Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2016-11-02 13:43:57

Onisan
Contributor
From: London
Registered: 2016-07-18
Posts: 88

Mifare 1K Magic Fob darkside and hardnested attacks

Hi, I have a number of the UID Changeable Mifare Classic 1K Fobs.

If I change all the sector keys except one to an unknown then the Hard Nested attack (MFOC) can recover all the other sectors.
Great so far!

Now if I set the fob so that all sectors are unknown should the Darkside attack (MFCUK) be able to recover one sector?
I don't seem to be able to recover when there is no known key so wanted to work out if that's because Darkside attack doesn't work on these fobs or I am just not doing it right.

They both seem to use the same crypto1 stuff so I wondered if  one attack works, should the other?

Offline

#2 2016-11-03 08:43:15

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: Mifare 1K Magic Fob darkside and hardnested attacks

The short answer is: if one attack works, the other should not.

hf mf mifare exploits implementation errors in the PRNG (Pseudo Random Number Generator) and authentication protocol of older Mifare chips. These implementation errors have been fixed in newer Mifare cards (Mifare Classic EV1 and Mifare Plus).

hf mf hardnested exploits weaknesses in the crypto1 algorithm itself and therefore works with the newer cards. However, hf mf hardnested needs lots of randomness which is not provided by the broken PRNG of older Mifare cards.

Offline

#3 2016-11-04 15:41:39

Onisan
Contributor
From: London
Registered: 2016-07-18
Posts: 88

Re: Mifare 1K Magic Fob darkside and hardnested attacks

Ah, OK that explains it, Thank you Piwi,
My issue is I have a Chinese Magic fob but it has no known keys (it's a duplicate door fob).
the only way for me to get further duplicates is to go to the source company.
I don't believe that Darkside works on these cards so I guess I'm just out of luck.

Offline

#4 2016-11-04 15:55:06

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Mifare 1K Magic Fob darkside and hardnested attacks

If you have a chinese magic fob, you can just read it all with the "hf mf c*" commands given your fob uses the backdoor cmds.

Offline

Board footer

Powered by FluxBB