in the code, you can predict all nonces in a sequence given the start value.
The current imp of darkside tries 4 times to find a predicted nonce,  if it can't find a nonce within those four times it assume that the tag has a different prng-impl ie a newer hardend prng.

Offline

Board footer

Powered by FluxBB